Biometric Cryptosystems

Seminar by Sylvain Blaisfor COMP4109

INTRODUCTION

• All cryptosystems requires some sort of user authentication

• Key management system needs a way to release a cryptographic key.

• Are current systems secure enough?

• Biometrics solves many security issues but it is very challenging

• Encryption/Decryption using biometrics

CONTENT

• Background on biometrics

• Overview of key concepts in biometric cryptosystems(BCS)

• Description of current schemes including examples

• Quiz

BACKGROUND ON BIOMETRICS • Science of measuring and analyzing human characteristics

• Physiological traits

• Behavioural traits

• Specific hardware are used to extract those features

• Mostly used as form of identity authentication

• They are UNIQUE!! and they CAN’T BE LOST!!

BACKGROUND ON BIOMETRICS

• Information need to be shared with a trusted 2nd-party

• Biometric data need to be stored in a secure database

• More than one biometric templates might be required

• No biometrics are optimal

BACKGROUND ON BIOMETRICS

Comparison of Various Biometric Technologies[2]High / Medium / Low

BACKGROUND ON BIOMETRICS

• New research field: Biometric cryptosystems

• Research goals:

• How to generate cryptographic keys out of biometric measurements

• how to hide and retrieve user-specific cryptographic keys in and out of biometric data

• how to generate several forms of biometric templates from a single biometric measurement

BACKGROUND ON BIOMETRICS

• Current cryptosystems depends on the secrecy of the secret or private key and authentication is possession-based

• Systems don’t know if the user is a legitimate person or an attacker.

• Biometrics replaces password-based authentication

• They can also be used to generate a cryptographic key or biometric hash

KEY CONCEPTS IN BCS

• Matching process in a password-based authentication system is not difficult to engineer because the result is perfectly calculated

• In biometrics, two measurements of the same person’s biometrics cannot be expected to be equal

• The challenge lies in finding the trade-off between amount of fuzziness the system can handle and the security it provides

• One way to deal with fuzziness => finding significant biometric features

- Biometric Variance -

KEY CONCEPTS IN BCS

• Biometric Sensor

• Feature Extraction

• Database

• Biometric Matcher

- Biometric Authentication Systems -

- Two processes are involved: Enrollment and Authentication

KEY CONCEPTS IN BCS

Biometric Authentication system diagram[4]

KEY CONCEPTS IN BCS

• Two type of errors: False Acceptance and False Rejection

- Performance Measurement -

Measure Description

False Acceptance Rate (FAR) Ratio between numbers truly non-matchingsamples which are matched by the systemand total number of tests (including to firsttwo rates as well)

False Rejection Rate (FRR) Ratio of truly matching samples, which arenot matched by the system and total numbersof tests (including to first two rates as well)

Equal Error Rate (EER) The point on the error rate diagrams whereFAR and FRR are equivalent.

KEY CONCEPTS IN BCS

• Biometric component performs user authentication while a generic cryptosystem handles the other components => Biometric key release

• But this can method creates a few issues...

- Biometric Key -

KEY CONCEPTS IN BCS

• Hide a cryptographic key within the user’s biometric template => Biometric key generation and key binding

• Again no solution is perfect

- Biometric Key -

KEY CONCEPTS IN BCS

• 3 type of schemes in BCS:

• Key Release Scheme

• Key Generation Scheme

• Key Binding Scheme

DESCRIPTION OF BCS SCHEMES

• Biometric authentication decoupled from the cryptographic part of the system.

• Easy to implement but not used frequently because of major vulnerabilities:

• Template needs to be stored in database which means it can be stolen

• Change to the biometric matching process

• Cryptographic key has to be stored as part of the template

• Not appropriate for high security application

- Key Release Scheme -

DESCRIPTION OF BCS SCHEMES

• User’s key is directly derived from the user’s biometric data so it doesn’t have to be stored anywhere!

• Helper data: public biometric-dependent information

• Helper data doesn’t contain anything about the original biometric template

• Helper data are derived using either Key Generation systems or Key Binding systems

- Key Generation and Binding Schemes -

DESCRIPTION OF BCS SCHEMES

• Helper data are obtained by binding a secret key to a biometric template.

• Keys are obtained at authentication by applying a key retrieval algorithm

• One of the most popular BCS is a key binding system called Fuzzy Vault

- Key Binding Scheme -

DESCRIPTION OF BCS SCHEMES

• Introduced by Ari Juels and Madhu Sudan from RSA Laboratories in 2002.

• Alice place a secret value k in a fuzzy vault and ‘lock’ it using a set of A elements from some public universe U.

• If Bob tries to ‘unlock’ the vault using a set B of similar length, he obtains k only if B overlap substantially over A.

• Fuzzy vault is a form of error-tolerant encryption operation where keys consists of sets which are biometric templates in a biometric implementation.

- Key Binding Scheme: Fuzzy Vault -

DESCRIPTION OF BCS SCHEMES

- Key Binding Scheme: Fuzzy Vault -

Enrollment Authentication

Biometric Input Biometric Input

Feature Set A

Feature Set B

Secret k

Polynom p

Secret k’Polynom p’

Vault

Error Correcting

Code Chaff Points

Template

DESCRIPTION OF BCS SCHEMES

• The security of the whole scheme lies with the unfeasibility of the polynomial reconstruction and the number of applied chaff points.

• Multiple schemes based on Fuzzy Vault have been proposed using different biometrics.

• Results are measured using FRR and FAR

- Key Binding Scheme: Fuzzy Vault -

DESCRIPTION OF BCS SCHEMES

• Generating keys directly out of biometric templates

• No implementation of this scheme as of now exist

• Biometric characteristics doesn’t provide enough information to extract a reliable, updatable key without the use of any helper data.

• The Quantization schemes were proposed by various authors, each using the same basics idea.

- Key Generation Schemes -

DESCRIPTION OF BCS SCHEMES

- Quantization Schemes -

EnrollmentAuthentication

Biometric Inputs

Biometric Input

Feature Extraction

Interval Mapping

Interval Definition

Feature Extraction

Intervals

Interval Encoding

Template

Hash or Key

DESCRIPTION OF BCS SCHEMES

• There are other concepts and approaches in biometric cryptography which are currently researched. Ex. Cancelable biometric

• Most BCS are still in the development phases but some first deployments are available. Ex Genkey - fingerprint-key generation solutions

• Identity theft and fraud will rise the demands for stronger security schemes involving biometrics

• Research still need to be conducted in the field of biometric cryptosystems

CONCLUSION

Questions?

REFERENCES

[1] Uludag U., Pankanti S., Prabhakar S., Jain A.K. “Biometric Cryptosystems: Issues and Challenges”, Preceeding of the IEEE, vol 92, no.6 June 2004

[2] Rathgeb C., Uhl C., “A survey on biometric cryptosystems and cancelable biometrics”, EURASIP Journal on Information Security, 2011

[3] Rathgeb C., “Iris-based Biometric Cryptosystems” Doctorat thesis presented to the Department of Computer Science at the University of Salzburg, Autria, November 2008

[4]Biometric system diagram.png from Wikimedia Commons. Permission granted under the GNU Free Documentation Licence.http://en.wikipedia.org/wiki/File:Biometric_system_diagram.png

QUIZ

1. Name 1 physiological and 1 behavioural trait used in biometric cryptosystems?

2. Name the 2 main processes involved in biometric cryptosystems?

3. True or False. You improved your biometric cryptosystem algorithm by adjusting your error threshold to lower both your false acceptance rate(FAR) and false rejecting rate(FRR).

5. In the biometric cryptosystem Fuzzy Vault scheme, how is the ‘vault’ created?

4. What is one of the greatest challenge when dealing with biometric cryptosystems?(hint: think about biometrics measurements)