biometric cryptosystems presenters: yeh po-yin yang yi-lun
TRANSCRIPT
Biometric Cryptosystems
Presenters:
Yeh Po-Yin
Yang Yi-Lun
Cryptosystem
User authenticationCryptographic keys
Login password
RSA Public keys
Cryptographic Keys
Long and random
Stored somewhereComputer
Smart card
Released base on user password
User password
Short and simple
Easily guessed“password”
Same as account
Birth date
Tel #
Use the same password everywhere
What if?
A single password is compromised while user uses the same password across different applications?
A complex password is written down some easily accessible locations?
The device which stores the cryptographic keys had been cracked?
Traditional cryptosystems
Base on secret keys
Forgotten
Lost
Stolen
Repudiation
Biometric authentication
More reliable
Can not be lost or forgotten
Difficult to copy, share, and distribute
Hard to forge
Unlikely to repudiate
Relatively equal security level
Biometric
No biometric is optimal
Depends on the requirement of the application
Comparison of biometricsProperties
Universality
Distinctiveness
Permanence
Collect ability
AttributesPerformance
Acceptability
Circumvention
Biometric signal variations
Inconsistent presentation
Irreproducible presentation
Imperfect signal acquisition
Biometric Matcher
Exact match is not very useful
Aligning
Matching score
Fingerprint Identify minutiae neighbors
Performance
Two type of errorsFalse match ( false accept )
False non-match ( false reject )
Error ratesFalse match rate ( FMR )
False non-match rate ( FNMR )
Tradeoff relation
Biometric keys
Biometric-based authentication
User authenticationBiometric component
Cryptographic systemKey release on positive match
Biometric key database
Cryptographic key
User name
Biometric template
Access privileges
Other personal information
What if?
The theft of biometric data crack into the biometric key database?
Hacking Attack
Definition
Hacker
Cracker
AttackDisturbance
Block
Incursion
Attacking Step
Decide targetEasy
Worth
Purpose
Gain informationFirewall
System
Detect pathPing
Traceroute
Hopping site
Bot
Make incursion
Types of attack
Interruptionattack on availability
Interceptionattack on confidentiality
Modificationattack on integrity
Fabricationattack in authentication
Reference 資安演習防護講義
Common form of attack
Denial of Service (DoS) attacks
Distributed Denial of Service (DDoS) attacks
Trojan Horse
Virus
Websites
Worm
Sniffing
Spoofing
Bug
Buffer overflow
Protection
Firewall
Antivirus program
Update
Close non-necessary program
Close non-necessary internet service
Scan computer
Back to biometric keys
Is it possible to issue a new biometric template if the biometric template in an application is compromised?
Is it possible to use different template on different applications?
Is it possible to generate a cryptographic key using biometric information?
Solving Q1 and Q2
Store H(x) instead of x
H is the transform function
x is the original biometric signal
Solving Q3
Hide the key within the user’s biometric template
Biometric key generation or binding
Bind a private key into the user biometric information
Both key and biometric are inaccessible to attacker
No biometric matching at all
Conclusion
Combining difficulties
Existing biometric authentication technologies is not perfect
Difficult to align the representations in the encrypted domain
Should not have systematic correlation between the identity and the key
Reference
Umut Uludag, Sharath Pankanti, Salil Probhakar, and Anil K. Jain “Biometric Cryptosystems: Issues and Challenges”, Proceedings of IEEE, 2004
Uludag U, Anil Jain “ Securing Fingerprint Template: Fuzzy Vault with Helper Data”, Computer Vision and Pattern Recognition Workshop, 2006 Conference on
http://www.crucialp.com/resources/tutorials/website-web-page-site-optimization/hacking-attacks-how-and-why.php
資安演習防護講義http://www.hacker.org.tw/?c=articles_show&articleid=882
http://www.gamez.com.tw/viewthread.php?tid=58607
http://www.symantec.com/region/tw/enterprise/article/todays_hack.html