Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Testimonianza di Alessandro Tommasi presentation biosig
1. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Biometric Signature Verification
A Tomasi1
M Sala1
V Da Rold1
1 University of Trento
Department of Mathematics
2 Fondazione Bruno Kessler
Security and Trust
May 30, 2013
BioSigV
G Sciarretta2
4. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Authentication systems
Authentication systems can be based on several factors:
something you know,
password!
something you have,
something you are.
BioSigV
5. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Biometric measures
Physical biometrics:
Pros :
Cannot be lost or forgotten
Difficult to forge
Cons :
Intrusive, or at least perceived as such
Difficult if not impossible to revoke
Present and future privacy issues: health,
ethnicity etc.
BioSigV
6. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Biometric signature I
A behavioural, non-intrusive measurement, familiar and widely
accepted. Con: high variability.
BioSigV
7. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Biometric signature II
Input data: [x,y,t,p,e]
Extracted features:
ID
1
2
3
4-5
6-7
8-9
Description
Number of Strokes
Time Duration
Aspect Ratio
X and Y Area
Average X and Y Velocity
Absolute Average X and Y Velocity
ID
10-11
12-13
14-15
16-20
21-30
31-40
Description
Average X and Y Acceleration
Initial X and Y
Final X and Y
M1,1 ,M1,2 ,M2,1 and M0,3
X and Y Sub-Areas
X and Y Sub-Velocity
BioSigV
ID
41-50
51-52
53-55
56-58
59-61
62-63
Description
X and Y Sub-Accelerations
Height and Width
Mean X,Y and Pressure Value
Maximum X,Y and Pressure Value
Minimum X,Y and Pressure Value
Maximum X and Y Velocity
10. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Error correction
Consider the following scenario: a source sends a message m
across a channel to a receiver. The channel is affected by noise,
which modifies the signal.
Broadly speaking, an error correction scheme is composed of two
algorithms, E ncode and Decode, that modify the message to make
it more resilient to errors e, so that
D (E (m) + e) = m
for sufficiently “small” e.
BioSigV
11. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Linear block ECC I
Let Fq be the finite field with q elements and (Fq )n be the linear
space of all n-tuples over Fq .
Definition
Let k, n ∈ N such that 1 ≤ k ≤ n. A linear code C is a
k-dimensional vector subspace of (Fq )n .
Definition
If C is an [n, k]q code, then any matrix G whose rows form a basis
for C as a k-dimensional vector space is called a generator matrix
for C .
The encoding procedure of a message m ∈ (Fq )k into the word
c ∈ (Fq )n is just mG = c.
BioSigV
12. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Linear block ECC II
Concretely, we split a message m into blocks of length k and map
every possible mk into a codeword, c. Crudely speaking, this is a
more complex form of redundancy:
1 → [111]
0 → [000]
A code with minimum distance d can detect up to d − 1 and
correct up to (d − 1)/2 errors.
BioSigV
13. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Cyclic Codes
Definition
An [n, k, d]q linear code C is cyclic if the cyclic shift of a word is
also a word, i.e.
(c0 , . . . , cn−1 ) ∈ C
=⇒
(cn−1 , c0 , . . . , cn−2 ) ∈ C .
Consider the univariate polynomial ring Fq [x] and the ideal
I = x n − 1 . We denote by R the ring Fq [x]/I . We construct a
bijective correspondence between the vectors of (Fq )n and the
residue classes of polynomials in R:
(v0 , . . . , vn−1 ) ↔ v0 + v1 x + · · · + vn−1 x n−1 .
We can view linear codes as subsets of the ring R, thanks to the
correspondence above.
BioSigV
14. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Generator Polynomial
Theorem
An [n, k, d]q code C is cyclic iff C is an ideal of R.
Since R is a principal ideal ring (if C is not trivial) there exists a
unique monic polynomial g that generates C . We call g the
generator polynomial of C .
Let m = (m0 , . . . , mk−1 ) be a message to encode, and consider its
polynomial representation m(x) in R. To obtain an associated word
it is sufficient to multiply m(x) by the generator polynomial g (x):
c(x) = m(x)g (x) ∈ C .
BioSigV
16. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Hash functions
A cryptographic hash function h maps messages of arbitrary
length1 into a fixed-length message digest. Hash functions are
required to be:
one-way : given a known digest d generated by a known hash
function h(·), it is infeasible to deduce m such that
d = h(m);
collision resistant : it is infeasible to find explicitly two messages
m1 , m2 such that h(m1 ) = h(m2 );
input sensitive : the smallest difference between two messages
m1 , m2 leads to completely different digests
h(m1 ), h(m2 ).
1
up to some very large maximum
BioSigV
17. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Example: SHA-1
SHA-1: Security Hash Algorithm [FIPS2 180-1]. Given an input
message of length up to 264 bits, SHA-1 outputs a 160-bit string:
message
m’illumino di immenso
mi illumino di immenso
Roma
roma
2
SHA-1 digest
04DEC8C39C14B4E5AB28
4EE204C81D58F1A59936
666BCFA1CC6D6580F316
AF077B85B9DE34055A57
DE5429D6F4FA2C86427A
50757791DE88A0B75C85
A6B6EA31C49A8E944EFE
9ECBC072A26903A1461A
Federal Information Processing Standard
BioSigV
18. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Collision resistance
The collision resistance of hash functions can be measured in terms
of their robustness against birthday attacks, i.e. the number of
brute-force hash operations it takes, in probability, before we find
two messages with the same hash by simply picking random
messages from the whole message space. For an n-bit output hash,
this is proportional to 2n/2 .
Crudely speaking, assume we have a commercial PC capable of
performing hashes at 1 GHz, i.e. 109 h(·)s −1 . A 128-bit digest hash
such as SHA-1 will yield a collision in at most roughly 2 · 1019
hashes, which would take at most 30 years. Adding processing
power and finding vulnerabilities in the hash function significantly
reduce the waiting time.
BioSigV
20. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Fuzzification
By applying a repeatable but non-invertible transform f (s) to the
signature we commit enough biometric data to authenticate users,
but as little as possible to preserve privacy. We do this based on
thresholds.
BioSigV
21. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
The scheme at a glance
Enrolment(s):
1
2
3
generate a random message, r , and encode it (E (r ))
sum the message with the fuzzy median signature, f (¯)
s
commit enrolment data:
a hash of the message, h(r )
a user-specific string, u = E (r ) + f (¯)
s
the error correction capacity t corresponding to the user
Verification(ˆ, h(r ), u, t):
s
1
subtract the fuzzy observed signature from the user’s string:
v = u − f (ˆ)
s
= E (r ) + f (¯) − f (ˆ)
s
s
= E (r ) + e
2
3
correct the errors in the transmitted message:
ˆ = D(E (r ) + e);
r
if h(r ) == h(ˆ), accept the observed signature as authentic.
r
BioSigV
22. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Encoding choices
Block codes make sense for authentication schemes because we
can precisely define the length of our encoded message (n).
Furthermore, for MDS codes, i.e. ones for which strict equality
holds in the Singleton bound d ≤ n − k + 1, we can uniquely
associate an error correction capacity t with a given message and
code length. We can also tweak t based on whether we want to
make it easier for users to authenticate themselves or harder for
forgers to gain access.
BioSigV
23. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Privacy and cancelability
Cancelability
Privacy
Since the random message r is generated at
enrolment, any user can enrol the same
signature again.
The signature itself can be changed, since it is
behavioural.
A sufficiently long random message r and robust
hash function h(·) ensure that the user’s
biometric data cannot be recovered by anyone.
Even if the data were recovered, all we have
committed is a fuzzy version.
BioSigV
26. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Privacy and cancelability
Cancelability
Since the random message r is generated at
enrolment, any user can enrol the same
signature again.
The signature itself can be changed, since it is a
behavioural measure.
Privacy
A sufficiently long random message r and robust
hash function h(·) ensure that the user’s
biometric data cannot be feasibly recovered by
anyone, whether thief or system administrator.
Even if the data were recovered, all we have
committed is a fuzzy version.
BioSigV
27. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
Performance
Assessed against both research and custom database, allowing two
authentication attempts.
False Rejection Rate / Type I Error: 3.5%
False Acceptance Rate / Type II Error: 3.2%
Work commissioned by PayBay Networks Srl, part of QUI!Group
BioSigV
28. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
[Bov+03]
L Bovino et al. “Multi-Expert Verification of
Hand-Written Signatures”. In: Proceedings of the
Seventh International Conference on Document
Analysis and Recognition (ICDAR). Vol. 2.
Washington, DC, USA: IEEE Computer Society, 2003,
pp. 932–936. isbn: 0-7695-1960-1. doi:
10.1.1.160.9174.
[Fre08]
M. R. Freire. “Biometric Template Protection in
Dynamic Signature Verification”. MSc. Universidad
Aut´noma de Madrid, Nov. 2008.
o
BioSigV
29. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
[GJ07]
G. K. Gupta and R. C. Joyce. “Using position extrema
points to capture shape in on-line handwritten
signature verification”. In: Pattern Recognition 40.10
(Oct. 2007), pp. 2811–2817. issn: 0031-3203. doi:
10.1016/j.patcog.2007.01.014.
[IP08]
D. Impedovo and G. Pirlo. “Automatic Signature
Verification: The State of the Art”. In: Systems, Man,
and Cybernetics, Part C: Applications and Reviews,
IEEE Transactions on 38.5 (Sept. 2008), pp. 609–635.
issn: 1094-6977. doi: 10.1109/TSMCC.2008.923866.
[IW09]
T. Ignatenko and F. M. J. Willems. “Biometric
Systems: Privacy and Secrecy Aspects”. In:
Information Forensics and Security, IEEE Transactions
on 4.4 (2009), pp. 956–973. issn: 1556-6013. doi:
10.1109/TIFS.2009.2033228.
BioSigV
30. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
[IW10]
T. Ignatenko and F. M. J. Willems. “Using position
extrema points to capture shape in on-line handwritten
signature verification”. In: Information Forensics and
Security, IEEE Transactions on 5.2 (2010),
pp. 337–348. doi: 10.1109/TIFS.2010.2046984.
[JGC02]
A. K. Jain, F. D. Griess, and S. D. Connell. “On-line
signature verification”. In: Pattern Recognition 35
(2002), pp. 2963–2972.
[JNN08]
A. K. Jain, K. Nandakumar, and A. Nagar. “Biometric
template security”. In: EURASIP Journal on Advances
in Signal Processing (Jan. 2008). issn: 1110-8657.
doi: 10.1155/2008/579416.
BioSigV
31. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
[JS06]
A. Juels and M. Sudan. “A fuzzy vault scheme”. In:
Designs, Codes and Cryptography 38.2 (2006),
pp. 237–257. doi: 10.1007/s10623-005-6343-z.
[JW99]
A. Juels and M. Wattenberg. “A fuzzy commitment
scheme”. In: Proceedings of the 6th ACM conference
on Computer and communications security (CCS ’99’).
Kent Ridge Digital Labs, Singapore: ACM, 1999,
pp. 28–36. isbn: 1-58113-148-8. doi:
10.1145/319709.319714.
[LBA96]
L Lee, T Berger, and E Aviczer. “Reliable On-Line
Human Signature Verification Systems”. In: IEEE
Trans. Pattern Anal. Mach. Intell. 18.6 (June 1996),
pp. 643–647. issn: 0162-8828. doi:
10.1109/34.506415.
BioSigV
32. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
[Lee+04]
J. Lee et al. “Using geometric extrema for
segment-to-segment characteristics comparison in
online signature verification”. In: Pattern Recognition
37.1 (Jan. 2004), pp. 93–103. issn: 0031-3203. doi:
10.1016/S0031-3203(03)00229-2.
[Liw+11]
M. Liwicki et al. “Signature Verification Competition
for Online and Offline Skilled Forgeries
(SigComp2011)”. In: Document Analysis and
Recognition (ICDAR), 2011 International Conference
on. IEEE Computer Society. 2011, pp. 1480–1484.
doi: 10.1109/ICDAR.2011.294.
BioSigV
33. Biometric Authentication
Error correction
Hash functions
Fuzzy Commitment
References
[Liw+12]
M. Liwicki et al. “ICFHR 2012 Competition on
Automatic Forensic Signature Verification (4NsigComp
2012)”. In: Frontiers in Handwriting Recognition
(ICFHR), 2012 International Conference on. IEEE.
Bari, Sept. 2012, pp. 823–828. doi:
10.1109/ICFHR.2012.217.
[SE00]
S Sanderson and J. H. Erbetta. “Authentication for
secure environments based on iris scanning
technology”. In: Visual Biometrics (Ref.No. 2000/018),
IEE Colloquium on. 2000, pp. 8/1–8/7. doi:
10.1049/ic:20000468.
[YWP95]
L Yang, B. K. Widjaja, and R Prasad. “Application of
hidden Markov models for signature verification”. In:
Pattern Recognition 28.2 (1995), pp. 161–170. issn:
0031-3203. doi: 10.1016/0031-3203(94)00092-Z.
BioSigV