1 / 39

A Fuzzy Commitment Scheme

C. A Fuzzy Commitment Scheme. Ari Juels RSA Laboratories. Marty Wattenberg 328 W. 19th Street, NYC. Biometrics. Biometric authentication : Computer Authentication through Measurement of Biological Characteristics. Fingerprint scanning. Iris scanning. Voice recognition.

xander-hebert
Télécharger la présentation

A Fuzzy Commitment Scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. C A Fuzzy Commitment Scheme Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC

  2. Biometrics

  3. Biometric authentication:Computer Authentication through Measurement of Biological Characteristics

  4. Fingerprint scanning • Iris scanning • Voice recognition • Face recognition • Body odor Types of biometric authentication • Many others... Authenticating...

  5. Alice Alice Enrollment / Registration Template t

  6. Alice Alice Enrollment / Registration Server

  7. Alice Authentication Server

  8. Alice Alice Authentication Server

  9. Alice Server verifies against template ? 

  10. The Problem...

  11. Alice Template theft

  12. First password Second password Limited password changes

  13. Alice Alice Templates represent intrinsic information about you Theft of template is theft of identity

  14. Towards a solution

  15. h h(“password”) “Password” UNIX protection of passwords “password” “password”

  16. Alice Alice Alice Template protection? h h( )

  17. Alice Fingerprint is variable • Differing angles of presentation • Differing amounts of pressure • Chapped skin Don’t have exact key!

  18. ( ) C C Alice Alice We need “fuzzy” commitment

  19. Seems counterintuitive • Cryptographic (hash) function scrambles bits to producerandom-looking structure, but • “Fuzziness” or error resistance means high degree of local structure

  20. Error Correcting Codes

  21. “ Alice, I love… crypto ” s Alice Noisy channel Bob

  22. “ 110 ” Alice Error correcting codes Bob

  23. C M g 111 111 000 110 c 3 bits 9 bits g Message space Codeword space Function g adds redundancy Bob

  24. “ 111 111 000 ” 1 Alice 0 Error correcting codes Bob

  25. C f 111 111 000 f c Alice Function f corrects errors 101 111 100

  26. M C g-1 Alice gets original, uncorrupted message 110 Alice Alice uses g-1to retrieve message c 9 bits 3 bits

  27. Constructing C

  28. g Alice Idea: Treat template like message W C(t) = h(g(t))

  29. What do we get? • “Fuzziness” of error-correcting code • Security of hash function-based commitment

  30. Problems Davida, Frankel, and Matt (‘97) • Results in very large error-correcting code • Do not get good fuzziness • Cannot prove security easily • Don’t really have access to “message”!

  31. Our (counterintuitive) idea: • Express template as “corrupted” codeword • Never use message space!

  32. Express template as “corrupted” codeword W t = w +  w t

  33. h(w)  Idea: hash most significant part for security t = w +  Idea: leave some local information in clear for “fuzziness”

  34. How we use fuzzy commitment...

  35. C Alice (h(w),) Computing fuzzy hash oftemplate t • Choose w at random • Compute  = t - w • Store (h(w), ) as commitment

  36. Alice ?  Verification of fingerprint t’ • Retrieve C(t) = (h(w), ) • Try to decommit using t’: • Compute w’ = f(t’ - ) • Is h(w’) = h(w)?

  37. Alice • Provably strong security • I.e., nothing to steal C C Characteristics of • Good fuzziness (say, 17%) • Simplicity

  38. Open problems • What do template and error distributions really look like? • What other uses are there for fuzzy commitment? • Graphical passwords

  39. Questions?

More Related