Transcript Biometrics

Biometric Security
[email protected]
Problem
 People use weak passwords
 People write the pin code on their bank card
 Biometrics cannot be “forgotten” and you do
not have to “think of it”
2
IIS
Personal Identification
Associating an individual with an identity:
 Something you have
» Token, smart card
 Something you know
» Password, pin
 Something you are:
» Physiological
» Behavioural
3
IIS
Forms of Identification
 Authentication (aka Verification)
» Am I who a claim to be?
 Recognition (aka Identification)
» Who am I?
» Harder than Authentication (why?)
4
IIS
Physiological or Behavioural?
[Jai00] A. K. Jain, L. Hong, and S. Pankanti. Biometric identification. Commun. ACM, 43(2):9098, Feb 2000. http://doi.acm.org/10.1145/328236.328110
5
IIS
Sample Application Areas
Forensic
Civilian
Commercial
Criminal
investigation
National ID
ATM (India),
POS (AH)
Corpse
identification
Driver's
license
Credit card
(Oklahoma)
Parenthood
determination
6
IIS
Welfare
disbursement
(Singapore)
Laptop login
Verification
Verification is easier than identification…
7
IIS
Two examples
 Hand geometry
 Fingerprint
8
IIS
Hand Geometry (Hand Key)
9
IIS
Measure your Right hand
10
IIS
FBI classification
Arch
Whorl
Loop
 What is your right hand index finger?
11
IIS
Accidental
Fingerprint matching
 Ridge thinning & extraction
 Minutiae (bifurcation, end point) detection
 Ridge based alignment & overlaying
12
IIS
Desired Characteristics
 Biometric
» Universal
» Unique
» Permanent
» Collectable
Watch this video
 System
» Performance
» Acceptability
» Circumvention
[Put00] T. van der Putte and J. Keuning. Biometrical fingerprint recognition: Don't get your fingers
burned. In 4th Int. IFIP wg 8.8 Conf. Smart card research and advanced application (CARDIS),
pages 289-303, Bristol, UK, Sep 2000. Kluwer Academic Publishers, Boston, Massachusetts.
http://www.keuning.com/biometry/Biometrical_Fingerprint_Recognition.pdf
13
IIS
Some Comparisons
Biometrics
Univer
-sality
Uniqueness
Permanence
Collectability
Performance
Acceptability
Circumvention
Face
high
low
med.
high
low
high
low
Finger
med.
high
high
med.
high
med.
high
Hand
Geometry
med.
med.
med.
high
med.
med.
med.
Iris
high
high
high
med.
high
low
high
Signature
low
low
low
high
low
high
low
Voice
Print
med.
low
low
med.
low
high
low
print
14
IIS
Biometrics is not perfect
 High False Accept rate is bad for high security
applications -- dangerous
 High False Reject rate is bad for high usability
applications -- annoying
accept reject
15
Alice is recognised as Alice
true
Bob is recognised as Alice
false
Alice is not recognised as Alice
false
Bob is not recognised as Alice
true
IIS
Low
False Accept Rate
High
Receiver Operating
Characteristics
16
IIS
Low
False Reject Rate
High
Security
Attacks
 How many templates do you have?
18
IIS
Template protection
 Requirements
» Diversity (no cross matching of data bases for privacy)
» Revocability (easy to replace template)
» Security (hard to obtain the original)
» Performance (matching must be robust)
 Why does encryption not work?
 Two examples
» Non-invertible transforms
» Fuzzy commitment
[Jai08] A. K. Jain, K. Nandakumar, and A. Nagar. Biometric template security. EURASIP Journal
on Advances in Signal Processing, 2008:579416, 2008. http://dx.doi.org/10.1155/2008/579416
19
IIS
Non invertible transform
“crumple”
 User specific transformation (revocability)
 Locally smooth translation outside mather tolerance
(performance)
 Globally non smooth (security)
[Rat06] N. Ratha, J. Connell, R. M. Bolle, and S. Chikkerur. Cancelable biometrics: A case study
in fingerprints. In 18th Int. Conf. on Pattern Recognition (ICPR), volume 4, pages 370-373,
Honkong,
IIS China, Aug 2006. IEEE Computer Society. http://dx.doi.org/10.1109/ICPR.2006.353
20
Fuzzy commitment
 Verification
» Measure : x’
» Compute: c’ = decode (x’- δ)
» Match if h(c’) = h(c)
300
200
 The commitment is
» Hash code word for security : h(c)
» Leave distance in clear for fuzziness : δ
c
c’?
100
 Idea
» Use biometric template : x
» As a corrupted code word : c = x-δ
Example
x x’
100
200
[Jue99a] A. Juels and M. Wattenberg. A fuzzy commitment scheme. In 6th ACM conf. on
Computer and communications security (CCS), pages 28-36, Kent Ridge Digital Labs,
Singapore,
1999. ACM. http://doi.acm.org/10.1145/319709.319714
IIS
21
Template protection
application
[Buh07] I. R. Buhan, J. M. Doumen, P. H. Hartel, and R. N. J. Veldhuis. Secure ad-hoc pairing
with biometrics: SAfE. In 1st Int. Workshop on Security for Spontaneous Interaction (Ubicomp
2007 Workshop Proceedings), pages 450-456, Innsbruck, Austria, Sep 2007.
http://www.comp.lancs.ac.uk/iwssi2007/papers/iwssi2007-02.pdf
Secure ad-hoc pairing
 Suppose two people meet
» Who have never met before
» There is no TTP and/or they are not online
» They are not technical
» They would like to exchange data
» Concerned about eavesdropper
 How to do this?
» Biometrics
» Shielding function as fuzzy extractor
» Protocol with novel “related key attack”
23
IIS
Idea: Take each other’s photo
ma=0110...
Enrollment
wa
mb=1101...
wb
radio
mb=decode( ,wb )
Alice has ma,mb
24
IIS
Verification
ma=decode( , wa)
Bob has ma,mb
Coping with noise
 Problem:
» Alice gets m’b close to mb but not the same
» The same for Bob...
 Solution:
» During enrollment calculate error profiles
» Cryptanalysis using those profiles to recover the
correct key
» More work for eavesdropper
25
IIS
Usability
 Compare Pin to SAFE
 30 subjects: questionnaire + interview
 Mainly CS
 Results
29
IIS
Conclusions
 Identification or verification
 Complements password and
token
 Systems getting affordable
 Biggest problems:
» Performance
» Public acceptance
 Biometrics is fun
30
IIS