Biometric Security

Pieter.Hartel@utwente.nl

IIS2

Problem

People use weak passwords

People write the pin code on their bank card

Biometrics cannot be “forgotten” and you do not have to “think of it”

IIS3

Personal Identification

Associating an individual with an identity: Something you have

» Token, smart card

Something you know» Password, pin

Something you are:» Physiological» Behavioural

IIS4

Forms of Identification

Authentication (aka Verification)» Am I who a claim to be?

Recognition (aka Identification)» Who am I?

» Harder than Authentication (why?)

IIS5

Physiological or Behavioural?

[Jai00] A. K. Jain, L. Hong, and S. Pankanti. Biometric identification. Commun. ACM, 43(2):90-98, Feb 2000. http://doi.acm.org/10.1145/328236.328110

Sample Application Areas

Forensic Civilian Commercial

Criminal investigation

National ID ATM (India), POS (AH)

Corpse identification Driver's license

(Oklahoma)

Credit card

(Singapore)

Parenthood determination

Welfare disbursement

Laptop login

IIS6

IIS7

Verification

Verification is easier than identification…

IIS8

Two examples

Hand geometry

Fingerprint

IIS9

Hand Geometry (Hand Key)

IIS10

Measure your Right hand

IIS11

FBI classification

What is your right hand index finger?

Arch Whorl Loop Accidental

IIS12

Fingerprint matching

Ridge thinning & extraction

Minutiae (bifurcation, end point) detection

Ridge based alignment & overlaying

IIS13

Desired Characteristics

Biometric» Universal» Unique» Permanent» Collectable

System» Performance» Acceptability» Circumvention

[Put00] T. van der Putte and J. Keuning. Biometrical fingerprint recognition: Don't get your fingers burned. In 4th Int. IFIP wg 8.8 Conf. Smart card research and advanced application (CARDIS), pages 289-303, Bristol, UK, Sep 2000. Kluwer Academic Publishers, Boston, Massachusetts. http://www.keuning.com/biometry/Biometrical_Fingerprint_Recognition.pdf

Watch this video

Some Comparisons

Biome-trics

Univer-sality

Unique-ness

Perma-nence

Collec-tability

Perfor-mance

Accep-tability

Circum-vention

Face high low med. high low high low

Finger

print

med. high high med. high med. high

Hand Geo-metry

med. med. med. high med. med. med.

Iris high high high med. high low high

Signa-ture

low low low high low high low

Voice Print

med. low low med. low high low

IIS14

Biometrics is not perfect

High False Accept rate is bad for high security applications -- dangerous

High False Reject rate is bad for high usability applications -- annoying

accept reject

Alice is recognised as Alice true

Bob is recognised as Alice false

Alice is not recognised as Alice false

Bob is not recognised as Alice true

IIS15

IIS16

Receiver Operating Characteristics

Low False Reject Rate HighLow

Fals

e A

ccep

t R

ate

H

igh

Security

IIS18

Attacks

How many templates do you have?

IIS19

Template protection

Requirements» Diversity (no cross matching of data bases for privacy)

» Revocability (easy to replace template)

» Security (hard to obtain the original)

» Performance (matching must be robust)

Why does encryption not work?

Two examples» Non-invertible transforms

» Fuzzy commitment

[Jai08] A. K. Jain, K. Nandakumar, and A. Nagar. Biometric template security. EURASIP Journal on Advances in Signal Processing, 2008:579416, 2008.

http://dx.doi.org/10.1155/2008/579416

IIS20

Non invertible transform

User specific transformation (revocability)

Locally smooth translation outside mather tolerance (performance)

Globally non smooth (security)

[Rat06] N. Ratha, J. Connell, R. M. Bolle, and S. Chikkerur. Cancelable biometrics: A case study in fingerprints. In 18th Int. Conf. on Pattern Recognition (ICPR), volume 4, pages 370-373, Honkong, China, Aug 2006. IEEE Computer Society. http://dx.doi.org/10.1109/ICPR.2006.353

“crumple”

IIS21

Example

Fuzzy commitment

Idea» Use biometric template : x

» As a corrupted code word : c = x-δ

The commitment is» Hash code word for security : h(c)

» Leave distance in clear for fuzziness : δ

Verification» Measure : x’» Compute: c’ = decode (x’- δ)

» Match if h(c’) = h(c)[Jue99a] A. Juels and M. Wattenberg. A fuzzy commitment scheme. In 6th ACM conf. on Computer and communications security (CCS), pages 28-36, Kent Ridge Digital Labs, Singapore, 1999. ACM. http://doi.acm.org/10.1145/319709.319714

100 200

100

2

00

3

00

x x’

c

δ

δ

c’?c’?

Template protection application

[Buh07] I. R. Buhan, J. M. Doumen, P. H. Hartel, and R. N. J. Veldhuis. Secure ad-hoc pairing with biometrics: SAfE. In 1st Int. Workshop on Security for Spontaneous Interaction (Ubicomp 2007 Workshop Proceedings), pages 450-456, Innsbruck, Austria, Sep 2007. http://www.comp.lancs.ac.uk/iwssi2007/papers/iwssi2007-02.pdf

IIS23

Secure ad-hoc pairing

Suppose two people meet» Who have never met before

» There is no TTP and/or they are not online

» They are not technical

» They would like to exchange data

» Concerned about eavesdropper

How to do this?» Biometrics

» Shielding function as fuzzy extractor

» Protocol with novel “related key attack”

IIS24

Idea: Take each other’s photo

ma=0110... mb=1101...

wa wb

mb=decode( , )Alice has ma,mb

ma=decode( , )Bob has ma,mb

Enroll-ment

Verifi-cation

wb wa

radio

IIS25

Coping with noise

Problem:

» Alice gets m’b close to mb but not the same

» The same for Bob...

Solution:» During enrollment calculate error profiles

» Cryptanalysis using those profiles to recover the correct key

» More work for eavesdropper

IIS29

Usability

Compare Pin to SAFE

30 subjects: questionnaire + interview

Mainly CS

Results

IIS30

Conclusions

Identification or verification Complements password and

token Systems getting affordable Biggest problems:

» Performance» Public acceptance

Biometrics is fun