Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Ā
Testimonianza di Alessandro Tommasi presentation biosig
1. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Biometric Signature Veriļ¬cation
A Tomasi1
M Sala1
V Da Rold1
1 University of Trento
Department of Mathematics
2 Fondazione Bruno Kessler
Security and Trust
May 30, 2013
BioSigV
G Sciarretta2
4. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Authentication systems
Authentication systems can be based on several factors:
something you know,
password!
something you have,
something you are.
BioSigV
5. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Biometric measures
Physical biometrics:
Pros :
Cannot be lost or forgotten
Diļ¬cult to forge
Cons :
Intrusive, or at least perceived as such
Diļ¬cult if not impossible to revoke
Present and future privacy issues: health,
ethnicity etc.
BioSigV
6. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Biometric signature I
A behavioural, non-intrusive measurement, familiar and widely
accepted. Con: high variability.
BioSigV
7. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Biometric signature II
Input data: [x,y,t,p,e]
Extracted features:
ID
1
2
3
4-5
6-7
8-9
Description
Number of Strokes
Time Duration
Aspect Ratio
X and Y Area
Average X and Y Velocity
Absolute Average X and Y Velocity
ID
10-11
12-13
14-15
16-20
21-30
31-40
Description
Average X and Y Acceleration
Initial X and Y
Final X and Y
M1,1 ,M1,2 ,M2,1 and M0,3
X and Y Sub-Areas
X and Y Sub-Velocity
BioSigV
ID
41-50
51-52
53-55
56-58
59-61
62-63
Description
X and Y Sub-Accelerations
Height and Width
Mean X,Y and Pressure Value
Maximum X,Y and Pressure Value
Minimum X,Y and Pressure Value
Maximum X and Y Velocity
10. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Error correction
Consider the following scenario: a source sends a message m
across a channel to a receiver. The channel is aļ¬ected by noise,
which modiļ¬es the signal.
Broadly speaking, an error correction scheme is composed of two
algorithms, E ncode and Decode, that modify the message to make
it more resilient to errors e, so that
D (E (m) + e) = m
for suļ¬ciently āsmallā e.
BioSigV
11. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Linear block ECC I
Let Fq be the ļ¬nite ļ¬eld with q elements and (Fq )n be the linear
space of all n-tuples over Fq .
Deļ¬nition
Let k, n ā N such that 1 ā¤ k ā¤ n. A linear code C is a
k-dimensional vector subspace of (Fq )n .
Deļ¬nition
If C is an [n, k]q code, then any matrix G whose rows form a basis
for C as a k-dimensional vector space is called a generator matrix
for C .
The encoding procedure of a message m ā (Fq )k into the word
c ā (Fq )n is just mG = c.
BioSigV
12. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Linear block ECC II
Concretely, we split a message m into blocks of length k and map
every possible mk into a codeword, c. Crudely speaking, this is a
more complex form of redundancy:
1 ā [111]
0 ā [000]
A code with minimum distance d can detect up to d ā 1 and
correct up to (d ā 1)/2 errors.
BioSigV
13. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Cyclic Codes
Deļ¬nition
An [n, k, d]q linear code C is cyclic if the cyclic shift of a word is
also a word, i.e.
(c0 , . . . , cnā1 ) ā C
=ā
(cnā1 , c0 , . . . , cnā2 ) ā C .
Consider the univariate polynomial ring Fq [x] and the ideal
I = x n ā 1 . We denote by R the ring Fq [x]/I . We construct a
bijective correspondence between the vectors of (Fq )n and the
residue classes of polynomials in R:
(v0 , . . . , vnā1 ) ā v0 + v1 x + Ā· Ā· Ā· + vnā1 x nā1 .
We can view linear codes as subsets of the ring R, thanks to the
correspondence above.
BioSigV
14. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Generator Polynomial
Theorem
An [n, k, d]q code C is cyclic iļ¬ C is an ideal of R.
Since R is a principal ideal ring (if C is not trivial) there exists a
unique monic polynomial g that generates C . We call g the
generator polynomial of C .
Let m = (m0 , . . . , mkā1 ) be a message to encode, and consider its
polynomial representation m(x) in R. To obtain an associated word
it is suļ¬cient to multiply m(x) by the generator polynomial g (x):
c(x) = m(x)g (x) ā C .
BioSigV
16. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Hash functions
A cryptographic hash function h maps messages of arbitrary
length1 into a ļ¬xed-length message digest. Hash functions are
required to be:
one-way : given a known digest d generated by a known hash
function h(Ā·), it is infeasible to deduce m such that
d = h(m);
collision resistant : it is infeasible to ļ¬nd explicitly two messages
m1 , m2 such that h(m1 ) = h(m2 );
input sensitive : the smallest diļ¬erence between two messages
m1 , m2 leads to completely diļ¬erent digests
h(m1 ), h(m2 ).
1
up to some very large maximum
BioSigV
17. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Example: SHA-1
SHA-1: Security Hash Algorithm [FIPS2 180-1]. Given an input
message of length up to 264 bits, SHA-1 outputs a 160-bit string:
message
māillumino di immenso
mi illumino di immenso
Roma
roma
2
SHA-1 digest
04DEC8C39C14B4E5AB28
4EE204C81D58F1A59936
666BCFA1CC6D6580F316
AF077B85B9DE34055A57
DE5429D6F4FA2C86427A
50757791DE88A0B75C85
A6B6EA31C49A8E944EFE
9ECBC072A26903A1461A
Federal Information Processing Standard
BioSigV
18. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Collision resistance
The collision resistance of hash functions can be measured in terms
of their robustness against birthday attacks, i.e. the number of
brute-force hash operations it takes, in probability, before we ļ¬nd
two messages with the same hash by simply picking random
messages from the whole message space. For an n-bit output hash,
this is proportional to 2n/2 .
Crudely speaking, assume we have a commercial PC capable of
performing hashes at 1 GHz, i.e. 109 h(Ā·)s ā1 . A 128-bit digest hash
such as SHA-1 will yield a collision in at most roughly 2 Ā· 1019
hashes, which would take at most 30 years. Adding processing
power and ļ¬nding vulnerabilities in the hash function signiļ¬cantly
reduce the waiting time.
BioSigV
20. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Fuzziļ¬cation
By applying a repeatable but non-invertible transform f (s) to the
signature we commit enough biometric data to authenticate users,
but as little as possible to preserve privacy. We do this based on
thresholds.
BioSigV
21. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
The scheme at a glance
Enrolment(s):
1
2
3
generate a random message, r , and encode it (E (r ))
sum the message with the fuzzy median signature, f (ĀÆ)
s
commit enrolment data:
a hash of the message, h(r )
a user-speciļ¬c string, u = E (r ) + f (ĀÆ)
s
the error correction capacity t corresponding to the user
Veriļ¬cation(Ė, h(r ), u, t):
s
1
subtract the fuzzy observed signature from the userās string:
v = u ā f (Ė)
s
= E (r ) + f (ĀÆ) ā f (Ė)
s
s
= E (r ) + e
2
3
correct the errors in the transmitted message:
Ė = D(E (r ) + e);
r
if h(r ) == h(Ė), accept the observed signature as authentic.
r
BioSigV
22. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Encoding choices
Block codes make sense for authentication schemes because we
can precisely deļ¬ne the length of our encoded message (n).
Furthermore, for MDS codes, i.e. ones for which strict equality
holds in the Singleton bound d ā¤ n ā k + 1, we can uniquely
associate an error correction capacity t with a given message and
code length. We can also tweak t based on whether we want to
make it easier for users to authenticate themselves or harder for
forgers to gain access.
BioSigV
23. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Privacy and cancelability
Cancelability
Privacy
Since the random message r is generated at
enrolment, any user can enrol the same
signature again.
The signature itself can be changed, since it is
behavioural.
A suļ¬ciently long random message r and robust
hash function h(Ā·) ensure that the userās
biometric data cannot be recovered by anyone.
Even if the data were recovered, all we have
committed is a fuzzy version.
BioSigV
26. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Privacy and cancelability
Cancelability
Since the random message r is generated at
enrolment, any user can enrol the same
signature again.
The signature itself can be changed, since it is a
behavioural measure.
Privacy
A suļ¬ciently long random message r and robust
hash function h(Ā·) ensure that the userās
biometric data cannot be feasibly recovered by
anyone, whether thief or system administrator.
Even if the data were recovered, all we have
committed is a fuzzy version.
BioSigV
27. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Performance
Assessed against both research and custom database, allowing two
authentication attempts.
False Rejection Rate / Type I Error: 3.5%
False Acceptance Rate / Type II Error: 3.2%
Work commissioned by PayBay Networks Srl, part of QUI!Group
BioSigV
28. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
[Bov+03]
L Bovino et al. āMulti-Expert Veriļ¬cation of
Hand-Written Signaturesā. In: Proceedings of the
Seventh International Conference on Document
Analysis and Recognition (ICDAR). Vol. 2.
Washington, DC, USA: IEEE Computer Society, 2003,
pp. 932ā936. isbn: 0-7695-1960-1. doi:
10.1.1.160.9174.
[Fre08]
M. R. Freire. āBiometric Template Protection in
Dynamic Signature Veriļ¬cationā. MSc. Universidad
AutĀ“noma de Madrid, Nov. 2008.
o
BioSigV
29. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
[GJ07]
G. K. Gupta and R. C. Joyce. āUsing position extrema
points to capture shape in on-line handwritten
signature veriļ¬cationā. In: Pattern Recognition 40.10
(Oct. 2007), pp. 2811ā2817. issn: 0031-3203. doi:
10.1016/j.patcog.2007.01.014.
[IP08]
D. Impedovo and G. Pirlo. āAutomatic Signature
Veriļ¬cation: The State of the Artā. In: Systems, Man,
and Cybernetics, Part C: Applications and Reviews,
IEEE Transactions on 38.5 (Sept. 2008), pp. 609ā635.
issn: 1094-6977. doi: 10.1109/TSMCC.2008.923866.
[IW09]
T. Ignatenko and F. M. J. Willems. āBiometric
Systems: Privacy and Secrecy Aspectsā. In:
Information Forensics and Security, IEEE Transactions
on 4.4 (2009), pp. 956ā973. issn: 1556-6013. doi:
10.1109/TIFS.2009.2033228.
BioSigV
30. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
[IW10]
T. Ignatenko and F. M. J. Willems. āUsing position
extrema points to capture shape in on-line handwritten
signature veriļ¬cationā. In: Information Forensics and
Security, IEEE Transactions on 5.2 (2010),
pp. 337ā348. doi: 10.1109/TIFS.2010.2046984.
[JGC02]
A. K. Jain, F. D. Griess, and S. D. Connell. āOn-line
signature veriļ¬cationā. In: Pattern Recognition 35
(2002), pp. 2963ā2972.
[JNN08]
A. K. Jain, K. Nandakumar, and A. Nagar. āBiometric
template securityā. In: EURASIP Journal on Advances
in Signal Processing (Jan. 2008). issn: 1110-8657.
doi: 10.1155/2008/579416.
BioSigV
31. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
[JS06]
A. Juels and M. Sudan. āA fuzzy vault schemeā. In:
Designs, Codes and Cryptography 38.2 (2006),
pp. 237ā257. doi: 10.1007/s10623-005-6343-z.
[JW99]
A. Juels and M. Wattenberg. āA fuzzy commitment
schemeā. In: Proceedings of the 6th ACM conference
on Computer and communications security (CCS ā99ā).
Kent Ridge Digital Labs, Singapore: ACM, 1999,
pp. 28ā36. isbn: 1-58113-148-8. doi:
10.1145/319709.319714.
[LBA96]
L Lee, T Berger, and E Aviczer. āReliable On-Line
Human Signature Veriļ¬cation Systemsā. In: IEEE
Trans. Pattern Anal. Mach. Intell. 18.6 (June 1996),
pp. 643ā647. issn: 0162-8828. doi:
10.1109/34.506415.
BioSigV
32. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
[Lee+04]
J. Lee et al. āUsing geometric extrema for
segment-to-segment characteristics comparison in
online signature veriļ¬cationā. In: Pattern Recognition
37.1 (Jan. 2004), pp. 93ā103. issn: 0031-3203. doi:
10.1016/S0031-3203(03)00229-2.
[Liw+11]
M. Liwicki et al. āSignature Veriļ¬cation Competition
for Online and Oļ¬ine Skilled Forgeries
(SigComp2011)ā. In: Document Analysis and
Recognition (ICDAR), 2011 International Conference
on. IEEE Computer Society. 2011, pp. 1480ā1484.
doi: 10.1109/ICDAR.2011.294.
BioSigV
33. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
[Liw+12]
M. Liwicki et al. āICFHR 2012 Competition on
Automatic Forensic Signature Veriļ¬cation (4NsigComp
2012)ā. In: Frontiers in Handwriting Recognition
(ICFHR), 2012 International Conference on. IEEE.
Bari, Sept. 2012, pp. 823ā828. doi:
10.1109/ICFHR.2012.217.
[SE00]
S Sanderson and J. H. Erbetta. āAuthentication for
secure environments based on iris scanning
technologyā. In: Visual Biometrics (Ref.No. 2000/018),
IEE Colloquium on. 2000, pp. 8/1ā8/7. doi:
10.1049/ic:20000468.
[YWP95]
L Yang, B. K. Widjaja, and R Prasad. āApplication of
hidden Markov models for signature veriļ¬cationā. In:
Pattern Recognition 28.2 (1995), pp. 161ā170. issn:
0031-3203. doi: 10.1016/0031-3203(94)00092-Z.
BioSigV