1 / 25

IST-2002-506883 Secure contracts signed by mobile Phone

IST-2002-506883 Secure contracts signed by mobile Phone. SecurePhone : a mobile phone with biometric authentication and e-signature support for dealing secure transactions on the fly. Jacques Koreman, ISK. What is a SecurePhone?.

natane
Télécharger la présentation

IST-2002-506883 Secure contracts signed by mobile Phone

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IST-2002-506883 Secure contracts signed by mobile Phone SecurePhone: a mobile phone with biometric authentication and e-signature support for dealing secure transactions on the fly Jacques Koreman, ISK

  2. What is a SecurePhone? • Mobile communications device that enables exchange of text/audio documents during a phone call to draw legally valid transactions. • Secure communication uses e-signing in a system using front-edge technologies (wireless networking, double-key cryptography). • Biometric recogniser enables strong authentication by comparing live biometric features with models trained on enrolment data. • Biometric authentication grants access to built-in e-signing facilities integrated on the PDA/SIM.

  3. Presentation Outline • SecurePhoneconcept and use • Project aim 1: secure exchange • Project aim 2: biometric recognition • on PDA, high performance • on SIMcard, proof-of-concept • Conclusion • Outlook

  4. Project aim 1: secure exchange • Secure PKI (personal key infrastructure) • Public key encryption technology is used for e-signature, i.e. to enforce data integrity and non-repudiation • Standard e-signature certificates and proce-dures are used for certificate verification and management, so documents e-signed by means of the SecurePhone have the same legal validity as documents e-signed by other means.

  5. Secure architecture • SIM card used as a tamper-proof device for storage of private key ("strong signature" if the correspond-ing digital certificate is issued by a valid CA). • Storage of biometric templates and matching • on a TTP server (ToS/MoS): not implemented • on the PDA/host (ToH/MoH): implemented • on the SIM card (ToC/M0C): proof-of-concept • Only ToC+MoC meets requirements on • security • privacy and user acceptance

  6. User scenario • During a phone call, two SecurePhone end users (actors) agree on drawing a distance contract. • One actor (proposer) sends an e-contract (text/audio file) to the other actor (endorser) . • In case of text files, the e-contract can be interactively modified and transmitted back and forth until a formal agreement on its contents is reached • To finalize the m-transaction, the endorser e-signs and sends the e-contract as evidence of formal acceptance of the terms contained therein. • Depending on the e-contract type, the proposer may also be requested to e-sign the e-contract.

  7. Project aim 2: biometric verification • Local authentication unlocks cryptographic functions by accessing the private key securely stored on the SIM card • PIN- or password-based authentication admissible yet weak  unsatisfactory for security-critical applications (e-commerce, e-health, e-government) • Local authentication strengthened in order to increase user’s trust in the system by combining • WYK: a token only the user knows (signature) • WYH: a token the user holds (PDA with SIMcard) • WYA: biometric identity

  8. Password are not reliable enough EER miss probability (%)false rejection rate (%) false acceptance rate (%)false alarm probability (%) DET curve (detection error tradeoff)Alvin Martin et al. (1997). The DET curve in assessment of detection task performance, www.nist.gov/speech/publications/ "Open, Sesame!"

  9. Fusion of multiple modalities The Incredibles

  10. Properties of biometrics Two types of biometrics: • physical • behavioural variation!(due to repetitions, sessions, channel, background noise)

  11. Why face, voice and signature? These biometrics have a high user acceptance: • chosen biometrics are user-friendly • very short enrolment session • capture does not require special hardware • difficult to impostorise all three modalities • biometric profile remains local, guaranteeing privacy • processing of the biometric data also local (privacy)

  12. 7 9 8 5 1 Press to start/stop speaking start/stop User verification procedure • User requests identity verification • PDA requests user to • read prompt: face + voice • sign signature • Feature processing applied to each modality • Comparison to biometric profiles of client and impostors • Verification decision: accept/reject

  13. Multi-modal biometric verification face voice signature preprocessing preprocessing preprocessing modelling modelling modelling fusion client & impostor joint-score models accept  release private key reject

  14. Voice verification • Fixed 5-digits prompt – conceptually neutral, easily extendable • 22 KHz sampling • Online energy based non-speech frame removal • MFCCs with online CMS and first-order time difference features (10-ms frames) • Features modelled by 100-Gaussian GMM, with UBM for model initialisation and score normalisation • Training on data from 2 indoor and 2 outdoor recordings from one session, testing on similar data from another session

  15. Face verification • Static face recognition using 10 grey-scale images selected at random, 160x192 pixels • Histogram equalisation and z-score normalisation of features • Haar LL4 (or LH4) wavelet features – fast to compute (esp. compared to facial definition parameters) • Features modelled by 4-Gaussian GMM, with UBM for model initialisation and score normalisation • Training on data from 2 indoor and 2 outdoor recordings from one session, testing on similar data from another session

  16. Signature verification • Shift normalisation, but no rotation or scaling • 2D coordinates (100 Hz) augmented by time difference features, curvature, etc. – total 19 featuresNote: no pressure or angles available, since obtained from PDA’s touch screen, not from writing pad • Fast to compute • Features modelled by 100 Gaussian GMM pdf – UBM used for model initialisation and score normalisation • Training and testing on data from one session

  17. For each modality S(i) = log p(Xi|C) - log p(Xi|I), latter for casual impostors, only signatures impostorised by experts • Best LLR score fusion was obtained forGMM scores modelling, i.e. modelling both client and impostor joint score pdf’s by diagonal covariance GMMs:Fused-score = log p(S|C) - log p(S|I) SHOW DEMO Fusion

  18. Tests on PDAtabase Database recorded on Qtek2020 PDA for realistic conditions (sensors, environment) 60 English subjects: 24 for UBM, 18 for g1, 18 for g2.Accept/reject threshold optimised on g1, then evaluated on g2, and vice versa Video (voice + face): 6 x 5-digit, 10-digit and phrase prompts; 2 sessions, with 2 inside and 2 outside recordings per session Signatures in one session, 20 expert impostorisations each Virtual couplings of audio-visual with signature data Automatic test script to test many possible configuration User just provides executables for feature modelling, scores generation and scores fusion

  19. Performance on PDA DET curves for prompts T1 (5 digits, left), T2 (10 digits, middle) and T3 (short phrases, right) in PDAtabase

  20. Performance on PDA Fusion results (% WER, FAR and FRR) for 3 prompt types T1 = 5 digits, T2 = 10 digits, T3 = short phrases) in the PDAtabase, at three critical points in the DET curve

  21. Implementation constraints • PDA main processor allows speech preprocessing in real time for 22 kHz signalsNote: signal directly from mic, therefore > 8 kHz • Only data on the SIM card is secure, so all biometric models must be stored and processed on the SIM, which has very limited computational resources • SIM model storage limited to 40K: text-dependent promptsNote: text-independent prompts or varied text-dependent prompts are more secure, but would require 200-400K • Enrolment can use only one short indoor session

  22. Performance on SIMcard • SIM processor very slow: single verification 53 min.! • Most time goes to voice and signature processing: large #frames and models with many Gaussians. • Drastic measures needed: global processing. • By using means and standard deviations across all frames in the utterance/signature, the number of frames is reduced to one. • Simpler data require few mixtures for GMM modelling • Single verification now under 1 second, but performance for T1 is now 10.5% EER •  proof-of-concept, but performance must be improved!

  23. Conclusion Deal secure m-contracts during a mobile phone call • secure: PKI with private key stored on SIM card • dependable: multi-modal: voice, face, signature • user-friendly: familiar, intuitive, non-intrusive • flexible: legally binding text/audio transactions • low-cost: no special hardware needed • dynamic: mobile (anytime, anywhere)

  24. If you see a role for biometric recognition in your proposal, do not hesitate to contact me! Outlook • In FP7, many opportunities for security and trust projects • Security and trust do not only depend on the communication channel • but also on the identity of the communication partner • for which biometric recognition can be used

  25. Secure contracts signed by mobile PhoneIST-2002-506883 http://www.secure-phone.info Please take my business card or e-mail me at jacques.koreman@hf.ntnu.no

More Related