for Noisy Data Cryptographic Tools -...

NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010

1

Cryptographic Tools

for Noisy Data

Adam Smith

Pennsylvania State University


What are “cryptographic tools”?

• Cryptography remarkably successful at securing

communication channels (e.g. SSL)

• More generally: securing computation

Encryption usually protects data but makes it “inert”

Since early 1980’s: secrecy and utility (trade-off?)

• What is crypto’s role in (research on) biometric systems?

Change the design space, e.g.

• “Fuzzy” cryptography

• Secure function evaluation

• Noise-tolerant searchable encryption

• Anonymization for statistical databases

Help making “science” of biometrics: abstraction, models 2


“Fuzzy” cryptography

• Tools for dealing with biometrics as secrets or keys

Noisy!

Not uniformly random

Not easily revocable

• 10 fingers, 2 eyes, 1 mother’s maiden name

Not exactly secret

• Example: fuzzy extractors

Dodis et al., 2004

Building on work by Juels

and many others

3

? =


4

Authentication

Alice Server “How do I know

you’re Alice”?

Solution #1: Store a copy on server

Problem: Password in the Clear

?


5

Authentication

Alice “How do I know

you’re Alice”?

Solution #2: Store a hash of password

Problem: No Error Tolerance

H( ) Server

? = H( ) H( )


6

General Tool: Fuzzy Extractor

1. Error-correction: If x’ is “close” to x, then recover R

2. Secrecy: Given only P(x), the key R(x) looks random

Goals: - Maximize tolerance: how “far” x’ can be from x

- Maximize length of key R(x)

… given assumptions about x

Recover x’

P(x) R(x)

x P(x)

FE R(x)

safe to release

key


7

General Tool: Fuzzy Extractor

1. Error-correction: If x’ is “close” to x, then recover R

2. Secrecy: Given only P(x), the key R(x) looks random

Goals: - Maximize tolerance: how “far” x’ can be from x

- Maximize length of key R(x)

… given assumptions about x

Recover x’

P(x) R(x)

x P(x)

FE R(x)

safe to release

key

• What does “far” mean?

• What does attacker know

about x?


8

Fuzzy Extractors and Authentication “How do I know

you’re Alice”?

x’=

x =

P(x), Hash(x)

• Given assumptions about x,

system is as secure as with regular passwords

Analysis

Recover

Hash

? =

Alice Server

R(x)


9

What kinds of assumptions?

• X a random variable on {0,1}n

• Probability of predicting X = maxx Pr[X = x]

• There are various ways to measure entropy

• Min-entropy: H (X) = -log2 (maxx Pr[X=x])

• Uniform on {0,1}n : H (Un) = n

• “ Password has min-entropy t ” means that adversary’s

probability of guessing the password is 2-t

• Passwords had better have high entropy!


Designing “fuzzy extractors”

• Building block: “secure sketch”

Short string S(x) (much shorter than x)

that allows recovery for x’ “close to” x

• Need to specify what we

mean by “close”

Current tools work for

mathematically clean

distance functions

• Research: using clean functions or finding new sketches

Only partly answered in literature

10

x S(x)

x’


“Fuzzy” cryptography

• Other tools: noise-tolerance integrated into

Encryption using biometrics as “keys”

Remote authentication

[lots of literature…]

• Features

clean abstraction

rigorous analysis of security leads to clear formulation of

assumptions about attack model

• Of course, you may realize that assumptions are false!

11


Secure Function Evaluation

• Alice and Bob want to jointly compute some function f

without leaking anything to each other about x or y, e.g.

y is a data base of biometric templates

x is a measurement

f(x,y) = does there exist a matching template in the database?

• Started out inefficient (1980’s), now better [e.g., “Fairplay”]

Efficient implementations requires tailored protocols

12

Alice Bob x y

f(x,y)


Noise-tolerant searchable encryption

• Functional encryption: Alice can delegate

partial decryption abilities to Bob

e.g. delegate ability to check proximity according to a well-

defined metric

• Powerful tool!

Devil is in the details: what functionality should we delegate?

how do we measure proximity? who keeps the master key? 13

Alice

Bob

master

sk

pk

delegated

ska

Encryptionpk(b)

Is a close to b?


Crypto’s role in (research on) biometrics

• Change the design space

Very powerful, general tools

“Anything that doesn’t have inherent contradictions, you can

do” (G. Itkis)

• Abstraction, modeling

What are the (implicit) assumptions?

• One issue:

People who

understand

biometrics

People who

understand

crypto

?


Questions ?

15

for you


Questions for you

• Are the assumptions that cryptographers make reasonable?

Clearly, not always. But identifying flawed assumptions is progress.

• How should crypto influence design space?

• How can get different scientific communities to interact?

Well-defined challenges?

Common data sets?

• Ethical considerations?

Scalability of these tools raises new concerns

Should we think before we build? [ rhetorical question.]

16

Date post:	19-May-2018
Category:	Documents
Upload:	buituyen
View:	216 times
Download:	2 times

for Noisy Data Cryptographic Tools -...

Documents