Biometric Security

1
Biometric Security

• Pieter.Hartel_at_utwente.nl

2
Problem

• Cost of fraud is rising, billions of each year
• People use weak passwords
• People write the pin code on their bank card
• Biometrics cannot be forgotten and you do not
  have to think of it

3
Personal Identification

• Associating an individual with an identity
• Something you have
• Token, smart card
• Something you know
• Password, pin
• Something you are
• Physiological
• Behavioural

4
Forms of Identification

• Authentication (aka Verification)
• Am I who a claim to be?
• Recognition (aka Identification)
• Who am I?
• Harder than Authentication

5
Physiological or Behavioural?
Jai00 A. K. Jain, L. Hong, and S. Pankanti.
Biometric identification. Commun. ACM,
43(2)90-98, Feb 2000. http//doi.acm.org/10.1145/
328236.328110
6
Sample Application Areas
7
Verification (Identif. is hard)

• Verification is easier than identification

8
Two examples

• Hand geometry
• Fingerprint

9
Hand Geometry (Hand Key)
10
Measure your Right hand
11
FBI classification
Arch Whorl Loop
Accidental

• What is your right hand index finger?

12
Fingerprint matching

• Ridge thinning extraction
• Minutiae (bifurcation, end point) detection
• Ridge based alignment overlaying

13
Desired Characteristics

• Biometric
• Universal
• Unique
• Permanent
• Collectable
• System
• Performance
• Acceptability
• Circumvention

Watch this video
Put00 T. van der Putte and J. Keuning.
Biometrical fingerprint recognition Don't get
your fingers burned. In J. Domingo-Ferrer, D.
Chan, and A. Watson, editors, 4th Int. IFIP wg
8.8 Conf. Smart card research and advanced
application (CARDIS), pages 289-303, Bristol, UK,
Sep 2000. Kluwer Academic Publishers, Boston,
Massachusetts. http//www.keuning.com/biometry/Bio
metrical_Fingerprint_Recognition.pdf
14
Some Comparisons
15
Biometrics is not perfect

• High False Accept rate is bad for high security
  applications -- dangerous
• High False Reject rate is bad for high usability
  applications -- annoying

16
Receiver Operating Characteristics
Low False Accept Rate High
Low False Reject Rate High
17
Security
18
Attacks

• How many templates do you have?

19
Template protection

• Requirements
• Diversity (no cross matching for privacy)
• Revocability
• Security (hard to obtain the original)
• Performance (matching must be robust)
• Challenges
• Intra user variability
• Why does encryption not work?

Jai08 A. K. Jain, K. Nandakumar, and A. Nagar.
Biometric template security. EURASIP Journal on
Advances in Signal Processing, 2008579416, 2008.
http//dx.doi.org/10.1155/2008/579416
20
Template protection
Template protection
Standard matching
Error correction
Feature Transform.
Helper data must not leak
Salting w. secret key
Computationally Hard invertible Transform
Key binding
Key generation
F(T,K)?F(Q,K)
21
Non invertible functional transform
crumple

• Translation outside tolerance matcher
  (effectiveness)
• Locally smooth (robustness)
• Globally non smooth (security)

Rat06 N. Ratha, J. Connell, R. M. Bolle, and S.
Chikkerur. Cancelable biometrics A case study in
fingerprints. In 18th Int. Conf. on Pattern
Recognition (ICPR), volume 4, pages 370-373,
Honkong, China, Aug 2006. IEEE Computer Society.
http//dx.doi.org/10.1109/ICPR.2006.353
22
Fuzzy commitment
Example

• Idea
• Use biometric template x
• As a corrupted code word c x-d
• The commitment is
• Hash code word for security h(c)
• Leave distance in clear for fuzziness d
• Verification
• Measure x
• Compute c decode (x- d)
• Match if h(c) h(c)

x x
d
d
100 200 300
c
c?
c?
100 200
Jue99a A. Juels and M. Wattenberg. A fuzzy
commitment scheme. In 6th ACM conf. on Computer
and communications security (CCS), pages 28-36,
Kent Ridge Digital Labs, Singapore, 1999. ACM.
http//doi.acm.org/10.1145/319709.319714
23
Template protection application
Buh07 I. R. Buhan, J. M. Doumen, P. H. Hartel,
and R. N. J. Veldhuis. Secure ad-hoc pairing with
biometrics SAfE. In 1st Int. Workshop on
Security for Spontaneous Interaction (Ubicomp
2007 Workshop Proceedings), pages 450-456,
Innsbruck, Austria, Sep 2007. http//www.comp.lanc
s.ac.uk/iwssi2007/papers/iwssi2007-02.pdf
24
Secure ad-hoc pairing

• Suppose two people meet
• Who have never met before
• There is no TTP and/or they are not online
• They are not technical
• They would like to exchange data
• Concerned about eavesdropper
• How to do this?
• Biometrics
• Shielding function as fuzzy extractor
• Protocol with novel related key attack

25
Idea Take each others photo
Enroll- ment
ma0110...
mb1101...
wa
wb
radio
mbdecode( , ) Alice has ma,mb
Verifi- cation
madecode( , ) Bob has ma,mb
26
Coping with noise

• Problem
• Alice gets mb close to mb but not the same
• The same for Bob...
• Solution
• During enrollment calculate error profiles
• Cryptanalysis using those profiles to recover the
  correct key
• More work for eavesdropper

27
Fuzzy extractor
Template tt1...tn
Bits m0,1,1..
Measurm. tt1..tn
Pos. w1,3,7
Pos. w1,3,7...
Bits m...
(Rep)
(Gen)

• (Tuyls) Reliable components wrt the imposter mean
  µ and security parameter s
• (Gen) Take s measurements of template tt1...tn
• For every component ti set mi (tiltµi ? 0 1 )
• Use mi only if all s measurements yield same
  result
• Public sketch w records positions of reliable
  components
• (Rep) Measure tt1...tn
• For every reliable component set mi (tiltµi ?
  0 1 )
• Match if mm

28
Genuine and imposter distributions
29
Safe Protocol
Alice
Bob
30
Usability

• Compare Pin to SAFE
• 30 subjects questionnaire interview
• Mainly CS
• Results

31
Conclusions

• Identification or verification
• Complements password and token
• Systems getting affordable
• Biggest problems
• Performance
• Public acceptance
• Biometrics is fun