Transcript 下載/瀏覽

多媒體網路安全實驗室
An Application of the
Goldwasser-Micali
Cryptosystem to Biometric
Authentication
Date：2011.06.04
Reporter: Chien-Wen Huang
出處:The 12th Australasian Conference on Information Security and Privacy
多媒體網路安全實驗室
Outline
1
Introduction
2
A New Security Model
3
4
A New Biometric-based Authentication Protocol
Conclusion
2
多媒體網路安全實驗室
Introduction
In biometric-based cryptosystems
 a user identifies or authenticates himself using his
biometrics
The biometric feature is captured by a sensor
(e.g. a camera for iris biometrics)will rarely be
the same twice.
To enforce privacy, we wish biometric data after
their capture to be hidden
 So that an adversary is unable to find out who is the
real person.
3
多媒體網路安全實驗室
Most of these protocols uses biometry for
Identity-Based Encryption.
 rely on the assumption that biometric features
belonging to live users.
This assumption is not true in practice.
 As a user’s biometric information, such as
fingerprint(be easily captured in daily life.)
4
多媒體網路安全實驗室
A New Security Model
The system mainly consists of two parts: the
client and the server.
registers his reference biometric
template bi
capturing the user’s biometric and
extracting
helps the server to make a
decision related to a user’s
5
多媒體網路安全實驗室
Requirement 1
 The matcher M can faithfully compute the distance
H (bi , bi' )
 M can compare the distance to a given threshold
value d.
 the server AS can make the right decision.
6
多媒體網路安全實驗室
Requirement 2
 For any IDi : bi' , bi'
0
0
1
 It is infeasible for any of M, DB, and AS to
distinguish between ( IDi0 , bi'0 )and( IDi0 , bi'1 )
Requirement 3
 If U i ,  {0,1} makes an authentication attempt.

 DB can only guess  with a negligible advantage.
 Suppose DB makes a guess  '
7
多媒體網路安全實驗室
A New Biometric-based Authentication
Protocol
Review of the Goldwasser-Micali Scheme
設x為大於1之整數,且 (x,p)=1, 若x 2  a (mod p) 可解,則x謂之二次
剩餘,對mod p.
例如: 1,2,4為7(即mod 7)之二次剩餘; 3,5,6為二次非剩餘.
x=1,6時 x 2  1 (mod 7),同理x=3,4時x 2  2(mod 7),
x=2,5時, x 2  4 (mod 7).
•Jacobi symbol:
J(x/p)= 0 if p | x {即p是a的因數;a是p的倍數}
= 1 if x is a quadratic residue mod p
= -1 if x is a nonresidue mod p.
8
多媒體網路安全實驗室
 Key generation algorithm
Input:
 a security parameter
 large prime numbers p and q
n=pq
 a non-residue x for which the Jacobi symbol=-1
J(x,p)=J(x,q)= -1
Output:
 pk
(x,n) , sk
(p,q)
9
多媒體網路安全實驗室
Encryption algorithm
 Takes a message m  {0,1}
 c  y 2 x m (mod n), y is randomly chosen from Z*n
Decryption algorithm
 If c is a quadratic residue
 Otherwise, m=1.
10
m=0.
多媒體網路安全實驗室
An adversary A has only a negligible advantage
11
多媒體網路安全實驗室
the attacker’s advantage
The encryption protocol possesses a nice
homomorphic property
12
多媒體網路安全實驗室
In order to encrypt a binary string we need to
encrypt every bit individually
13
多媒體網路安全實驗室
Enrollment Phase
 bi  (bi ,1 , bi , 2 ,..., bi , M )
 U i registers (bi , i ) at DB
 ( IDi , i )at AS
 M possesses a key pair (pk,sk)
14
多媒體網路安全實驗室
Verification Phase
AS retrieves the index i using IDi
15
多媒體網路安全實驗室
If the Hamming weight of the
corresponding plaintext vector < or =d
16
多媒體網路安全實驗室
S performs at most 2M modular multiplications
The server performs 2N modular multiplications
in step 2 and M modular multiplications in step4.
MN
The database needs to perform
modular
2
multiplications in step 3
17
多媒體網路安全實驗室
Conclusion
Consider a biometric authentication protocol
where confidentiality is required for biometric
data solely for privacy reasons.
It remains an interesting issue to improve its
performance.
18
多媒體網路安全實驗室