Colloque « Télécommunications- réseaux du futur et services

Transcription

Colloque « Télécommunicationsréseaux du futur et services »
BIOTYFUL – BIOmetrics and
crypTographY for Fair aUthentication
Licensing (ANR-06-TCOM-018)
Présentation: Dijana.petrovska
Telecom Sudparis
Colloque « Télécommunications – réseaux du futur et services » - Rennes du 6 au 8 décembre 2010, projet BIOTYFUL
Rappel – Biométrie
Biométrie: Reconnaitre automatiquement une personne en
se basant sur ses caractéristiques physiologiques ou
comportementales (ex: empreinte, iris, paume main, visage, voix)
Template
Capture
Processing
Enrollment
Recognition
Create
template
Database
Comparison
Success /
Failure
Threshold
2
Rappel – Cryptographie
Cryptographie: comment cacher l’information
Plaintext
Encryption
(ABCD)
Encryption key
Cipher text
(æªë®¼ö)
Plaintext
Decryption
(ABCD)
Decryption key
• Crypto
– Symétrique
– Asymétrique
• Les clefs crypto sont essentielles, et il faut les
garder secrètes
3
Points faibles de la biométrie
• Les « templates-gabarit» manquent de diversité
– Avec une biométrie, on génère des gabarits similaires par
personne
– Si utilisées dans des applications différentes, on peut faire
du « cross matching », avec atteinte possible à notre vie
privée
• A partir des « templates-gabarit» on peut synthétiser des
fausses données biométriques
• Imposture possible
• Les « templates-gabarit» manquent de révocabilité
– si données compromises, on ne peut plus les utiliser
• Les gestionnaires des applications peuvent faire du « crossmatching » : atteinte a notre vie privée
4
Vulnérabilités en Crypto
• Lien faible entre les clefs crypto et la personne
– Les mots de passe et « tokens » sont facilement cédés ou
perdues
– Répudiation possible
• On a besoin de tiers de confiance
– Crypto symétrique: canal sécurisé pour partager la clef
– Crypto asymétrique:
• pour l’autheniticé de la clefs publique – certificats
5
Solution: Crypto-biométrie
Combiner biométrie et crypto: domaine émergent (1998) pour
palier les défauts
Nouvelles caractéristiques:
– Révocabilité
– Diversité des gabarit
– Protection de la vie privée
– Lien fort entre identité et clefs crypto
« Télécommunications – réseaux du futurBIOTYFUL
et services » - Rennes du 6 au 8 décembre
2010, projet2010
BIOTYFUL
7 December
DijanaColloque
Petrovska
6
BIOTYFUL – consortium
Projet type intégration, Kick-off meeting 9/03/2007 (36mois)
–
–
–
–
Coordination initiale Loic Juniot (France Télécom R&D).
ATMEL
Télécom SudParis TSP (ex GET-INT) : Intermedia et RS2M
GREYC Labo (ENSICAEN)
• Collaboration : Etat de l’art sur le nouveau domaine de le
crypto-biométrie
• Retrait de France Télécom et ATMEL: pas d’intégration
possible dans un démonstrateur industriel
• GREYC a continué de travaillé sur des solutions pour
améliorer les performances biométriques
7
BIOTYFUL – consortium, suite
TSP
• solutions innovantes de biométrie révocable et regénération de clefs crypto-bio
• nouvelle solution pour authentification avec biométrie
des ePasseport
• proposition de nouveau protocole
BIOTYFUL – Contributions –
Etat de l’art
• Domaine émergent: pas de consensus sur
les noms des nouveaux systèmes
proposés
• Nouvelle proposition pour la classification
de systèmes qui combinent biométrie et
crypto
9
BIOTYFUL : New Taxonomy for
Crypto-biometric Systems
Crypto-biometric systems
Protection of biometric data
Obtaining cryptographic keys using biometrics
(adds revocability, template
diversity, and privacy protection to
classical biometric systems)
(keys that are strongly linked to user identity are
obtained; optionally, it can have revocability,
template diversity, and privacy protection)
Classical
encryption of
biometrics data
Transformation
based
cancelable
biometrics
(e.g.,
BioHashing,
Biotokens)
Conventional solution
Cryptographic
key release
(e.g.,
Windows
biometric
framework)
Cryptographic
key
generation
(e.g.,
password
hardening)
Cryptographic
key
regeneration
(e.g., fuzzy
vault, fuzzy
commitment)
BIOTYFUL contributions
10
BIOTYFUL objectif: re-géneration de
clefs crypto-bio
Password
Enrollment
Revocable
template and
protected data
Key
regeneration
Verification
result and key
Password
• Symbiotic use of biometric information and password
• Implementation steps
– 1) biometrie revocable
– 2) système hybride: biometrie revocable et key-binding
11
ETAPE 1): Biométrie revocable avec
permutations
Shuffling key
Data to be shuffled
(feature vector)
Shuffled
Block1
data
1
0
1
1
0
0
1
Block1
Block2
Block3
Block4
Block5
Block6
Block7
Block3
Block4
Block7
Block2
Block5
Block6
Concatenate
• The biometric feature vector is divided into blocks
• These blocks are aligned with the shuffling key bits
• If a bit in the key is 1, the corresponding block is copied into Part-1;
otherwise in Part-2
• The concatenation of Part-1 and Part-2 gives the shuffled biometric
data
12
Etape 1): Propriétés du schéma de
permutation des données biometriques
• Shuffled data is revocable
• Template diversity: different templates for different
applications; no cross database matching, tracking
• Improvement in verification performance
– Increases only impostor Hamming distances; genuine
hamming distances remain unchanged
• Protection against stolen biometric data
• Privacy protection
– Biometric data cannot be recovered from the template; so
no misuse by reconstruction, e.g., fake fingers
13
Validation
• Systèmes biométriques requirent des
validations à différents nivaux:
– Technologiques (validité sur des bases
publiques et representatives)
– Scenario
– Opérationnels
Etape 1) Validation de la techno
proposée avec biometrie iris
• For iris, (US) NIST-ICE database for evaluation
– ICE-Exp1: comparison between right irises
• 12,214 genuine and 1,002,386 impostor comparisons
15
Etape 1: bio-revocable : validation de la
techno proposée avec biométrie visage
• For face: Subset of (US) NIST-FRGCv2 database
• Two experiments:
– FRGC-Exp1* - controlled vs controlled (matched conditions)
– FRGC-Exp4* - controlled vs uncontrolled (unmatched
conditions)
16
Resultats - performances biometriques
ICE-Exp1
FRGC-Exp4*
Before shuffling
(baseline)
After shuffling
(baseline)
Better separation
between genuine and impostors
17
Resultats - performances biométriques, suite
Random impostures with
• Baseline – baseline biometric system
• Cancelable – baseline biometric system+shuffling
• Stolen biometric scenario– security scenario when biometric data are
stolen for all subjects
• Stolen key scenario – security scenario when shuffling key is stolen
Results are in terms of EER in % ( should be 0%)
Experiment
ICE-Exp1
FRGC-Exp1*
FRGC-Exp4*
Baseline
1.71 [±0.11]
7.65 [±0.40]
35.00 [±0.68]
Cancelable
0.23 [±0.04]
0
0
Stolen biometric
0.27 [±0.08]
0
0
Stolen key
1.71 [±0.11]
7.65 [±0.40]
35.00 [±0.68]
18
Comparison with State of the ArtCancelable Biometrics
• Generally, performance degrades compared to baseline system
– E.g., Non-invertible transformations
• In some cases, it remains equal to baseline
– E.g., Cancelable filters
• In others, it improves
– E.g., BioHashing, Biotoken: For these systems, in stolen key
scenario, performance degrades than baseline
• For the proposed system, performance compared to the baseline
system improves random impostor scenario, and remains the
same in stolen key scenario
19
Etape 2: Cryptographic Key Regeneration
using Biometrics
• Goal: User specific long keys with high entropy
• Hybrid scheme: combines the proposed shuffling based
cancelable biometric scheme with the existing fuzzy commitment
based key regeneration scheme
• The shuffling based cancelable biometric scheme is
applied on the biometric data to induce revocability,
template diversity, and privacy protection
• Fuzzy commitment concept used for key regeneration
20
Cryptographic Key Regeneration Using
Biometrics – Schematic Diagram
Virtual noisy
communication channel
Kr
Level 2
encoder
Level 1
encoder
Shuffling key
ps
XO
R
Template
(lock , H(Kr) )
’ref
XO
R
’ps
’test
Shuffling scheme
Shuffling scheme
Reference biometric data
Test biometric data
ref
Level 1
decoder
Level 2
decoder
Kr ’
Shuffling key
test
21
Adaptation pour l’Iris et le visage
• Iris: Hadamard codes as Level-1 ECC and Reed-Solomon codes as
Level-2 ECC
• Face FRGC-Exp1*: BCH codes as Level-1 ECC and Reed-Solomon codes
as Level-2 ECC
• Face FRGC-Exp4*: Hadamard codes as Level-1 ECC and Reed-Solomon
codes as Level-2 ECC
ts
Iris results
FRR
198
0.055
1.04
83
15
186
0.096
0.76
83
FRGC-Exp1*
FAR
FRR
3
126
0
5
98
0
Face results
FAR
Entropy
(bits)
14
Key
Length
(bits)
ts
ICE-Exp-1
Key Length
(bits)
Entropy
(bits)
ts
5.60
112
3
2.63
98
4
Key
Length
FRGC-Exp4*
Entropy
(bits)
FAR
FRR
406
0
38.40
110
392
0
24.07
110
22
Comparison with State of Art:
crypto-bio keys
Results
Entropy
(in bits)
Ref.
Technique
Modality
Database
FAR (in
%)
FRR (in
%)
Clancy et al.,
2003
Fuzzy vault
Fingerprint
-
-
-
Uludag et al.,
2006
Fuzzy vault
Fingerprint
FVC-2002
0
20
Hao et al.,
2006
Fuzzy commitment
Iris
Proprietary
0
0.47
44
Bringer et
al., 2007
Fuzzy commitment
Iris
NIST-ICE
10-5
5.62
-
Nandakumar
et al., 2007
Fuzzy vault
Fingerprint
FVC-2002
0
9
-
Maiorana et
al., 2008
Adaptive fuzzy
commitment
Online
signature
-
17
17
-
BIOTYFUL
Cancelable + Fuzzy
commitment
Iris
NIST-ICE
0.096
0.76
83
BIOTYFUL
Cancelable + Fuzzy
commitment
Face
NIST-FRGCv2
0
5.60
112
69
-
23
BIOTYFUL : applications
Comment utiliser les clefs crypto-bio ?
• Génération et partage de clefs crypto-bio
spécifiques pour chaque session
• ePasseport : authentication biométrique
avec courbes elliptiques
24
Proposed Session Key Generation
and Sharing Protocol
Client
Shuffling key Ksh
Server
Authentication request
Request accept
Capture fresh biometric data
test and shuffle it with Ksh as
’canc = shuf(test ,Ksh)
Database
stored cancelable
template canc
User ID
Randomly generate a key Kr
and create locked code lock
as lock = E(Kr,canc)
Locked codelock
and H(H(Kr))
Regenerate the key K’r as
K’r = E-1(’canc ,lock)
If H(H(Kr))=H(H(K’r))
•
Generic protocol
•
Secure generation
and sharing of cryptobiometric session
keys
•
Strong link between
user’s identity and his
cryptographic keys
•
No transfer of
biometric data,
shuffling key, or
stored template
•
Mutual authentication
between client and
server
•
No need of third party
certificates
H(K’r)
If H(Kr)=H(K’r),
Kr=K’r
Start secure communication using
key Kr
25
Application Scenario: Biometrics Based
ePassport Authentication
Electronic Passports (2004)
Personal Data & Photo
Fingerprint
Iris Scan
The capacity of an RFID chip is 64 kilobytes
Biometry is used more and more in security
26
ICAO standard for ePassport

ICAO standard for ePassport (2004)
 Mandatory

 Passive Authentication (authenticity of data)
Optional
 Active Authentication (authenticity of chip)
• Inadequate data protection and some weaknesses
related to privacy protection
• May use classical biometric system for user
verification
27
Proposal: Biometrics Based ePassport
Authentication
• Stable bit-strings obtained from iris images (crypto-bio keys)
are used to generate elliptic curve parameters needed for
authentication
• 3 phases:
– Initialization (Enrollment) Phase
– Inspection System (IS) Authentication
– ePassport bearer’s Authentication
• Experimental evaluation carried out on publicly available
NIST-ICE database
28
ePassport Authentication
Mutual
Authentication
Inspection
System (IS)
Certificate
verification
Document
Verifier (DV)
ePassport
• On-line authentication mechanism based on Elliptic
Curve Diffie-Hellman Key Agreement Protocol
• ePassport bearer’s Authentication
regeneration (from biometrics)
based on key
29
Dissemination et valorization
• URL : http://webspace.it-sudparis.eu/~petrovs/biotyful/
• Publications:
•
•
•
•
•
1 revue
8 confs internationales (BTAS, CVPR, IWSCN, BSYM)
4 confs FR (WISG 2010, GRETSI 2009, RFIA 2010)
Chapitre livre en préparation (Springer, 2011)
2 theses soutenues
• 1 Brevet : Procédé de Vérification de l'Identité d'un
Individu Avec des Codes Correcteurs d'Erreurs, Brevet
PR88357 Français, déposé en Juin 2009
• Demo à CeBiT 2009 et Colloque VERSO– BIOTYFUL
crypto-bio key regeneration with iris images
• Montage de projets Européens (2 soumis à FP7)
30
Conclusions
• Relatively new field; confusing use of terms
• New classification of crypto-biometric systems:
– Considering biometric template protection as well as cryptographic
applications
• The proposed shuffling scheme makes the biometric data
random, which helps in increasing the entropy; more than
80% reduction in EER
• Revocability and template diversity properties are added to
the biometric system
• Privacy protection:
– Identity privacy, biometric data privacy, and information privacy
31
Conclusions
… continued
• Proposed a Hybrid key regeneration system combining the
shuffling based cancelable biometric system with fuzzy
commitment based key regeneration system
– Evaluated on two modalities:
• Iris – keys with 83 to 93 bit entropy
• Face – keys with 110 to 112 bit entropy
• Maximum 69-bits in literature
• Generic protocol for biometrics based session key
generation and sharing
• Biometrics based ePassport authentication protocol
increases security
32
Perspectives
• Recherche d’intagrateurs pour:
– Shuffling based cancelable scheme can easily be integrated into
biometric systems
– Regenerated crypto-keys are long enough for cryptographic
applications
– Biometrics based session-key sharing protocol can find wide
applications
• Has a potential to replace the existing key sharing protocols
• Travail avec des biométries moins intrusives (audio-video)
33
Thank you !
BIOTYFUL: Autres contributions
• Multi-biometrics Based Key Regeneration Scheme
– Novel technique denoted as FeaLingECc (Feature Level
Fusion through Weighted Error Correction)
– Maximum entropy of keys:
• Two iris system: 189-bits
• Iris-Face system: 183-bits
35
Theoretical Security Estimation
• Two approaches:
– Provide biometric data and shuffling key separately
– Provide the shuffled biometric data
• Need to estimate the number of degrees of freedom (N) in
the biometric data
• Use sphere packing bound as suggested by Hao et al;
2N
Entropy H  log 2
bits
N
 
P 
Initialization Phase
User enrolls iris
data
The Document Verifier (DV) generates
the elliptic curve E and saves into
user’s database: ID, locked code,
shuffling key, H1(K) and the elliptic
curve parameters: p, A, B , P.
Here K indicate the key obtained from
the key regeneration system
User
e-Passport contains :
ID,
Locked code,
Shuffling key,
Hash value H1(K),
Elliptic curve parameters: p, A, B , P.
Experimental Evaluation for
ePassport
• Subset of NIST-ICE publicly available iris database
• ts is the error correction capacity of the ReedSolomon codes
ts
FAR (in %)
FRR (in %)
10
0.01
5.26
15
0.2
3.6

Colloque « Télécommunications- réseaux du futur et services

Transcription

Documents pareils

Fiche d`inscription

NORMANDIE, HARAS A VENDRE SUR 37 HECTARE Réf : 00790VH

rennes - SAPENE IMMOBILIER

Mercredi 25 Mars 2015 à 10:00

SENSIBILISATION A L`ARCHITECTURE POUR TOUS PUBLICS

affiche forum emploi Rennes

Maison des associations rennes

Mieux comprendre les addictions et s`en libérer

initialbtb-agent de blanchisserie

FORMATIONS FLEURISTES