Fuzzy StuffFuzzy Stuff

6.857 Lecture 24, 20066.857 Lecture 24, 2006

OutlineOutline

• Motivation: Biometric ArchitecturesMotivation: Biometric Architectures

• New Tool (for us): Error Correcting New Tool (for us): Error Correcting CodesCodes

• Fuzzy VaultsFuzzy Vaults

• Fuzzy CommitmentsFuzzy Commitments

• Fuzzy ExtractorsFuzzy Extractors

Biometrics via…Biometrics via…

• Individual anatomy/physiologyIndividual anatomy/physiology– Hand geometryHand geometry– fingerprintfingerprint

• Ingrained skill/behavioral Ingrained skill/behavioral characteristiccharacteristic– Handwritten signatureHandwritten signature

• CombinationCombination– VoiceVoice– Body OdorBody Odor

Biometric ArchitecturesBiometric Architectures

• Analyze to get set of features Analyze to get set of features characterizing the biometric characterizing the biometric – (generally known as (generally known as templatestemplates, or in the , or in the

fingerprint case, fingerprint case, minutiaeminutiae).).

RegistrationRegistration

Questions (Discuss!)Questions (Discuss!)

• How is the template protected?How is the template protected?– How are passwords protected?How are passwords protected?

• Where is the match performed?Where is the match performed?– Server sideServer side– Client side Client side – On deviceOn device

• How is the match performed?How is the match performed?

Let’s think…Let’s think…

• HASH!HASH!

• ENCRYPT!ENCRYPT!

• SS!SS!

• ECC! (???)ECC! (???)– Error Correcting CodesError Correcting Codes

ECCs- Error Correcting ECCs- Error Correcting CodesCodes

ECCsECCs

• Noisy medium, probability Noisy medium, probability pp that any bit that any bit will be flipped.will be flipped.

• How to improve reliability?How to improve reliability?• E.g. repetition codes: E.g. repetition codes:

– Encoding: repeat each bit of message Encoding: repeat each bit of message dd (odd) (odd) times to get codewordtimes to get codeword

– Send over mediumSend over medium– Decoding: take majority vote to decode Decoding: take majority vote to decode

(garbled) codeword back into message(garbled) codeword back into message– Resilient against (Resilient against (dd-1)/2 errors-1)/2 errors

ECCsECCs

E.g. Reed Solomon codesE.g. Reed Solomon codes

• Invented in the 60s at the Lincoln Invented in the 60s at the Lincoln LabLab

• Used in CD/DVDsUsed in CD/DVDs

• Can be viewed as a general, error-Can be viewed as a general, error-tolerant form of SSS.tolerant form of SSS.

Fuzzy Vaults: GoalFuzzy Vaults: Goal

• Alice places a secret Alice places a secret SS in a vault and in a vault and locks it using an unordered set locks it using an unordered set AA (e.g. minutiae of fingerprint)(e.g. minutiae of fingerprint)

• Bob uses an unordered set Bob uses an unordered set BB to to unlock the vault (and thus access unlock the vault (and thus access SS): ): successful iff successful iff BB and and AA overlap overlap substantially.substantially.

Fuzzy Vaults: HowFuzzy Vaults: How

• Locking the vault:Locking the vault:– Alice selects poly Alice selects poly p(x),p(x), encoding encoding S S– Computes poly projections Computes poly projections p(A)p(A)– Adds randomly gen-ed chaff points to get point set Adds randomly gen-ed chaff points to get point set RR

• Unlocking the vault:Unlocking the vault:– Bob uses his own set Bob uses his own set BB– If If BB and and AA are similar, many points of are similar, many points of RR will lie on will lie on p p

• Using error correction, he can reconstruct Using error correction, he can reconstruct pp and hence and hence S S..

• Security: information theoreticalSecurity: information theoretical

So…So…

• Fingerprint features not stored in Fingerprint features not stored in clearclear

• .. but in fuzzy vaults.. but in fuzzy vaults

• .. which can be stored in some .. which can be stored in some directory and unlocked on clientdirectory and unlocked on client

FV prosFV pros

• Provable security characterizationProvable security characterization

• No need for:No need for:– ServerServer– DeviceDevice

• All the benefits of secure, client side All the benefits of secure, client side match.match.

Where to buy?Where to buy?

• Still a research concept (RSA Still a research concept (RSA Labs/MIT/..)Labs/MIT/..)

• Validated in early prototypeValidated in early prototype

Other Fuzzy Vault Other Fuzzy Vault ApplicationsApplications

• Privacy protected similar interests Privacy protected similar interests matching…matching…

• Personal entropy systems…Personal entropy systems…

Fuzzy Commitment SchemeFuzzy Commitment Scheme

• Let Let FF := some field, := some field, CC := set of codewords := set of codewords for some ECC. Say codewords lie in for some ECC. Say codewords lie in F F nn. . Say that we have RO, Say that we have RO, hh..

• To commit to To commit to xx in in F F nn, , cc RR F F nn, , dd c-xc-x. . commitment = (commitment = (dd,,h(c)h(c)))

• To decommit using To decommit using xx’, compute ’, compute d+xd+x’, and ’, and try to decode to nearest codeword try to decode to nearest codeword cc’. ’.

Fuzzy ExtractorsFuzzy Extractors

• Turn noisy information into keys Turn noisy information into keys usable for any cryptographic usable for any cryptographic applicationapplication

• Reliably and securely authenticate Reliably and securely authenticate biometric databiometric data

• Applies to any keying material that Applies to any keying material that (unlike traditional crypto keys) is:(unlike traditional crypto keys) is:– Not reproducible preciselyNot reproducible precisely– Not distributed randomlyNot distributed randomly

ReferencesReferences

• Security Engineering, Chapter 13, by Ross Security Engineering, Chapter 13, by Ross Anderson.Anderson.

• A Fuzzy Vault Scheme, by A. Juels and M. Sudan.A Fuzzy Vault Scheme, by A. Juels and M. Sudan.

• Fuzzy Vault for Fingerprints, by U. Uludag, S. Fuzzy Vault for Fingerprints, by U. Uludag, S. Pankanti, A. K. Jain.Pankanti, A. K. Jain.

• Fuzzy Extractors: How to Generate Strong Keys Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data, by Y. from Biometrics and Other Noisy Data, by Y. Dodis, R. Ostrovsky, L. Reyzin and A. Smith.Dodis, R. Ostrovsky, L. Reyzin and A. Smith.

• And their presentation versions…And their presentation versions…