Download
1 / 39
390 likes | 540 Vues
The Fuzzy Commitment Scheme by Ari Juels and Marty Wattenberg enhances biometric authentication by addressing the vulnerabilities of template theft. Utilizing error-correcting codes and cryptographic hash functions, this method allows for secure storage and retrieval of biometric templates. By treating the templates as "corrupted" codewords, it offers a robust mechanism against identity theft while maintaining user convenience. Key biometric modalities include fingerprint, iris, voice, and face recognition. The scheme emphasizes the need for "fuzziness" in error resistance, promoting strong security without compromising user identity.
E N D
C A Fuzzy Commitment Scheme Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC
Biometric authentication:Computer Authentication through Measurement of Biological Characteristics
Fingerprint scanning • Iris scanning • Voice recognition • Face recognition • Body odor Types of biometric authentication • Many others... Authenticating...
Alice Alice Enrollment / Registration Template t
Alice Alice Enrollment / Registration Server
Alice Authentication Server
Alice Alice Authentication Server
Alice Server verifies against template ?
Alice Template theft
First password Second password Limited password changes
Alice Alice Templates represent intrinsic information about you Theft of template is theft of identity
h h(“password”) “Password” UNIX protection of passwords “password” “password”
Alice Alice Alice Template protection? h h( )
Alice Fingerprint is variable • Differing angles of presentation • Differing amounts of pressure • Chapped skin Don’t have exact key!
( ) C C Alice Alice We need “fuzzy” commitment
Seems counterintuitive • Cryptographic (hash) function scrambles bits to producerandom-looking structure, but • “Fuzziness” or error resistance means high degree of local structure
“ Alice, I love… crypto ” s Alice Noisy channel Bob
“ 110 ” Alice Error correcting codes Bob
C M g 111 111 000 110 c 3 bits 9 bits g Message space Codeword space Function g adds redundancy Bob
“ 111 111 000 ” 1 Alice 0 Error correcting codes Bob
C f 111 111 000 f c Alice Function f corrects errors 101 111 100
M C g-1 Alice gets original, uncorrupted message 110 Alice Alice uses g-1to retrieve message c 9 bits 3 bits
g Alice Idea: Treat template like message W C(t) = h(g(t))
What do we get? • “Fuzziness” of error-correcting code • Security of hash function-based commitment
Problems Davida, Frankel, and Matt (‘97) • Results in very large error-correcting code • Do not get good fuzziness • Cannot prove security easily • Don’t really have access to “message”!
Our (counterintuitive) idea: • Express template as “corrupted” codeword • Never use message space!
Express template as “corrupted” codeword W t = w + w t
h(w) Idea: hash most significant part for security t = w + Idea: leave some local information in clear for “fuzziness”
C Alice (h(w),) Computing fuzzy hash oftemplate t • Choose w at random • Compute = t - w • Store (h(w), ) as commitment
Alice ? Verification of fingerprint t’ • Retrieve C(t) = (h(w), ) • Try to decommit using t’: • Compute w’ = f(t’ - ) • Is h(w’) = h(w)?
Alice • Provably strong security • I.e., nothing to steal C C Characteristics of • Good fuzziness (say, 17%) • Simplicity
Open problems • What do template and error distributions really look like? • What other uses are there for fuzzy commitment? • Graphical passwords
