SlideShare a Scribd company logo
1 of 26
Department of Computer Science
Privacy Preserving Biometrics-Based and
User Centric Authentication Protocol
Hasini Gunasinghe and Elisa Bertino
NSS 2014
Department of Computer Science
Agenda
 Problem Overview
 Challenges in biometrics based authentication schemes
 Our approach
 Generating unique, repeatable and revocable BID
 Securing the BID with cryptographic commitment
 Privacy preserving authentication protocol
 Security and performance analysis
 Future work
NSS 2014
Department of Computer Science
Problem Overview
NSS 2014
What You Know What You Have
 Commonly used authentication factors
 Stolen passwords/tokens lead to identity theft
 Multiple passwords/tokens
 Inconvenient to users
Department of Computer Science
Problem Overview
NSS 2014
Department of Computer Science
Problem Overview
NSS 2014
Strong Authentication Factor: Biometrics  Represents who you are.
 Unique, Universal, Permanent and
Collectable.
 First known use in criminal division
of the police department in Paris –
introduced by A. Bertillon.
 Since then, many applications in
commercial, government and
forensic.
 Convenient and secure for users.
Still, it is not widely adapted in critical applications
such as online banking. Why?
Department of Computer Science
Challenges in biometrics based authentication:
 Inherited characteristics of biometrics
 Security concerns
 Privacy concerns
Problem Overview
NSS 2014
Department of Computer Science
Inherited Characteristics of
Biometrics
Desired Characteristics of
Biometrics Based Identifier
Uniqueness & Unforgeability Uniqueness & Unforgeability
Non-Repeatability Repeatability
Non-Revocability Revocability
Challenges in biometrics based authentication:
 Inherited vs desired characteristics:
Problem Overview
NSS 2014
Department of Computer Science
Challenges in biometrics based authentication:
 Security Concerns:
 Biometric templates are stored at the server during enrollment.
 Extracted biometric features are stored in smart cards to be
used during authentication.
e.g: In the Schiphol Privium scheme at the Amsterdam airport, Iris code stored is
in the smart card.
 Breach of security of template databases/smart cards/user-
devices can cause permanent loss of one’s biometric identity.
Problem Overview
NSS 2014
Department of Computer Science
Challenges in biometrics based authentication:
 Privacy Concerns of authentication protocols:
Problem Overview
NSS 2014
 Biometric identity stored at
multiple service providers.
 Different proprietary protocols.
verifies biometric
at login
SP2
SP3
SPspecificprotocols
IDP-centricprotocol
4) verifies biometric
3/5).verification
req/resp
1) enrolls biometric
SP1
IDP
SP2
 IDP learns user’s interaction patterns
with different SPs.
 Revealing BID during authentication.
enrolls biometric
at signup
SP1
Department of Computer Science
Addresses each of the above issues and provides better solutions.
1. Generates unique, repeatable and revocable BIDs.
2. Defines privacy preserving identity management protocol:
 Involves zero-knowledge-proof-of-knowledge.
 User-centric.
Our Approach
NSS 2014
Department of Computer Science
Overview:
Our Approach
NSS 2014
authenticate using
biometric identity token
enrolls biometric
obtains Identity Token
SP1
SP2
SP3
User-centricprotocol
 No interaction between IDP and SP(s).
 Biometric template is not stored anywhere.
Department of Computer Science
1. Generating BID:
Our Approach
NSS 2014
Image
Hashing
Algorithm
Trained
SVM
Classifier
Biometric
image
Hash
vector
Predicted
class label
(32 bits)
+
Password
based key
generation
User-provided
password
Key 1 (128 bits)
BID
Key steps:
1. Feature extraction, image hashing mechanism
2. Training SVM classifier
3. Obtaining classification output
4. Password based key generation
(160 bits)
Department of Computer Science
Our Approach
NSS 2014
1. Generating BID: Results
 P-Hash – feature
extraction mechanism
used in our approach.
 SVD-Hash – feature
extraction mechanism
used in previous work
[Bhargav-Spantzel et al.
‘2010].
Department of Computer Science
Our Approach
NSS 2014
1. Generating BID: Extended approach with Error Correction Code
 Enrolment phase: Error Correction Encoding:
 Authentication phase: Error Correction Decoding:
Image
Hashing
Algorithm
Trained SVM
Classifier
Biometric
image
Hash
vector
Predicted
class label
+
Password based key generation
User-provided
password
Key 1
BID
Hadamard
ECC encoding
Key 2
Error Correction
Metadata
Image
Hashing
Algorithm
Trained
SVM
Classifier
Biometric
image
Hash
vector
Predicted
class label +
Password based key generation
User-provided
password
Key 1
BIDHadamard
ECC
decoding
Key 2
Error corrected
Hash vector
Error Correction
Metadata
Department of Computer Science
Our Approach
NSS 2014
1. Generating BID: Results with ECC
 Both accuracy and overhead increase with the Hadamard Code
length used for error correction.
 Recommended Hadamard Error Correction Code is 16 bits.
 Improves repeatability of the BID.
 Secure error correction mechanism introduced by Kande et al.
‘2009.
Department of Computer Science
We covered so far – in key aspects of our approach:
Our Approach
NSS 2014
 Generating unique, repeatable and revocable BIDs.
 Extended approach with ECC to improve repeatability.
 Privacy preserving identity management protocol:
1. Involves zero-knowledge-proof-of-knowledge.
2. User-centric.
Department of Computer Science
3. Privacy preserving identity management protocol: Enrollment
Our Approach
NSS 2014
Biometric
image
Hash Vector
R=
Commitment: C = gxhr
Biometric
IDT
Perceptual Hash
Train Support Vector Machine
Trained Base SVM
P-Hash
Customize
SVM
Single Label Classification Hash Vector
Digitally Signed by IDP
X = BID
Department of Computer Science
Our Approach
NSS 2014
3. Privacy preserving identity management protocol: Enrollment
 Elements included in the identity token:
 Commitment string
 Expiration time stamp
 From, To fields (to prevent attacks on ZKPK protocol by SP)
 Digital signature
 Public parameters of the Pedersen commitment scheme
Department of Computer Science
Our Approach
NSS 2014
3. Privacy preserving identity management protocol: Enrollment
 Artifacts provided to the User: (stored in the TEE of user’s device)
 Identity Token
 Trained and customized SVM classifier.
 BID generation software.
 Salt value used for PBKDF.
 Error correction meta-data.
Department of Computer Science
Our Approach
NSS 2014
3. Privacy preserving identity management protocol: Authentication
Biometric
image
Hash Vector
P-Hash
Customized SVM
Single Label Classification
R’=
Commitment:
C’ = gx’hr’
X’ = BID
Authentication Request
Biometric
IDT
d = gyhs
Zero Knowledge Proof of Knowledge Protocol
Service
Provider
User Service Provider
challenge: e
u=y+ex, v=s+er
success if Ced = guhv
Department of Computer Science
Summary: Performance
Performance measure Value
Computing perceptual hash 0.0105 (s)
Training Classifier 8 (s) [with 400 training instances]
Predicting from trained classifier 0.013 (s)
Creating commitment 0.003038 (s)
Zero Knowledge Proof (without
network delay)
0.00763 (s)
Hardware Configurations:
 CPU: Intel Core i7-3537U
 Memory: 5GB RAM
 OS: Ubuntu 13.4 OS
Our Approach
NSS 2014
Department of Computer Science
Security Analysis:
 Confidentiality of sensitive data is preserved:
 Biometric image, P-Hash vector, BID are not stored anywhere.
 Secrets are derived from the user’s password.
 Zero Knowledge Proof of Knowledge protocol:
 Biometric information not revealed at any point.
 MITM attacks carried out by SP are prevented.
 Identity token provides ownership assurance and avoids
impersonation.
 Enables revocation of the biometric based identity tokens.
Our Approach
NSS 2014
Department of Computer Science
We covered so far:
Our Approach
NSS 2014
 Generating unique, repeatable and revocable BIDs.
 Extended approach with ECC to improve repeatability.
 Privacy preserving identity management protocol:
 with zero-knowledge-proofs.
 User-centric identity management
 Performance and Security Analysis
Department of Computer Science
Future Work
 Experimenting on other biometric traits.
 Privacy preserving biometrics based authentication based
on distance matching:
• Homomorphic Encryption
• Garbled circuits
 Multi-modal biometrics for authentication.
Department of Computer Science
Q & A
Department of Computer Science
Thank You…

More Related Content

What's hot

Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd Iaetsd
 
Digital signature certificate
Digital signature certificateDigital signature certificate
Digital signature certificate
Ashvini Soni
 
Two aspect authentication system using secure
Two aspect authentication system using secureTwo aspect authentication system using secure
Two aspect authentication system using secure
Uvaraj Shan
 
Security consideration with e commerce
Security consideration with e commerceSecurity consideration with e commerce
Security consideration with e commerce
StudsPlanet.com
 
ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011
prasanna9
 

What's hot (19)

Security for Future Networks: A Prospective Study of AAIs
Security for Future Networks: A Prospective Study of AAIsSecurity for Future Networks: A Prospective Study of AAIs
Security for Future Networks: A Prospective Study of AAIs
 
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authentication
 
Online applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cardsOnline applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cards
 
Digital signature certificate
Digital signature certificateDigital signature certificate
Digital signature certificate
 
120 i143
120 i143120 i143
120 i143
 
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
 
Two aspect authentication system using secure
Two aspect authentication system using secureTwo aspect authentication system using secure
Two aspect authentication system using secure
 
App Authentication
App AuthenticationApp Authentication
App Authentication
 
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
 
Database Security Two Way Authentication Using Graphical Password
Database Security Two Way Authentication Using Graphical PasswordDatabase Security Two Way Authentication Using Graphical Password
Database Security Two Way Authentication Using Graphical Password
 
Security consideration with e commerce
Security consideration with e commerceSecurity consideration with e commerce
Security consideration with e commerce
 
Internet of things .pptx [repaired]
Internet of things .pptx [repaired]Internet of things .pptx [repaired]
Internet of things .pptx [repaired]
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...
 
IRJET- E-Grievance: Centralized System for Municipal Corporation to Citizens ...
IRJET- E-Grievance: Centralized System for Municipal Corporation to Citizens ...IRJET- E-Grievance: Centralized System for Municipal Corporation to Citizens ...
IRJET- E-Grievance: Centralized System for Municipal Corporation to Citizens ...
 
CRYPTANALYSIS AND FURTHER IMPROVEMENT OF A BIOMETRIC-BASED REMOTE USER AUTHEN...
CRYPTANALYSIS AND FURTHER IMPROVEMENT OF A BIOMETRIC-BASED REMOTE USER AUTHEN...CRYPTANALYSIS AND FURTHER IMPROVEMENT OF A BIOMETRIC-BASED REMOTE USER AUTHEN...
CRYPTANALYSIS AND FURTHER IMPROVEMENT OF A BIOMETRIC-BASED REMOTE USER AUTHEN...
 
Iaetsd secure emails an integrity assured email
Iaetsd secure emails an integrity assured emailIaetsd secure emails an integrity assured email
Iaetsd secure emails an integrity assured email
 
Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authority
 
ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
 

Similar to Privacy Preserving Biometrics-Based and User Centric Authentication Protocol

Similar to Privacy Preserving Biometrics-Based and User Centric Authentication Protocol (20)

Augment the Safety in the ATM System with Multimodal Biometrics Linked with U...
Augment the Safety in the ATM System with Multimodal Biometrics Linked with U...Augment the Safety in the ATM System with Multimodal Biometrics Linked with U...
Augment the Safety in the ATM System with Multimodal Biometrics Linked with U...
 
Fingerprint Based Voting
Fingerprint Based VotingFingerprint Based Voting
Fingerprint Based Voting
 
IRJET- End to End Message Encryption using Biometrics
IRJET-  	  End to End Message Encryption using BiometricsIRJET-  	  End to End Message Encryption using Biometrics
IRJET- End to End Message Encryption using Biometrics
 
The Survey of Architecture of Multi-Modal (Fingerprint and Iris Recognition) ...
The Survey of Architecture of Multi-Modal (Fingerprint and Iris Recognition) ...The Survey of Architecture of Multi-Modal (Fingerprint and Iris Recognition) ...
The Survey of Architecture of Multi-Modal (Fingerprint and Iris Recognition) ...
 
Securing Access Control with Biometric Identity Verification Software.pptx
Securing Access Control with Biometric Identity Verification Software.pptxSecuring Access Control with Biometric Identity Verification Software.pptx
Securing Access Control with Biometric Identity Verification Software.pptx
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
 
Biometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security IssuesBiometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security Issues
 
A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol
 
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
 
Embedded system
Embedded systemEmbedded system
Embedded system
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lecture
 
IRJET- Secure Online Payment with Facial Recognition using CNN
IRJET-  	  Secure Online Payment with Facial Recognition using CNNIRJET-  	  Secure Online Payment with Facial Recognition using CNN
IRJET- Secure Online Payment with Facial Recognition using CNN
 
Tech4biz Solutions Defending Against Cyber Threats
Tech4biz Solutions Defending Against Cyber ThreatsTech4biz Solutions Defending Against Cyber Threats
Tech4biz Solutions Defending Against Cyber Threats
 
Advanced Security System for Bank Lockers using Biometric and GSM
Advanced Security System for Bank Lockers using Biometric and GSMAdvanced Security System for Bank Lockers using Biometric and GSM
Advanced Security System for Bank Lockers using Biometric and GSM
 
Feature Level Fusion of Multibiometric Cryptosystem in Distributed System
Feature Level Fusion of Multibiometric Cryptosystem in Distributed SystemFeature Level Fusion of Multibiometric Cryptosystem in Distributed System
Feature Level Fusion of Multibiometric Cryptosystem in Distributed System
 
Multi-Biometric Authentication through Hybrid Cryptographic System
Multi-Biometric Authentication through Hybrid Cryptographic SystemMulti-Biometric Authentication through Hybrid Cryptographic System
Multi-Biometric Authentication through Hybrid Cryptographic System
 
Bio atm with-microsoft_finger_print_sdk
Bio atm with-microsoft_finger_print_sdkBio atm with-microsoft_finger_print_sdk
Bio atm with-microsoft_finger_print_sdk
 
IRJET- Graphical user Authentication for an Alphanumeric OTP
IRJET- 	  Graphical user Authentication for an Alphanumeric OTPIRJET- 	  Graphical user Authentication for an Alphanumeric OTP
IRJET- Graphical user Authentication for an Alphanumeric OTP
 
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptxRole Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
 
IRJET- Secure Automated Teller Machine (ATM) by Image Processing
IRJET-  	  Secure Automated Teller Machine (ATM) by Image ProcessingIRJET-  	  Secure Automated Teller Machine (ATM) by Image Processing
IRJET- Secure Automated Teller Machine (ATM) by Image Processing
 

Recently uploaded

The solar dynamo begins near the surface
The solar dynamo begins near the surfaceThe solar dynamo begins near the surface
The solar dynamo begins near the surface
Sérgio Sacani
 
Pests of Green Manures_Bionomics_IPM_Dr.UPR.pdf
Pests of Green Manures_Bionomics_IPM_Dr.UPR.pdfPests of Green Manures_Bionomics_IPM_Dr.UPR.pdf
Pests of Green Manures_Bionomics_IPM_Dr.UPR.pdf
PirithiRaju
 
Pests of sugarcane_Binomics_IPM_Dr.UPR.pdf
Pests of sugarcane_Binomics_IPM_Dr.UPR.pdfPests of sugarcane_Binomics_IPM_Dr.UPR.pdf
Pests of sugarcane_Binomics_IPM_Dr.UPR.pdf
PirithiRaju
 
Tuberculosis (TB)-Notes.pdf microbiology notes
Tuberculosis (TB)-Notes.pdf microbiology notesTuberculosis (TB)-Notes.pdf microbiology notes
Tuberculosis (TB)-Notes.pdf microbiology notes
jyothisaisri
 
Gliese 12 b: A Temperate Earth-sized Planet at 12 pc Ideal for Atmospheric Tr...
Gliese 12 b: A Temperate Earth-sized Planet at 12 pc Ideal for Atmospheric Tr...Gliese 12 b: A Temperate Earth-sized Planet at 12 pc Ideal for Atmospheric Tr...
Gliese 12 b: A Temperate Earth-sized Planet at 12 pc Ideal for Atmospheric Tr...
Sérgio Sacani
 
Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...
Sérgio Sacani
 
Isolation of AMF by wet sieving and decantation method pptx
Isolation of AMF by wet sieving and decantation method pptxIsolation of AMF by wet sieving and decantation method pptx
Isolation of AMF by wet sieving and decantation method pptx
GOWTHAMIM22
 
The importance of continents, oceans and plate tectonics for the evolution of...
The importance of continents, oceans and plate tectonics for the evolution of...The importance of continents, oceans and plate tectonics for the evolution of...
The importance of continents, oceans and plate tectonics for the evolution of...
Sérgio Sacani
 

Recently uploaded (20)

GBSN - Microbiology (Unit 6) Human and Microbial interaction
GBSN - Microbiology (Unit 6) Human and Microbial interactionGBSN - Microbiology (Unit 6) Human and Microbial interaction
GBSN - Microbiology (Unit 6) Human and Microbial interaction
 
Film Coated Tablet and Film Coating raw materials.pdf
Film Coated Tablet and Film Coating raw materials.pdfFilm Coated Tablet and Film Coating raw materials.pdf
Film Coated Tablet and Film Coating raw materials.pdf
 
GBSN - Biochemistry (Unit 4) Chemistry of Carbohydrates
GBSN - Biochemistry (Unit 4) Chemistry of CarbohydratesGBSN - Biochemistry (Unit 4) Chemistry of Carbohydrates
GBSN - Biochemistry (Unit 4) Chemistry of Carbohydrates
 
The solar dynamo begins near the surface
The solar dynamo begins near the surfaceThe solar dynamo begins near the surface
The solar dynamo begins near the surface
 
Triploidy ...............................pptx
Triploidy ...............................pptxTriploidy ...............................pptx
Triploidy ...............................pptx
 
Pests of Green Manures_Bionomics_IPM_Dr.UPR.pdf
Pests of Green Manures_Bionomics_IPM_Dr.UPR.pdfPests of Green Manures_Bionomics_IPM_Dr.UPR.pdf
Pests of Green Manures_Bionomics_IPM_Dr.UPR.pdf
 
Pests of sugarcane_Binomics_IPM_Dr.UPR.pdf
Pests of sugarcane_Binomics_IPM_Dr.UPR.pdfPests of sugarcane_Binomics_IPM_Dr.UPR.pdf
Pests of sugarcane_Binomics_IPM_Dr.UPR.pdf
 
Tuberculosis (TB)-Notes.pdf microbiology notes
Tuberculosis (TB)-Notes.pdf microbiology notesTuberculosis (TB)-Notes.pdf microbiology notes
Tuberculosis (TB)-Notes.pdf microbiology notes
 
Gliese 12 b: A Temperate Earth-sized Planet at 12 pc Ideal for Atmospheric Tr...
Gliese 12 b: A Temperate Earth-sized Planet at 12 pc Ideal for Atmospheric Tr...Gliese 12 b: A Temperate Earth-sized Planet at 12 pc Ideal for Atmospheric Tr...
Gliese 12 b: A Temperate Earth-sized Planet at 12 pc Ideal for Atmospheric Tr...
 
Molecular and Cellular Mechanism of Action of Hormones such as Growth Hormone...
Molecular and Cellular Mechanism of Action of Hormones such as Growth Hormone...Molecular and Cellular Mechanism of Action of Hormones such as Growth Hormone...
Molecular and Cellular Mechanism of Action of Hormones such as Growth Hormone...
 
WASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 Rp
WASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 RpWASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 Rp
WASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 Rp
 
NUMERICAL Proof Of TIme Electron Theory.
NUMERICAL Proof Of TIme Electron Theory.NUMERICAL Proof Of TIme Electron Theory.
NUMERICAL Proof Of TIme Electron Theory.
 
Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...
 
RACEMIzATION AND ISOMERISATION completed.pptx
RACEMIzATION AND ISOMERISATION completed.pptxRACEMIzATION AND ISOMERISATION completed.pptx
RACEMIzATION AND ISOMERISATION completed.pptx
 
Mining Activity and Investment Opportunity in Myanmar.pptx
Mining Activity and Investment Opportunity in Myanmar.pptxMining Activity and Investment Opportunity in Myanmar.pptx
Mining Activity and Investment Opportunity in Myanmar.pptx
 
Isolation of AMF by wet sieving and decantation method pptx
Isolation of AMF by wet sieving and decantation method pptxIsolation of AMF by wet sieving and decantation method pptx
Isolation of AMF by wet sieving and decantation method pptx
 
Alternative method of dissolution in-vitro in-vivo correlation and dissolutio...
Alternative method of dissolution in-vitro in-vivo correlation and dissolutio...Alternative method of dissolution in-vitro in-vivo correlation and dissolutio...
Alternative method of dissolution in-vitro in-vivo correlation and dissolutio...
 
The importance of continents, oceans and plate tectonics for the evolution of...
The importance of continents, oceans and plate tectonics for the evolution of...The importance of continents, oceans and plate tectonics for the evolution of...
The importance of continents, oceans and plate tectonics for the evolution of...
 
ERTHROPOIESIS: Dr. E. Muralinath & R. Gnana Lahari
ERTHROPOIESIS: Dr. E. Muralinath & R. Gnana LahariERTHROPOIESIS: Dr. E. Muralinath & R. Gnana Lahari
ERTHROPOIESIS: Dr. E. Muralinath & R. Gnana Lahari
 
INSIGHT Partner Profile: Tampere University
INSIGHT Partner Profile: Tampere UniversityINSIGHT Partner Profile: Tampere University
INSIGHT Partner Profile: Tampere University
 

Privacy Preserving Biometrics-Based and User Centric Authentication Protocol

  • 1. Department of Computer Science Privacy Preserving Biometrics-Based and User Centric Authentication Protocol Hasini Gunasinghe and Elisa Bertino NSS 2014
  • 2. Department of Computer Science Agenda  Problem Overview  Challenges in biometrics based authentication schemes  Our approach  Generating unique, repeatable and revocable BID  Securing the BID with cryptographic commitment  Privacy preserving authentication protocol  Security and performance analysis  Future work NSS 2014
  • 3. Department of Computer Science Problem Overview NSS 2014 What You Know What You Have  Commonly used authentication factors  Stolen passwords/tokens lead to identity theft  Multiple passwords/tokens  Inconvenient to users
  • 4. Department of Computer Science Problem Overview NSS 2014
  • 5. Department of Computer Science Problem Overview NSS 2014 Strong Authentication Factor: Biometrics  Represents who you are.  Unique, Universal, Permanent and Collectable.  First known use in criminal division of the police department in Paris – introduced by A. Bertillon.  Since then, many applications in commercial, government and forensic.  Convenient and secure for users. Still, it is not widely adapted in critical applications such as online banking. Why?
  • 6. Department of Computer Science Challenges in biometrics based authentication:  Inherited characteristics of biometrics  Security concerns  Privacy concerns Problem Overview NSS 2014
  • 7. Department of Computer Science Inherited Characteristics of Biometrics Desired Characteristics of Biometrics Based Identifier Uniqueness & Unforgeability Uniqueness & Unforgeability Non-Repeatability Repeatability Non-Revocability Revocability Challenges in biometrics based authentication:  Inherited vs desired characteristics: Problem Overview NSS 2014
  • 8. Department of Computer Science Challenges in biometrics based authentication:  Security Concerns:  Biometric templates are stored at the server during enrollment.  Extracted biometric features are stored in smart cards to be used during authentication. e.g: In the Schiphol Privium scheme at the Amsterdam airport, Iris code stored is in the smart card.  Breach of security of template databases/smart cards/user- devices can cause permanent loss of one’s biometric identity. Problem Overview NSS 2014
  • 9. Department of Computer Science Challenges in biometrics based authentication:  Privacy Concerns of authentication protocols: Problem Overview NSS 2014  Biometric identity stored at multiple service providers.  Different proprietary protocols. verifies biometric at login SP2 SP3 SPspecificprotocols IDP-centricprotocol 4) verifies biometric 3/5).verification req/resp 1) enrolls biometric SP1 IDP SP2  IDP learns user’s interaction patterns with different SPs.  Revealing BID during authentication. enrolls biometric at signup SP1
  • 10. Department of Computer Science Addresses each of the above issues and provides better solutions. 1. Generates unique, repeatable and revocable BIDs. 2. Defines privacy preserving identity management protocol:  Involves zero-knowledge-proof-of-knowledge.  User-centric. Our Approach NSS 2014
  • 11. Department of Computer Science Overview: Our Approach NSS 2014 authenticate using biometric identity token enrolls biometric obtains Identity Token SP1 SP2 SP3 User-centricprotocol  No interaction between IDP and SP(s).  Biometric template is not stored anywhere.
  • 12. Department of Computer Science 1. Generating BID: Our Approach NSS 2014 Image Hashing Algorithm Trained SVM Classifier Biometric image Hash vector Predicted class label (32 bits) + Password based key generation User-provided password Key 1 (128 bits) BID Key steps: 1. Feature extraction, image hashing mechanism 2. Training SVM classifier 3. Obtaining classification output 4. Password based key generation (160 bits)
  • 13. Department of Computer Science Our Approach NSS 2014 1. Generating BID: Results  P-Hash – feature extraction mechanism used in our approach.  SVD-Hash – feature extraction mechanism used in previous work [Bhargav-Spantzel et al. ‘2010].
  • 14. Department of Computer Science Our Approach NSS 2014 1. Generating BID: Extended approach with Error Correction Code  Enrolment phase: Error Correction Encoding:  Authentication phase: Error Correction Decoding: Image Hashing Algorithm Trained SVM Classifier Biometric image Hash vector Predicted class label + Password based key generation User-provided password Key 1 BID Hadamard ECC encoding Key 2 Error Correction Metadata Image Hashing Algorithm Trained SVM Classifier Biometric image Hash vector Predicted class label + Password based key generation User-provided password Key 1 BIDHadamard ECC decoding Key 2 Error corrected Hash vector Error Correction Metadata
  • 15. Department of Computer Science Our Approach NSS 2014 1. Generating BID: Results with ECC  Both accuracy and overhead increase with the Hadamard Code length used for error correction.  Recommended Hadamard Error Correction Code is 16 bits.  Improves repeatability of the BID.  Secure error correction mechanism introduced by Kande et al. ‘2009.
  • 16. Department of Computer Science We covered so far – in key aspects of our approach: Our Approach NSS 2014  Generating unique, repeatable and revocable BIDs.  Extended approach with ECC to improve repeatability.  Privacy preserving identity management protocol: 1. Involves zero-knowledge-proof-of-knowledge. 2. User-centric.
  • 17. Department of Computer Science 3. Privacy preserving identity management protocol: Enrollment Our Approach NSS 2014 Biometric image Hash Vector R= Commitment: C = gxhr Biometric IDT Perceptual Hash Train Support Vector Machine Trained Base SVM P-Hash Customize SVM Single Label Classification Hash Vector Digitally Signed by IDP X = BID
  • 18. Department of Computer Science Our Approach NSS 2014 3. Privacy preserving identity management protocol: Enrollment  Elements included in the identity token:  Commitment string  Expiration time stamp  From, To fields (to prevent attacks on ZKPK protocol by SP)  Digital signature  Public parameters of the Pedersen commitment scheme
  • 19. Department of Computer Science Our Approach NSS 2014 3. Privacy preserving identity management protocol: Enrollment  Artifacts provided to the User: (stored in the TEE of user’s device)  Identity Token  Trained and customized SVM classifier.  BID generation software.  Salt value used for PBKDF.  Error correction meta-data.
  • 20. Department of Computer Science Our Approach NSS 2014 3. Privacy preserving identity management protocol: Authentication Biometric image Hash Vector P-Hash Customized SVM Single Label Classification R’= Commitment: C’ = gx’hr’ X’ = BID Authentication Request Biometric IDT d = gyhs Zero Knowledge Proof of Knowledge Protocol Service Provider User Service Provider challenge: e u=y+ex, v=s+er success if Ced = guhv
  • 21. Department of Computer Science Summary: Performance Performance measure Value Computing perceptual hash 0.0105 (s) Training Classifier 8 (s) [with 400 training instances] Predicting from trained classifier 0.013 (s) Creating commitment 0.003038 (s) Zero Knowledge Proof (without network delay) 0.00763 (s) Hardware Configurations:  CPU: Intel Core i7-3537U  Memory: 5GB RAM  OS: Ubuntu 13.4 OS Our Approach NSS 2014
  • 22. Department of Computer Science Security Analysis:  Confidentiality of sensitive data is preserved:  Biometric image, P-Hash vector, BID are not stored anywhere.  Secrets are derived from the user’s password.  Zero Knowledge Proof of Knowledge protocol:  Biometric information not revealed at any point.  MITM attacks carried out by SP are prevented.  Identity token provides ownership assurance and avoids impersonation.  Enables revocation of the biometric based identity tokens. Our Approach NSS 2014
  • 23. Department of Computer Science We covered so far: Our Approach NSS 2014  Generating unique, repeatable and revocable BIDs.  Extended approach with ECC to improve repeatability.  Privacy preserving identity management protocol:  with zero-knowledge-proofs.  User-centric identity management  Performance and Security Analysis
  • 24. Department of Computer Science Future Work  Experimenting on other biometric traits.  Privacy preserving biometrics based authentication based on distance matching: • Homomorphic Encryption • Garbled circuits  Multi-modal biometrics for authentication.
  • 25. Department of Computer Science Q & A
  • 26. Department of Computer Science Thank You…