a fuzzy commitment scheme
DESCRIPTION
C. A Fuzzy Commitment Scheme. Ari Juels RSA Laboratories. Marty Wattenberg 328 W. 19th Street, NYC. Biometrics. Biometric authentication : Computer Authentication through Measurement of Biological Characteristics. Fingerprint scanning. Iris scanning. Voice recognition. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/1.jpg)
Ari Juels RSA Laboratories
Marty Wattenberg 328 W. 19th Street,
NYC
A Fuzzy Commitment Scheme
![Page 2: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/2.jpg)
Biometrics
![Page 3: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/3.jpg)
Biometric authentication:Computer Authentication through
Measurement of Biological Characteristics
![Page 4: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/4.jpg)
Fingerprint scanning Iris scanning Voice recognition
Types of biometric authentication
Many others...
Face recognition Body odor
Authenticating...
![Page 5: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/5.jpg)
Enrollment / Registration
Template t
Alice
![Page 6: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/6.jpg)
Enrollment / Registration
AliceServer
![Page 7: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/7.jpg)
Authentication
Server
![Page 8: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/8.jpg)
Authentication
AliceServer
![Page 9: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/9.jpg)
Server verifies against template
?
![Page 10: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/10.jpg)
The Problem...
![Page 11: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/11.jpg)
Template theft
![Page 12: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/12.jpg)
Limited password changes
First password
Second password
![Page 13: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/13.jpg)
Templates represent intrinsic information about you
Alice
Theft of template is theft of identity
![Page 14: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/14.jpg)
Towards a solution
![Page 15: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/15.jpg)
“password”
UNIX protection of passwords
“password” h(“password”)
“Password”
![Page 16: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/16.jpg)
Template protection?
h( )
![Page 17: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/17.jpg)
Fingerprint is variable
Differing angles of presentation Differing amounts of pressure Chapped skin
Don’t have exact key!
![Page 18: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/18.jpg)
We need “fuzzy” commitment
( )
![Page 19: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/19.jpg)
Seems counterintuitive
Cryptographic (hash) function scrambles bits to produce random-looking structure, but
“Fuzziness” or error resistance means high degree of local structure
![Page 20: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/20.jpg)
Error Correcting Codes
![Page 21: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/21.jpg)
Noisy channel
AliceBob
“ Alice, I love… crypto ”s
![Page 22: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/22.jpg)
Error correcting codes
AliceBob
“ 110 ”
![Page 23: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/23.jpg)
g110 111 111 000
Function g adds redundancy
Bob
M
3 bits
C
9 bits
c
Message spaceCodeword space
g
![Page 24: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/24.jpg)
Error correcting codes
AliceBob
“ 111 111 000 ”0 1
![Page 25: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/25.jpg)
101 111 100 111 111 000 f
c
C
Function f corrects errors
Alice f
![Page 26: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/26.jpg)
Alice uses g-1 to retrieve message
9 bits
CM
3 bits
Alice
g-1
cAlice gets original, uncorrupted message
110
![Page 27: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/27.jpg)
Constructing C
![Page 28: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/28.jpg)
Idea: Treat template like message
W
g
C(t) = h(g(t))
![Page 29: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/29.jpg)
What do we get?
“Fuzziness” of error-correcting code Security of hash function-based
commitment
![Page 30: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/30.jpg)
Problems
Davida, Frankel, and Matt (‘97) Results in very large error-correcting
code Do not get good fuzziness Cannot prove security easily Don’t really have access to “message”!
![Page 31: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/31.jpg)
Our (counterintuitive) idea:
Express template as “corrupted” codewordNever use message space!
![Page 32: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/32.jpg)
Express template as “corrupted” codeword
W
t
w
t = w +
![Page 33: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/33.jpg)
t = w +
h(w) Idea: hash most significant part for security
Idea: leave some local information in clearfor “fuzziness”
![Page 34: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/34.jpg)
How we use fuzzy commitment...
![Page 35: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/35.jpg)
Computing fuzzy hash of template t
Choose w at random Compute = t - w Store (h(w), ) as commitment
(h(w),)
![Page 36: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/36.jpg)
Verification of fingerprint t’
Retrieve C(t) = (h(w), ) Try to decommit using t’:
– Compute w’ = f(t’ - )– Is h(w’) = h(w)?
?
![Page 37: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/37.jpg)
Characteristics of
Good fuzziness (say, 17%) Simplicity
Provably strong security – I.e., nothing to steal
![Page 38: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/38.jpg)
Open problems
What do template and error distributions really look like?
What other uses are there for fuzzy commitment?– Graphical passwords
![Page 39: A Fuzzy Commitment Scheme](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813d02550346895da6a34e/html5/thumbnails/39.jpg)
Questions?