fuzzy vaults: toward secure client-side matching
Post on 18-Jan-2016
35 Views
Preview:
DESCRIPTION
TRANSCRIPT
Fuzzy Vaults: Toward Secure Client-Side Matching
Ari JuelsRSA Laboratories
10th CACR Information Security Workshop8 May 2002
LABORATORIES
Fingerprint scanning Iris scanning Voice recognition
Many types of biometric authentication...
Many others...
Face recognition Body odor Authenticating...
A Comparison Among Biometric Architectures
Registration
Template
Alice
Template is stored
Authentication
Authentication
?
It’s Alice!
The big questions
Where is the match performed?– Determines architecture
How is the template protected?– Critical because….
Limited password changes
First password
Second password
Templates represent intrinsic information about
you
Alice
Theft of a template is theft of identity
An Important Note
Biometrics no more secure than PINs!– Static values– False acceptance rates imply, e.g.,
1/100,000 security (i.e., perhaps 17 bits) Thus, it is at present unwise to protect
cryptographic systems with biometrics alone
Biometrics are a good second factor, i.e., PIN replacement
The Three Architectures:Server-side, Client-side, and
On-device
Server-side matching
Server
Client
Server-side matching
Server
Client
“access
granted”
Server-side matching: Drawbacks
Risk of template compromise en bloc – Hundreds of thousands of fingerprints make
an excellent hacker target– Privacy, liability concerns considerable
Architecturally complex Matching is CPU-intensive for server
Client-side matching
Server
“It’s Alice!”“Hi, Alice!”
Client-side matching
Most convenient and simple to build
Fine for, e.g., locking desktop with screen saver
Not secure for remote authentication... client can be made to lie!
Client-side matching
Server
“It’s Alice!”“It’s Alice!”“Hi, Alice!”
On-device matching
SecurID
On-device matching
SecurID
On-device matching
On-device security provides full privacy and integrity
With smartcard, biometric unlocks card, thus no need for modification of client or server software
But...
On-device matching
But Alice must always have her smart card with her -- portability lost
At present, true on-device match available only with expensive (i.e., $200) units
Most “on-card” matching systems process data on PC, reducing security
“Fuzzy Vault”:A New Architecture
“password”
UNIX protection of passwords
“password” h(“password”)
“password”
Template protection?
h( )
Fingerprint is variable
Differing angles of presentation Differing amounts of pressure Chapped skin
Don’t have exact key!So hashing won’t work...
We want “fuzzy” vault
Differing angles of presentation Differing amounts of pressure Chapped skin
We want “fuzzy” vault
How do we do it?
Fuzzy vault is just a piece of encrypted data
Uses error-correcting codes– Technology used to eliminate “noise” in
telecommunications, CD players, etc. We make counterintuitive use of
error-correcting codes– Jettison the message space!
What do we get?
Fingerprint (features) not stored in clear
Fuzzy vault
Vault can be stored in directory and unlocked on client
ClientDirectory
Fuzzy vault: Caveats
Basic fuzzy vault: Does not achieve security of on-card matching Not secure against Trojan horses Still provides adequate security as second factor, e.g., PIN replacement
Fuzzy vault pros Provable security characterization
– Similar (dubious) schemes lack proofs No need for biometric server No need for smart card
– Fuzzy vault can be placed on smart or dumb card for added flexibility, though Can build secure readers without crypto All the benefits of secure, client-side match!
When can I buy a fuzzy vault?
Fuzzy vault is a research concept Validated in early prototype Needs development on biometrics side RSA Labs is looking for research partner
To learn more... Fuzzy vault I -- Suitable for iris?
– “A Fuzzy Commitment Scheme”, ACM CCS ‘99– Joint work with Martin Wattenberg, IBM
Fuzzy vault II -- Suitable for fingerprints?– “A Fuzzy Vault Scheme”, ISIT ‘01– Joint work with Madhu Sudan, MIT
Patents pending Papers at www.ari-juels.com Ari Juels at ajuels@rsasecurity.com
top related