a4academics.com
Download
Report
Transcript a4academics.com
BLIND AUTHENTICATION: A SECURE
CRYPTO-BIOMETRIC VERIFICATION
PROTOCOL
By Maneesh Upmanyu ,C. V. Jawahar , Anoop M Namboodiri, Kannan Srinathan
CONTENTS
1. Biometrics
2. Biometric Authentication System
3. Comparison of Biometric systems
4. Privacy concerns in Biometric systems
5. What is Blind Authentication?
6. Previous work
7. Features of Blind Authentication
8. Enrollment
9. Authentication
10. Security, Privacy and Trust
11. Extensions to Kernels and Neural networks
12. Blind Secure Product Protocol
13. Implementation and analysis
14. Advantages
15. Conclusion
BIOMETRICS
A biometric is a physiological or behavioral characteristic
of a human being that can distinguish one person from
another and that theoretically can be used for identification
or verification of identity.
AUTHENTICATION
WHAT YOU KNOW?
WHAT YOU HAVE?
WHAT YOU ARE?
Biometric Authentication System
COMPARISON OF BIOMETRIC
SYSTEMS
PHYSIOLOGICAL BIOMETRICS
1. Fingerprint recognition
a) No two persons share the same fingerprints
b) Can go for thermal sensing, optical sensing, capacitance sensing,
ultrasound sensing etc.
c) Wet, dry, or dirty skin may create problems
2. Face Recognition
a) One of the most acceptable biometrics
b) Not accurate and dependable
3. Hand Geometry
a) Include length and width of fingers, different aspect
ratios of palm and fingers, thickness and width of the palm etc.
b) Existing hand geometry systems mostly use images of the
hand
4. Iris Recognition
a) Reliable and accurate
b) Believed to be unique in every individual
c) Not work for people who are missing both eyes or who have
serious eye illnesses that affect the iris.
BEHAVIORAL BIOMETRICS
1. Signature
a) High degree of acceptance
b) Signatures lack permanence
c) Static signature verification systems & Dynamic signature
verification
systems
2. Voice
a) Depend on numerous characteristics of a human voice to identify
the
speaker
b) Does not require expensive input devices
c) Issues- may skillfully imitate others' voices, record and replay
attacks
Primary Concerns in a Biometric
System
Template Protection
User's privacy
Trust between user and
server
Network security
What is Blind Authentication?
A blind authentication protocol that does not
reveal any:
information about the biometric samples to the
authenticating server.
information regarding the classifier, employed by
the server, to the user or client
PREVIOUS WORK
Categorization of template protection schemes by Jain
SALTING
Design a classifier in the encrypted feature space
Specific to a biometric trait
Security using a transformation function seeded by a user
specific key
Do not offer well defined security
NON-INVERTIBLE TRANSFORM
Apply non-invertible function on the biometric template
Key must be available at the time of transformation
Eg. Robust hashing, Cancelable templates
KEY BINDING AND KEY GENERATION
Integrate the advantages of biometrics and cryptography
Using the biometric as a protection for the secret key or to
generate secret key
FEATURES OF BLIND
AUTHENTICATION
Strong encryption
Non-repudiable authentication
Protection against replay and
client-side attacks
Revocability
ENROLLMENT
Enrollment based on a trusted third party(TTP): At the time of
registering with a website, the encrypted version of the user’s
biometric template is made available to the website. The one-time
classifier training is done on the plain biometrics, and hence requires
a trusted server to handle training.
AUTHENTICATION
Blind Authentication Process: Linear kernel computation for
encrypted feature vectors. At no point, the identity vectors x,
w or the intermediate results xi · wi is revealed to anyone.
SECURITY PRIVACY AND
TRUST
SYSTEM SECURITY
Server Security
Client Security
Network Security
PRIVACY
Concern of revealing personal
information
Server security
Hacker gains access to the template database
Hacker is in the database server during the authentication
Impostor trying blind attacks from a remote machine
Client security
Hacker gains access to the user’s biometric or private key
Passive attack at the user’s computer
Network Security
Attacker gains access to the network
PRIVACY
Concern of revealing personal information-Template
is
never revealed to the server
Concern of being tracked-Use different keys for
different
applications
EXTENSIONS TO KERNELS AND
NEURAL NETWORKS
Kernel based classifier uses a discriminating function
like
Similarly, in Neural Network the basic units are, for
example perceptron and sigmoid
Model above functions as arithmetic circuits consisting
of add and multiplication gates over a finite domain.
Consider two encryptions E+ and E*
BLIND SECURE PRODUCT
PROTOCOL
Receive
from client
Server computes kn+k random numbers such that
Server computes
and send it to the client.Client decrypts it.
Client computes
Send
to the server
Server computes
IMPLEMENTATION AND ANALYSIS
Experiments designed to evaluate the efficiency and
accuracy of proposed approach.
For evaluation, an SVM based verifier based on clientserver architecture was implemented.
Verification time for various
key sizes and feature vector
lengths
Variation of accuracy w.r.t. The
precisionof representation
ROC CURVES FOR VERIFICATION
ADVANTAGES OF BLIND
AUTHENTICATION
Fast and Provably Secure authentication without
trading off accuracy.
Supports generic classifiers
Network and SVMs.
such
as
Neural
Useful with wide variety of fixed-length biometrictraits.
Ideal for applications such as biometric ATMs, login
from public terminals.
CONCLUSION
Verification can be done in real-time with the help of
available hardware
Keep the interaction between the user and the server to a
minimum
Extensions to this work includes secure enrollment
protocols and encryption methods to reduce computations
Dynamic warping based matching of variable length feature
vectors can further enhance the utility of the approach
REFERENCES
N. K. Ratha, J. H. Connell, and R. M. Bolle, “Enhancing security
and privacy in biometrics-based authentication systems”
Maneesh Upmanyu, Anoop M. Namboodiri, K. Srinathan and C.V.
Jawahar,“Blind authentication: A secure crypto-biometric
verification protocol”