1 / 30

Security with Noisy Data

Security with Noisy Data. Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009. OUTLINE Private biometrics Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage Fuzzy extractors General remarks. Private biometrics: intro. What's so private?

ermin
Télécharger la présentation

Security with Noisy Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009

  2. OUTLINE • Private biometrics • Physical Unclonable Functions (PUFs) • PUFs for anti-counterfeiting • PUFs for secure key storage • Fuzzy extractors • General remarks

  3. Private biometrics: intro • What's so private? • fingerprints everywhere • easily photographed • no secrecy! • Biometrics database • access control • identification • How to abuse the database? • impersonation • identity theft • cross-db linking • detectable pathologies • ... yet undiscovered attacks • Insider attacks • db encryption not enough!

  4. Private biometrics: noisy biometrics • How to preserve privacy? • Don't store biometric itself • Store a one-way hash(like UNIX password file) • Attacker has to invert hash • Problem: noise • Measurement never the same twice • Any bit flip ⇒ hash totally changed • Need error correction • Redundancy data may leak! 00101101011110111001... one-wayfunction

  5. Private biometrics: secure error correction [Dodis et al., 2003] Recover SecureSketch Gen hash compare compare • "Fuzzy Extractor" • Uniform string: • Efficient storage • Quick db search • Efficient processing HelperData Reproduce Gen "extractedstring"

  6. OUTLINE • Private biometrics • Physical Unclonable Functions (PUFs) • PUFs for anti-counterfeiting • PUFs for secure key storage • Fuzzy extractors • General remarks

  7. Anti-counterfeiting: introduction The counterfeiting problem • Short history of paper money • 800 AD: China, first bills • 1450 AD: China abolishes paper money • 1601 AD: introduction in Sweden Frightening numbers: 10% of all medication 10% aircraft spare parts

  8. Anti-counterfeiting: think big

  9. Anti-counterfeiting, more voodoo than science Lots of obscurity [Source: Kirovski 2007]

  10. Anti-counterfeiting: a new approach • Traditional approach: • add authenticity mark to product • hard to forge • all marks are identical Er, ... WTF? • Alternative: [Bauder, Simmons < 1991] • unique marks • uncontrollable process • even manufacturer cannot clone • digitally signed • two-step verification • check sig., then check mark • forgery ← cloning / fake signature • allows "open" approach - product info - expiry date - mark details Digital signatureby Authority XYZ

  11. Anti-counterfeiting: PUFs • Physical Unclonable Function (PUF)[Pappu et al. 2001] • physical object • unpredictable challenge-response behaviour • hard to scrutinize without damaging • hard to model mathematically • hard ($) to clone physically, even for manufacturer Use PUF as anti-counterfeiting mark

  12. Anti-counterfeiting: PUF types Examples of anti-counterfeiting PUFs Kirovski et al. 2006 Microsoft research Škorić et al. 2008Philips research Pappu et al. 2001 Buchanan et al. 2005 MIT, Ingenia,Philips research

  13. Anti-counterfeiting: analogy with biometrics • Simplest case: • mark is not secret • use "distance" between measurements • no error correction • Without added mark: • mark is part of product • mark not really secret • but ... preserve "privacy" of product • noisy measurements Just like biometrics. Use fuzzy extractor!

  14. OUTLINE • Private biometrics • Physical Unclonable Functions (PUFs) • PUFs for anti-counterfeiting • PUFs for secure key storage • Fuzzy extractors • General remarks

  15. Secure key storage: intro • Problem: • Many devices need secret keys • authentication • encryption / decryption • signing • Digital key storage • 0/1 often distinguishable • invasive attacks • Alternative approach: Derive key from PUF • more opaque than digital memory • extract key when needed, then wipe from RAM • invasive attack ⇒ key destroyed

  16. Secure key storage: PUFs "Physically Obscured Key" (POK)[Gassend et al. 2003] • Physical Unclonable Function (PUF) • physical object • unpredictable challenge-response behaviour • hard to scrutinize without damaging • hard to model mathematically • hard ($) to clone physically, even for manufacturer PUF Sensor EEPROM Integrated - Helper data - EK[Device secrets] reproduce K Crypto processor

  17. Secure key storage: PUF types TiO2 TiN Silicon PUF[Gassend et al. 2002] Coating PUF [Posch 1998; Tuyls et al. 2006] Integrated optical PUF [Ophey et al. 2006] S-RAM PUF [Guajardo et al., Su et al. 2007] FPGA "butterfly" [Kumar et al. 2008]

  18. OUTLINE • Private biometrics • Physical Unclonable Functions (PUFs) • PUFs for anti-counterfeiting • PUFs for secure key storage • Fuzzy extractors • General remarks

  19. Fuzzy Extractors: intro • Required for e.g. • privacy preserving biometrics • anti-counterfeiting with "product privacy" • PUF-based key storage Dodis et al. 2003 Juels+Wattenberg 1999Linnartz+Tuyls 2003 • Properties • Secrecy and uniformity: Δ(WS; WU) ≤ ε. • "S given W is almost uniform" • Correctness: If X' sufficiently close to X, then S'=S. • Robustness [Boyen et al. 2005]:Detection of active attack against W noisy

  20. Fuzzy Extractors: high-level look at helper data Enrolment phase Gen(X) = {S, W} X W S X: measurementW: helper dataS: region index (extracted secret) X sufficiently "smooth" ⇒ W reveals little or nothing about S

  21. Fuzzy Extractors: high-level look at helper data Reproduction phase Rep(X',W) = S X' W S

  22. Fuzzy Extractors: necessity of helper data • Enrolments happen after fixing grid • Some X inevitably on boundary • noise can go either way • Helper data removes the ambiguity You need helper data. You really do.

  23. Fuzzy Extractors: active attacks • Active Attack: Modify W • accept wrong X' • accept key S' ≠ S • Defense: • TTP's signature on W. • But ... what if there's no PKI?Use secret S itself to authenticate W ! • hash(W||S). [Boyen 2005] • random oracle assumption • Sacrifice part of S as authentication key. • S = S1 || S2. • MAC(S1, W) (sort of) [Dodis et al. 2006] • information-theoretic security if X has sufficient entropy rate

  24. Fuzzy Extractors & PUFs: variety of disciplines information theory physics FUZZYEXTRACTIONFROM PUF crypto error-correcting codes security engineering

  25. OUTLINE • Private biometrics • Physical Unclonable Functions (PUFs) • PUFs for anti-counterfeiting • PUFs for secure key storage • Fuzzy extractors • General remarks

  26. General remarks: PUF proliferation optical PUF coating PUF Silicon PUF optical fiber PUF RF COA LC-PUF S-RAM PUF Arbiter PUF fluorescent PUF Delay PUF Butterfly PUF diode breakdown PUF reconfigurable PUF acoustic PUF controlled PUF phosphor PUF ...

  27. General remarks: PUF family tree MvD

  28. General remarks: after years of preaching the PUF gospel ...

  29. General remarks: ¥€££$ Making money from security with noisy data Philips spin-off Philips spin-off MIT spin-off Imperial College Londonspin-off

  30. Summary • Noisy sources of key material • privacy preserving storage of biometric data • anti-counterfeiting • secure key storage with PUFs • Fuzzy extractors • extract key from noisy source • reproducibility • secrecy of output • resilience against attacks on helper data • Subject becoming more popular • Not just theory, also $$$

More Related