Transcript a4academics.com

BLIND AUTHENTICATION: A SECURE
CRYPTO-BIOMETRIC VERIFICATION
PROTOCOL
By Maneesh Upmanyu ,C. V. Jawahar , Anoop M Namboodiri, Kannan Srinathan
CONTENTS
1. Biometrics
2. Biometric Authentication System
3. Comparison of Biometric systems
4. Privacy concerns in Biometric systems
5. What is Blind Authentication?
6. Previous work
7. Features of Blind Authentication
8. Enrollment
9. Authentication
10. Security, Privacy and Trust
11. Extensions to Kernels and Neural networks
12. Blind Secure Product Protocol
13. Implementation and analysis
14. Advantages
15. Conclusion
BIOMETRICS
A biometric is a physiological or behavioral characteristic
of a human being that can distinguish one person from
another and that theoretically can be used for identification
or verification of identity.
AUTHENTICATION
WHAT YOU KNOW?
WHAT YOU HAVE?
WHAT YOU ARE?
Biometric Authentication System
COMPARISON OF BIOMETRIC
SYSTEMS
PHYSIOLOGICAL BIOMETRICS
1. Fingerprint recognition
a) No two persons share the same fingerprints
b) Can go for thermal sensing, optical sensing, capacitance sensing,
ultrasound sensing etc.
c) Wet, dry, or dirty skin may create problems
2. Face Recognition
a) One of the most acceptable biometrics
b) Not accurate and dependable
3. Hand Geometry
a) Include length and width of fingers, different aspect
ratios of palm and fingers, thickness and width of the palm etc.
b) Existing hand geometry systems mostly use images of the
hand
4. Iris Recognition
a) Reliable and accurate
b) Believed to be unique in every individual
c) Not work for people who are missing both eyes or who have
serious eye illnesses that affect the iris.
BEHAVIORAL BIOMETRICS
1. Signature
a) High degree of acceptance
b) Signatures lack permanence
c) Static signature verification systems & Dynamic signature
verification
systems
2. Voice
a) Depend on numerous characteristics of a human voice to identify
the
speaker
b) Does not require expensive input devices
c) Issues- may skillfully imitate others' voices, record and replay
attacks
Primary Concerns in a Biometric
System
Template Protection
User's privacy
Trust between user and
server
Network security
What is Blind Authentication?
A blind authentication protocol that does not
reveal any:
information about the biometric samples to the
authenticating server.
information regarding the classifier, employed by
the server, to the user or client
PREVIOUS WORK
Categorization of template protection schemes by Jain
SALTING
Design a classifier in the encrypted feature space
Specific to a biometric trait
Security using a transformation function seeded by a user
specific key
Do not offer well defined security
NON-INVERTIBLE TRANSFORM
Apply non-invertible function on the biometric template
Key must be available at the time of transformation
Eg. Robust hashing, Cancelable templates
KEY BINDING AND KEY GENERATION
Integrate the advantages of biometrics and cryptography
Using the biometric as a protection for the secret key or to
generate secret key
FEATURES OF BLIND
AUTHENTICATION
Strong encryption
Non-repudiable authentication
Protection against replay and
client-side attacks
Revocability
ENROLLMENT
Enrollment based on a trusted third party(TTP): At the time of
registering with a website, the encrypted version of the user’s
biometric template is made available to the website. The one-time
classifier training is done on the plain biometrics, and hence requires
a trusted server to handle training.
AUTHENTICATION
Blind Authentication Process: Linear kernel computation for
encrypted feature vectors. At no point, the identity vectors x,
w or the intermediate results xi · wi is revealed to anyone.
SECURITY PRIVACY AND
TRUST
SYSTEM SECURITY

Server Security

Client Security

Network Security
PRIVACY

Concern of revealing personal
information
Server security
Hacker gains access to the template database
Hacker is in the database server during the authentication
Impostor trying blind attacks from a remote machine
Client security
Hacker gains access to the user’s biometric or private key
Passive attack at the user’s computer
Network Security
Attacker gains access to the network
PRIVACY
Concern of revealing personal information-Template
is
never revealed to the server
Concern of being tracked-Use different keys for
different
applications
EXTENSIONS TO KERNELS AND
NEURAL NETWORKS
Kernel based classifier uses a discriminating function
like
Similarly, in Neural Network the basic units are, for
example perceptron and sigmoid
Model above functions as arithmetic circuits consisting
of add and multiplication gates over a finite domain.
Consider two encryptions E+ and E*
BLIND SECURE PRODUCT
PROTOCOL
Receive
from client
Server computes kn+k random numbers such that
Server computes
and send it to the client.Client decrypts it.
Client computes
Send
to the server
Server computes
IMPLEMENTATION AND ANALYSIS
Experiments designed to evaluate the efficiency and
accuracy of proposed approach.
For evaluation, an SVM based verifier based on clientserver architecture was implemented.
Verification time for various
key sizes and feature vector
lengths
Variation of accuracy w.r.t. The
precisionof representation
ROC CURVES FOR VERIFICATION
ADVANTAGES OF BLIND
AUTHENTICATION
Fast and Provably Secure authentication without
trading off accuracy.
Supports generic classifiers
Network and SVMs.
such
as
Neural
Useful with wide variety of fixed-length biometrictraits.
Ideal for applications such as biometric ATMs, login
from public terminals.
CONCLUSION
Verification can be done in real-time with the help of
available hardware
Keep the interaction between the user and the server to a
minimum
Extensions to this work includes secure enrollment
protocols and encryption methods to reduce computations
Dynamic warping based matching of variable length feature
vectors can further enhance the utility of the approach
REFERENCES
N. K. Ratha, J. H. Connell, and R. M. Bolle, “Enhancing security
and privacy in biometrics-based authentication systems”
Maneesh Upmanyu, Anoop M. Namboodiri, K. Srinathan and C.V.
Jawahar,“Blind authentication: A secure crypto-biometric
verification protocol”