Department of Computer Science
Privacy Preserving Biometrics-Based and
User Centric Authentication Protocol
Hasini Gunasin...
Department of Computer Science
Agenda
 Problem Overview
 Challenges in biometrics based authentication schemes
 Our app...
Department of Computer Science
Problem Overview
NSS 2014
What You Know What You Have
 Commonly used authentication factor...
Department of Computer Science
Problem Overview
NSS 2014
Department of Computer Science
Problem Overview
NSS 2014
Strong Authentication Factor: Biometrics  Represents who you are...
Department of Computer Science
Challenges in biometrics based authentication:
 Inherited characteristics of biometrics
 ...
Department of Computer Science
Inherited Characteristics of
Biometrics
Desired Characteristics of
Biometrics Based Identif...
Department of Computer Science
Challenges in biometrics based authentication:
 Security Concerns:
 Biometric templates a...
Department of Computer Science
Challenges in biometrics based authentication:
 Privacy Concerns of authentication protoco...
Department of Computer Science
Addresses each of the above issues and provides better solutions.
1. Generates unique, repe...
Department of Computer Science
Overview:
Our Approach
NSS 2014
authenticate using
biometric identity token
enrolls biometr...
Department of Computer Science
1. Generating BID:
Our Approach
NSS 2014
Image
Hashing
Algorithm
Trained
SVM
Classifier
Bio...
Department of Computer Science
Our Approach
NSS 2014
1. Generating BID: Results
 P-Hash – feature
extraction mechanism
us...
Department of Computer Science
Our Approach
NSS 2014
1. Generating BID: Extended approach with Error Correction Code
 Enr...
Department of Computer Science
Our Approach
NSS 2014
1. Generating BID: Results with ECC
 Both accuracy and overhead incr...
Department of Computer Science
We covered so far – in key aspects of our approach:
Our Approach
NSS 2014
 Generating uniq...
Department of Computer Science
3. Privacy preserving identity management protocol: Enrollment
Our Approach
NSS 2014
Biomet...
Department of Computer Science
Our Approach
NSS 2014
3. Privacy preserving identity management protocol: Enrollment
 Elem...
Department of Computer Science
Our Approach
NSS 2014
3. Privacy preserving identity management protocol: Enrollment
 Arti...
Department of Computer Science
Our Approach
NSS 2014
3. Privacy preserving identity management protocol: Authentication
Bi...
Department of Computer Science
Summary: Performance
Performance measure Value
Computing perceptual hash 0.0105 (s)
Trainin...
Department of Computer Science
Security Analysis:
 Confidentiality of sensitive data is preserved:
 Biometric image, P-H...
Department of Computer Science
We covered so far:
Our Approach
NSS 2014
 Generating unique, repeatable and revocable BIDs...
Department of Computer Science
Future Work
 Experimenting on other biometric traits.
 Privacy preserving biometrics base...
Department of Computer Science
Q & A
Department of Computer Science
Thank You…
Nächste SlideShare
Wird geladen in …5
×

Privacy Preserving Biometrics-Based and User Centric Authentication Protocol

1.786 Aufrufe

Veröffentlicht am

Slides presented on the paper with the aforementioned title, in NSS 2014 which was held in Xian, China, from 15th-17th October 2014.

Veröffentlicht in: Wissenschaft
1 Kommentar
0 Gefällt mir
Statistik
Notizen
  • I hear that biometric products, if used with a backup password, are now called a “below-one factor authentication”, since it makes the users less safe than a password-only single factor authentication. It is exactly like a house with two entrances is less safe against burglars than a house with one entrance. This means that biometric products must be used without a backup password if security is wanted. Can it be done? It should help a lot if you have a quick look at http://www.slideshare.net/HitoshiKokumai/blind-spot-in-our-mind-eyecatching-experience
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Gehören Sie zu den Ersten, denen das gefällt!

Keine Downloads
Aufrufe
Aufrufe insgesamt
1.786
Auf SlideShare
0
Aus Einbettungen
0
Anzahl an Einbettungen
1.044
Aktionen
Geteilt
0
Downloads
0
Kommentare
1
Gefällt mir
0
Einbettungen 0
Keine Einbettungen

Keine Notizen für die Folie

Privacy Preserving Biometrics-Based and User Centric Authentication Protocol

  1. 1. Department of Computer Science Privacy Preserving Biometrics-Based and User Centric Authentication Protocol Hasini Gunasinghe and Elisa Bertino NSS 2014
  2. 2. Department of Computer Science Agenda  Problem Overview  Challenges in biometrics based authentication schemes  Our approach  Generating unique, repeatable and revocable BID  Securing the BID with cryptographic commitment  Privacy preserving authentication protocol  Security and performance analysis  Future work NSS 2014
  3. 3. Department of Computer Science Problem Overview NSS 2014 What You Know What You Have  Commonly used authentication factors  Stolen passwords/tokens lead to identity theft  Multiple passwords/tokens  Inconvenient to users
  4. 4. Department of Computer Science Problem Overview NSS 2014
  5. 5. Department of Computer Science Problem Overview NSS 2014 Strong Authentication Factor: Biometrics  Represents who you are.  Unique, Universal, Permanent and Collectable.  First known use in criminal division of the police department in Paris – introduced by A. Bertillon.  Since then, many applications in commercial, government and forensic.  Convenient and secure for users. Still, it is not widely adapted in critical applications such as online banking. Why?
  6. 6. Department of Computer Science Challenges in biometrics based authentication:  Inherited characteristics of biometrics  Security concerns  Privacy concerns Problem Overview NSS 2014
  7. 7. Department of Computer Science Inherited Characteristics of Biometrics Desired Characteristics of Biometrics Based Identifier Uniqueness & Unforgeability Uniqueness & Unforgeability Non-Repeatability Repeatability Non-Revocability Revocability Challenges in biometrics based authentication:  Inherited vs desired characteristics: Problem Overview NSS 2014
  8. 8. Department of Computer Science Challenges in biometrics based authentication:  Security Concerns:  Biometric templates are stored at the server during enrollment.  Extracted biometric features are stored in smart cards to be used during authentication. e.g: In the Schiphol Privium scheme at the Amsterdam airport, Iris code stored is in the smart card.  Breach of security of template databases/smart cards/user- devices can cause permanent loss of one’s biometric identity. Problem Overview NSS 2014
  9. 9. Department of Computer Science Challenges in biometrics based authentication:  Privacy Concerns of authentication protocols: Problem Overview NSS 2014  Biometric identity stored at multiple service providers.  Different proprietary protocols. verifies biometric at login SP2 SP3 SPspecificprotocols IDP-centricprotocol 4) verifies biometric 3/5).verification req/resp 1) enrolls biometric SP1 IDP SP2  IDP learns user’s interaction patterns with different SPs.  Revealing BID during authentication. enrolls biometric at signup SP1
  10. 10. Department of Computer Science Addresses each of the above issues and provides better solutions. 1. Generates unique, repeatable and revocable BIDs. 2. Defines privacy preserving identity management protocol:  Involves zero-knowledge-proof-of-knowledge.  User-centric. Our Approach NSS 2014
  11. 11. Department of Computer Science Overview: Our Approach NSS 2014 authenticate using biometric identity token enrolls biometric obtains Identity Token SP1 SP2 SP3 User-centricprotocol  No interaction between IDP and SP(s).  Biometric template is not stored anywhere.
  12. 12. Department of Computer Science 1. Generating BID: Our Approach NSS 2014 Image Hashing Algorithm Trained SVM Classifier Biometric image Hash vector Predicted class label (32 bits) + Password based key generation User-provided password Key 1 (128 bits) BID Key steps: 1. Feature extraction, image hashing mechanism 2. Training SVM classifier 3. Obtaining classification output 4. Password based key generation (160 bits)
  13. 13. Department of Computer Science Our Approach NSS 2014 1. Generating BID: Results  P-Hash – feature extraction mechanism used in our approach.  SVD-Hash – feature extraction mechanism used in previous work [Bhargav-Spantzel et al. ‘2010].
  14. 14. Department of Computer Science Our Approach NSS 2014 1. Generating BID: Extended approach with Error Correction Code  Enrolment phase: Error Correction Encoding:  Authentication phase: Error Correction Decoding: Image Hashing Algorithm Trained SVM Classifier Biometric image Hash vector Predicted class label + Password based key generation User-provided password Key 1 BID Hadamard ECC encoding Key 2 Error Correction Metadata Image Hashing Algorithm Trained SVM Classifier Biometric image Hash vector Predicted class label + Password based key generation User-provided password Key 1 BIDHadamard ECC decoding Key 2 Error corrected Hash vector Error Correction Metadata
  15. 15. Department of Computer Science Our Approach NSS 2014 1. Generating BID: Results with ECC  Both accuracy and overhead increase with the Hadamard Code length used for error correction.  Recommended Hadamard Error Correction Code is 16 bits.  Improves repeatability of the BID.  Secure error correction mechanism introduced by Kande et al. ‘2009.
  16. 16. Department of Computer Science We covered so far – in key aspects of our approach: Our Approach NSS 2014  Generating unique, repeatable and revocable BIDs.  Extended approach with ECC to improve repeatability.  Privacy preserving identity management protocol: 1. Involves zero-knowledge-proof-of-knowledge. 2. User-centric.
  17. 17. Department of Computer Science 3. Privacy preserving identity management protocol: Enrollment Our Approach NSS 2014 Biometric image Hash Vector R= Commitment: C = gxhr Biometric IDT Perceptual Hash Train Support Vector Machine Trained Base SVM P-Hash Customize SVM Single Label Classification Hash Vector Digitally Signed by IDP X = BID
  18. 18. Department of Computer Science Our Approach NSS 2014 3. Privacy preserving identity management protocol: Enrollment  Elements included in the identity token:  Commitment string  Expiration time stamp  From, To fields (to prevent attacks on ZKPK protocol by SP)  Digital signature  Public parameters of the Pedersen commitment scheme
  19. 19. Department of Computer Science Our Approach NSS 2014 3. Privacy preserving identity management protocol: Enrollment  Artifacts provided to the User: (stored in the TEE of user’s device)  Identity Token  Trained and customized SVM classifier.  BID generation software.  Salt value used for PBKDF.  Error correction meta-data.
  20. 20. Department of Computer Science Our Approach NSS 2014 3. Privacy preserving identity management protocol: Authentication Biometric image Hash Vector P-Hash Customized SVM Single Label Classification R’= Commitment: C’ = gx’hr’ X’ = BID Authentication Request Biometric IDT d = gyhs Zero Knowledge Proof of Knowledge Protocol Service Provider User Service Provider challenge: e u=y+ex, v=s+er success if Ced = guhv
  21. 21. Department of Computer Science Summary: Performance Performance measure Value Computing perceptual hash 0.0105 (s) Training Classifier 8 (s) [with 400 training instances] Predicting from trained classifier 0.013 (s) Creating commitment 0.003038 (s) Zero Knowledge Proof (without network delay) 0.00763 (s) Hardware Configurations:  CPU: Intel Core i7-3537U  Memory: 5GB RAM  OS: Ubuntu 13.4 OS Our Approach NSS 2014
  22. 22. Department of Computer Science Security Analysis:  Confidentiality of sensitive data is preserved:  Biometric image, P-Hash vector, BID are not stored anywhere.  Secrets are derived from the user’s password.  Zero Knowledge Proof of Knowledge protocol:  Biometric information not revealed at any point.  MITM attacks carried out by SP are prevented.  Identity token provides ownership assurance and avoids impersonation.  Enables revocation of the biometric based identity tokens. Our Approach NSS 2014
  23. 23. Department of Computer Science We covered so far: Our Approach NSS 2014  Generating unique, repeatable and revocable BIDs.  Extended approach with ECC to improve repeatability.  Privacy preserving identity management protocol:  with zero-knowledge-proofs.  User-centric identity management  Performance and Security Analysis
  24. 24. Department of Computer Science Future Work  Experimenting on other biometric traits.  Privacy preserving biometrics based authentication based on distance matching: • Homomorphic Encryption • Garbled circuits  Multi-modal biometrics for authentication.
  25. 25. Department of Computer Science Q & A
  26. 26. Department of Computer Science Thank You…

×