testimonianza di alessandro tommasi presentation biosig
Post on 29-May-2015
255 Views
Preview:
TRANSCRIPT
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Biometric Signature Verification
A Tomasi1 M Sala1 V Da Rold1 G Sciarretta2
1University of TrentoDepartment of Mathematics2Fondazione Bruno Kessler
Security and Trust
May 30, 2013
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Outline
1 Biometric Authentication
2 Error correction
3 Hash functions
4 Fuzzy Commitment
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Biometric Authentication
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Authentication systems
Authentication systems can be based on several factors:
something you know,
something you have,
something you are.
password!
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Biometric measures
Physical biometrics:
Pros :
Cannot be lost or forgottenDifficult to forge
Cons :
Intrusive, or at least perceived as suchDifficult if not impossible to revokePresent and future privacy issues: health,ethnicity etc.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Biometric signature I
A behavioural, non-intrusive measurement, familiar and widelyaccepted. Con: high variability.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Biometric signature II
Input data: [x,y,t,p,e]
Extracted features:
ID Description ID Description ID Description
1 Number of Strokes 10-11 Average X and Y Acceleration 41-50 X and Y Sub-Accelerations
2 Time Duration 12-13 Initial X and Y 51-52 Height and Width
3 Aspect Ratio 14-15 Final X and Y 53-55 Mean X,Y and Pressure Value
4-5 X and Y Area 16-20 M1,1,M1,2,M2,1 and M0,3 56-58 Maximum X,Y and Pressure Value
6-7 Average X and Y Velocity 21-30 X and Y Sub-Areas 59-61 Minimum X,Y and Pressure Value
8-9 Absolute Average X and Y Velocity 31-40 X and Y Sub-Velocity 62-63 Maximum X and Y Velocity
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Genuines vs. forgeries
Some features are moredistinguishing than others.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Error correction
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Error correction
Consider the following scenario: a source sends a message macross a channel to a receiver. The channel is affected by noise,which modifies the signal.Broadly speaking, an error correction scheme is composed of twoalgorithms, E ncode and Decode, that modify the message to makeit more resilient to errors e, so that
D (E (m) + e) = m
for sufficiently “small” e.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Linear block ECC I
Let Fq be the finite field with q elements and (Fq)n be the linearspace of all n-tuples over Fq.
Definition
Let k, n ∈ N such that 1 ≤ k ≤ n. A linear code C is ak-dimensional vector subspace of (Fq)n.
Definition
If C is an [n, k]q code, then any matrix G whose rows form a basisfor C as a k-dimensional vector space is called a generator matrixfor C .
The encoding procedure of a message m ∈ (Fq)k into the wordc ∈ (Fq)n is just mG = c.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Linear block ECC II
Concretely, we split a message m into blocks of length k and mapevery possible mk into a codeword, c . Crudely speaking, this is amore complex form of redundancy:
1 7→ [111]
0 7→ [000]
A code with minimum distance d can detect up to d − 1 andcorrect up to b(d − 1)/2c errors.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Cyclic Codes
Definition
An [n, k , d ]q linear code C is cyclic if the cyclic shift of a word isalso a word, i.e.
(c0, . . . , cn−1) ∈ C =⇒ (cn−1, c0, . . . , cn−2) ∈ C .
Consider the univariate polynomial ring Fq[x ] and the idealI = 〈xn − 1〉. We denote by R the ring Fq[x ]/I . We construct abijective correspondence between the vectors of (Fq)n and theresidue classes of polynomials in R:
(v0, . . . , vn−1)↔ v0 + v1x + · · ·+ vn−1xn−1.
We can view linear codes as subsets of the ring R, thanks to thecorrespondence above.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Generator Polynomial
Theorem
An [n, k , d ]q code C is cyclic iff C is an ideal of R.
Since R is a principal ideal ring (if C is not trivial) there exists aunique monic polynomial g that generates C . We call g thegenerator polynomial of C .Let m = (m0, . . . ,mk−1) be a message to encode, and consider itspolynomial representation m(x) in R. To obtain an associated wordit is sufficient to multiply m(x) by the generator polynomial g(x):
c(x) = m(x)g(x) ∈ C .
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Hash functions
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Hash functions
A cryptographic hash function h maps messages of arbitrarylength1into a fixed-length message digest. Hash functions arerequired to be:
one-way : given a known digest d generated by a known hashfunction h(·), it is infeasible to deduce m such thatd = h(m);
collision resistant : it is infeasible to find explicitly two messagesm1,m2 such that h(m1) = h(m2);
input sensitive : the smallest difference between two messagesm1,m2 leads to completely different digestsh(m1), h(m2).
1up to some very large maximumBioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Example: SHA-1
SHA-1: Security Hash Algorithm [FIPS2180-1]. Given an inputmessage of length up to 264 bits, SHA-1 outputs a 160-bit string:
message SHA-1 digest
m’illumino di immenso 04DEC8C39C14B4E5AB28
4EE204C81D58F1A59936
mi illumino di immenso 666BCFA1CC6D6580F316
AF077B85B9DE34055A57
Roma DE5429D6F4FA2C86427A
50757791DE88A0B75C85
roma A6B6EA31C49A8E944EFE
9ECBC072A26903A1461A
2Federal Information Processing StandardBioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Collision resistance
The collision resistance of hash functions can be measured in termsof their robustness against birthday attacks, i.e. the number ofbrute-force hash operations it takes, in probability, before we findtwo messages with the same hash by simply picking randommessages from the whole message space. For an n-bit output hash,this is proportional to 2n/2.Crudely speaking, assume we have a commercial PC capable ofperforming hashes at 1 GHz, i.e. 109h(·)s−1. A 128-bit digest hashsuch as SHA-1 will yield a collision in at most roughly 2 · 1019
hashes, which would take at most 30 years. Adding processingpower and finding vulnerabilities in the hash function significantlyreduce the waiting time.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Fuzzy Commitment
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Fuzzification
By applying a repeatable but non-invertible transform f (s) to thesignature we commit enough biometric data to authenticate users,but as little as possible to preserve privacy. We do this based onthresholds.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
The scheme at a glance
Enrolment(s):1 generate a random message, r , and encode it (E (r))2 sum the message with the fuzzy median signature, f (s)3 commit enrolment data:
a hash of the message, h(r)a user-specific string, u = E(r) + f (s)the error correction capacity t corresponding to the user
Verification(s, h(r), u, t):1 subtract the fuzzy observed signature from the user’s string:
v = u − f (s)
= E (r) + f (s)− f (s)
= E (r) + e
2 correct the errors in the transmitted message:r = D(E (r) + e);
3 if h(r) == h(r), accept the observed signature as authentic.BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Encoding choices
Block codes make sense for authentication schemes because wecan precisely define the length of our encoded message (n).Furthermore, for MDS codes, i.e. ones for which strict equalityholds in the Singleton bound d ≤ n − k + 1, we can uniquelyassociate an error correction capacity t with a given message andcode length. We can also tweak t based on whether we want tomake it easier for users to authenticate themselves or harder forforgers to gain access.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Privacy and cancelability
Cancelability Since the random message r is generated atenrolment, any user can enrol the samesignature again.The signature itself can be changed, since it isbehavioural.
Privacy A sufficiently long random message r and robusthash function h(·) ensure that the user’sbiometric data cannot be recovered by anyone.Even if the data were recovered, all we havecommitted is a fuzzy version.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Enrolment
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Authentication
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Privacy and cancelability
Cancelability Since the random message r is generated atenrolment, any user can enrol the samesignature again.The signature itself can be changed, since it is abehavioural measure.
Privacy A sufficiently long random message r and robusthash function h(·) ensure that the user’sbiometric data cannot be feasibly recovered byanyone, whether thief or system administrator.Even if the data were recovered, all we havecommitted is a fuzzy version.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
Performance
Assessed against both research and custom database, allowing twoauthentication attempts.False Rejection Rate / Type I Error: 3.5%False Acceptance Rate / Type II Error: 3.2%Work commissioned by PayBay Networks Srl, part of QUI!Group
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
[Bov+03] L Bovino et al. “Multi-Expert Verification ofHand-Written Signatures”. In: Proceedings of theSeventh International Conference on DocumentAnalysis and Recognition (ICDAR). Vol. 2.Washington, DC, USA: IEEE Computer Society, 2003,pp. 932–936. isbn: 0-7695-1960-1. doi:10.1.1.160.9174.
[Fre08] M. R. Freire. “Biometric Template Protection inDynamic Signature Verification”. MSc. UniversidadAutonoma de Madrid, Nov. 2008.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
[GJ07] G. K. Gupta and R. C. Joyce. “Using position extremapoints to capture shape in on-line handwrittensignature verification”. In: Pattern Recognition 40.10(Oct. 2007), pp. 2811–2817. issn: 0031-3203. doi:10.1016/j.patcog.2007.01.014.
[IP08] D. Impedovo and G. Pirlo. “Automatic SignatureVerification: The State of the Art”. In: Systems, Man,and Cybernetics, Part C: Applications and Reviews,IEEE Transactions on 38.5 (Sept. 2008), pp. 609–635.issn: 1094-6977. doi: 10.1109/TSMCC.2008.923866.
[IW09] T. Ignatenko and F. M. J. Willems. “BiometricSystems: Privacy and Secrecy Aspects”. In:Information Forensics and Security, IEEE Transactionson 4.4 (2009), pp. 956–973. issn: 1556-6013. doi:10.1109/TIFS.2009.2033228.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
[IW10] T. Ignatenko and F. M. J. Willems. “Using positionextrema points to capture shape in on-line handwrittensignature verification”. In: Information Forensics andSecurity, IEEE Transactions on 5.2 (2010),pp. 337–348. doi: 10.1109/TIFS.2010.2046984.
[JGC02] A. K. Jain, F. D. Griess, and S. D. Connell. “On-linesignature verification”. In: Pattern Recognition 35(2002), pp. 2963–2972.
[JNN08] A. K. Jain, K. Nandakumar, and A. Nagar. “Biometrictemplate security”. In: EURASIP Journal on Advancesin Signal Processing (Jan. 2008). issn: 1110-8657.doi: 10.1155/2008/579416.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
[JS06] A. Juels and M. Sudan. “A fuzzy vault scheme”. In:Designs, Codes and Cryptography 38.2 (2006),pp. 237–257. doi: 10.1007/s10623-005-6343-z.
[JW99] A. Juels and M. Wattenberg. “A fuzzy commitmentscheme”. In: Proceedings of the 6th ACM conferenceon Computer and communications security (CCS ’99’).Kent Ridge Digital Labs, Singapore: ACM, 1999,pp. 28–36. isbn: 1-58113-148-8. doi:10.1145/319709.319714.
[LBA96] L Lee, T Berger, and E Aviczer. “Reliable On-LineHuman Signature Verification Systems”. In: IEEETrans. Pattern Anal. Mach. Intell. 18.6 (June 1996),pp. 643–647. issn: 0162-8828. doi:10.1109/34.506415.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
[Lee+04] J. Lee et al. “Using geometric extrema forsegment-to-segment characteristics comparison inonline signature verification”. In: Pattern Recognition37.1 (Jan. 2004), pp. 93–103. issn: 0031-3203. doi:10.1016/S0031-3203(03)00229-2.
[Liw+11] M. Liwicki et al. “Signature Verification Competitionfor Online and Offline Skilled Forgeries(SigComp2011)”. In: Document Analysis andRecognition (ICDAR), 2011 International Conferenceon. IEEE Computer Society. 2011, pp. 1480–1484.doi: 10.1109/ICDAR.2011.294.
BioSigV
Biometric AuthenticationError correctionHash functions
Fuzzy CommitmentReferences
[Liw+12] M. Liwicki et al. “ICFHR 2012 Competition onAutomatic Forensic Signature Verification (4NsigComp2012)”. In: Frontiers in Handwriting Recognition(ICFHR), 2012 International Conference on. IEEE.Bari, Sept. 2012, pp. 823–828. doi:10.1109/ICFHR.2012.217.
[SE00] S Sanderson and J. H. Erbetta. “Authentication forsecure environments based on iris scanningtechnology”. In: Visual Biometrics (Ref.No. 2000/018),IEE Colloquium on. 2000, pp. 8/1–8/7. doi:10.1049/ic:20000468.
[YWP95] L Yang, B. K. Widjaja, and R Prasad. “Application ofhidden Markov models for signature verification”. In:Pattern Recognition 28.2 (1995), pp. 161–170. issn:0031-3203. doi: 10.1016/0031-3203(94)00092-Z.
BioSigV
top related