by mahmood sharif joint work with orr dunkelman and rita
play

BY MAHMOOD SHARIF JOINT WORK WITH ORR DUNKELMAN AND RITA OSADCHY - PowerPoint PPT Presentation

Nov 13, 2023 •208 likes •561 views

PRIVACY PRESERVING KEY-DERIVATION FROM BIOMETRICS: CLOSING THE GAP BETWEEN THEORY AND PRACTICE BY MAHMOOD SHARIF JOINT WORK WITH ORR DUNKELMAN AND RITA OSADCHY Motivation Key-Derivation: generating a secret key from information possessed by

  1. PRIVACY PRESERVING KEY-DERIVATION FROM BIOMETRICS: CLOSING THE GAP BETWEEN THEORY AND PRACTICE BY MAHMOOD SHARIF JOINT WORK WITH ORR DUNKELMAN AND RITA OSADCHY

  2. Motivation Key-Derivation: generating a secret key from information possessed by the user Passwords, the most widely used mean for key derivation, are problematic: peekaboo pwd ?? 1. Forgettable 2. Easily observable 3. Low entropy 4. Carried over between systems

  3. Motivation Suggestion : use biometric data for key generation Problems: 1. It is hard/impossible to replace the biometric template in case it gets compromised 2. Privacy of the users 1

  4. Outline Motivation Background: The Fuzziness Problem Cryptographic Constructions Challenges SecureFace: Overview of the System Experiments Challenge New construction Conclusions

  5. The Fuzziness Problem Two images of the same face are rarely identical (due to lighting, pose, expression changes) Yet we want to consistently derive the same key every time The fuzziness in the samples is handled by: 1. Feature extraction 2. The use of error-correction codes and helper data • Taken one after the other • 86189 pixels are different • only 3061 pixels have identical values!

  6. Process for handling noise Most biometrics systems: 1. Feature extraction: Lower susceptibility to noise 2. Binarization: Decreases noise Necessary for utilizing cryptographic constructions 3. Error-Correction: Uses stored helper data for handling remaining noise

  7. Feature Extraction User-specific features: Generic features: Histograms, e.g.: LBPs, E.g.: Eigenfaces (PCA), 
 SIFT Fisherfaces (FLD) Filters, e.g.: Gabor features Requires training and stores Do not require training or store user specific parameters user specific data

  8. Feature Extraction Previous Work [FYJ10] used Fisherfaces: 10 10 20 20 30 30 40 40 50 50 60 60 70 70 80 80 90 90 10 20 30 40 50 60 70 80 90 10 20 30 40 50 60 70 80 90 Problem: public data looks like the users :( If privacy is a goal, user-specific features cannot be used!

  9. Binarization Essential for using the cryptographic constructions Biometric features can be 
 Some claim: non-invertibility [TGN06] approximated By: Sign of projection Quantization Quantization is more accurate, but requires additional private information [TKL08]

  10. Cryptographic Noise-Tolerant Constructions Secure Sketch [JW99]: Enrollment Key Generation Binary ⊕ Binary Representation of s ⊕ Decode k Representation of the biometrics the biometrics Encode s k ⬅ {0,1} * Other constructions: Fuzzy Vault [JS06], Fuzzy Extractors [DORS08]

  11. Secure Sketch: Illustration x enroll s (=Enc(k) ⊕ x enroll ) x genuine Enc(k) t x impostor

  12. When it comes to practice… Secure sketch provides zero entropy-loss given s only if the biometric templates are i.i.d Hao et. al proposed a system that derives keys with 140bits of entropy from iris images [HAD05] Statistical attacks exploit dependencies in the biometrics and guess keys in ~2 10 attempts, given s [RU12, ZKB12] Fuzzy Extractors can be used, but the entropy loss is too high

  13. Challenges 1. Auxiliary data leaks personal information 2. Need i.i.d biometric templates for secure sketch 3. High (min-) entropy loss when using fuzzy extractors Result: short keys and weak privacy protection

  14. Outline Motivation Background: The Fuzziness Problem Cryptographic Constructions Challenges SecureFace: Overview of the System Experiments Challenge New construction Conclusions

  15. Feature Extraction 1. Landmark Localization and Alignment Face landmark localization and affine transformation to a canonical pose: An essential step, due to the inability to perform alignment between enrolled and newly presented template

  16. Feature Extraction 2. Feature Extraction Local Binary Patterns (LBPs) descriptors are computed from 21 regions defined on the face: The same is done with Scale Invariant Feature Transform (SIFT) descriptors Histograms of Oriented Gradients (HoGs) are computed on the whole face

  17. Ensuring Independent bits Dimension Reduction and Concatenation of Feature Vectors Removing Correlations Between the Features Rescaling Each Feature to Projecting [0,1] Interval on orthogonal hyperplanes Independent bits

  18. Binarization Requirements from the binary representation: 1. Consistency and discrimination 2. No correlations between the bits 3. High min-entropy We find a discriminative projection space W by generalizing an algorithm from [WKC10] (for solving ANN problem) ( x i , x j ) ∈ C if the pair belongs to the same user For : X = [ x 1 , x 2 , ..., x n ] otherwise ( x i , x j ) ∈ T The aim is to find hyperplanes , s.t. for : [ w 1 , w 2 , ..., w K ] h k ( x ) = sgn ( w t k x ) if ( x i , x j ) ∈ C h k ( x i ) = h k ( x j ) otherwise h k ( x i ) 6 = h k ( x j )

  19. Binarization cont. W will be public, yet we do not want it to reveal info about users ➔ training cannot be performed on images of users Solution: transfer learning — training is performed once on subjects distinct of those enrolled to the system Instead of learning We learn w 1 : does subject have attribute #1? 
 representation for: 
 … w 2 : does subject have attribute #2? 
 representation for: 
 … … … w n : does subject have attribute #n? … representation for:

  20. 
 
 Full System Enrollment: Binarization Feature ⊕ s Extraction Encode Key derivation: k ⬅ {0,1} * ⊕ Decode and 
 s Hash Binarization Feature Extraction

  21. Experiments Constructing the Embedding Performed only once Subjects are different than the ones enrolled in the system Number of Images Per Number of Subjects Subject Hyperplanes 949 3-4 511

  22. Experiments Evaluation Data: A data set of frontal images under controlled conditions, collected at the University of Haifa 474 subjects in total, 26 have two sessions 6.41 images per subject on average Tests: 9,602 genuine attempts 4,609,678 impersonation attempts

  23. Distribution of Distances - genuine - impostor min distance for an impersonation attempt = 164

  24. Results ROC curve FPR=0%, TPR=88.59% !

  25. What ECC should we use? Attempt #1 Codewords in over binary alphabet in vector space t=163 ➔ d=2*163+1=327 According to Plotkin bound: This implies keys with less than 3 bits :-(

  26. What ECC should we use? Attempt #2 Best option we found in the literature: Reed-Solomon+repetition [MVV12] Idea: encode the key, then repeat the codeword as much as possible In our case, for an 80bits key, the best parameters are: … k 1 k 2 k 16 RS(31,16) ECC with 5bit symbols • Can correct up to 8 symbol errors k ’4 … k ’1 k ’2 k ’3 k ’31 3 repetitions k ’2 … k ’1 k ’1 k ’1 k ’31 k ’31 k ’31 Result: 465bits long codewords

  27. What ECC should we use? Attempt #2 cont. How many errors do we have? Up to 163 unstructured errors ➔ 31.89% chance for bit error, or p=0.68 that a bit is correct Probability of correct (symbol) bit after majority: Probability of correct symbol: RS needs to correct ~23 symbol errors Problem: a correct bit does not guarantee a correct symbol

  28. Our Construction Idea: perform repetition on the biometric template Select RS(2 m -1, l ) ECC (m-bit symbols) • Can correct up to (2 m -1- l )/2 k ’4 … … k l k 1 k 2 k ’1 k ’2 k ’3 k ’ 2m-1 Repeat the biometric template m times x 4 … … x 1 x 2 x 3 x 4 x 2m-1 x 1 x 2 x 3 x 2m-1 m repetitions 
 of x 1 Compute helper data: It can be seen that: correct bit ➔ correct symbol

  29. Parameters for SecureFace Length of biometric template is 511 i.e., 2 m -1=511 ➔ m=9 To correct up to 163 errors ➔ key of length l =184 symbols

  30. Privacy and Security Guarantees Privacy: If x is i.i.d then H(x|s)= l If H(x)=(2 m -1)-r (i.e., x is almost i.i.d) then H(x|s)= l -r Similarly for security: If x is i.i.d then H(k|s)= l If H(x)=(2 m -1)-r then H(x|s) ≥ l -r

  31. Security Analysis Uniformity of the Representation No correlation between the bits + high min-entropy ➔ uniform distribution Low correlation between the bits #1: ( γ = p (1 − p ) High degrees-of-freedom : 509.69 ) σ 2 p: average relative distance between two representation of different persons : the standard deviation σ

  32. Security Analysis Uniformity of the Representation No correlation between the bits + high min-entropy ⇒ uniform distribution No correlation between the bits #2: The representation has a diagonal covariance matrix: High min-entropy: 


  33. Conclusions SecureFace, a system for fast key-derivation from face images that provides: 1. Consistency (88.94% TPR) and discriminability (0% FPR) 2. Provable privacy 3. Provable security 4. An alternative to passwords

  34. That’s all folks! Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Finding Yourself Is The Key University of Haifa Biometric Key Derivation that Joint work

Finding Yourself Is The Key University of Haifa Biometric Key Derivation that Joint work

Orr Dunkelman, Finding Yourself Is The Key University of Haifa Biometric Key Derivation that Joint work with Mahmood Sharif and Margarita Keeps Your Privacy Osadchy Overview Motivation Background : The Fuzziness Problem

810 views • 53 slides
How to Generate Keys from Margarita Osadchy University of Haifa Facial Images and Keep your

How to Generate Keys from Margarita Osadchy University of Haifa Facial Images and Keep your

How to Generate Keys from Margarita Osadchy University of Haifa Facial Images and Keep your Joint work with Mahmood Privacy at the Same Time Sharif and Orr Dunkelman Motivation Key-Derivation: generating a secret key, from information

1.25k views • 57 slides
A Unified Approach to Related-Key Attacks Orr Dunkelman Katholieke Universitiet Leuven, Dept.

A Unified Approach to Related-Key Attacks Orr Dunkelman Katholieke Universitiet Leuven, Dept.

A Unified Approach to Related-Key Attacks Orr Dunkelman Katholieke Universitiet Leuven, Dept. of Electrical Engineering ESAT- SCD/COSIC joint work with Eli Biham and Nathan Keller 1/46 Outline of the Talk Previous Results: Original

600 views • 46 slides
Distinguishing iterated encryption E. Lambooij eran@hideinplainsight.io This is joint work with:

Distinguishing iterated encryption E. Lambooij eran@hideinplainsight.io This is joint work with:

Distinguishing iterated encryption E. Lambooij eran@hideinplainsight.io This is joint work with: Orr Dunkelman, Nathan Keller and Tanja Lange CRYPTACUS Workshop, 16-18 November 2017 1 / 15 Question: Does security increase if we encrypt twice

567 views • 22 slides
Hash Functions Much Ado about Something Orr Dunkelman D epartement dInformatique

Hash Functions Much Ado about Something Orr Dunkelman D epartement dInformatique

Introduction MD New Results I New Results II Future Hash Functions Much Ado about Something Orr Dunkelman D epartement dInformatique Ecole Normale sup erieure France Telecom Chaire 22nd of September 2008 Orr Dunkelman

1.44k views • 132 slides
How to Privately Find Double Acquisitions in Biometric Databases Orr Dunkelman Department of

How to Privately Find Double Acquisitions in Biometric Databases Orr Dunkelman Department of

Introduction New Non-Crypto Solution Conclusion How to Privately Find Double Acquisitions in Biometric Databases Orr Dunkelman Department of Computer Science, University of Haifa January 15th, 2015 Joint works with Melissa Chase and

409 views • 40 slides
Combined Attacks from Boomerangs to Sandwiches and Differential-Linear Orr Dunkelman

Combined Attacks from Boomerangs to Sandwiches and Differential-Linear Orr Dunkelman

Introduction Boomerang Diff-Lin Summary Combined Attacks from Boomerangs to Sandwiches and Differential-Linear Orr Dunkelman Department of Computer Science, University of Haifa June 5th, 2014 Orr Dunkelman Combined Attacks 1/ 36

656 views • 36 slides
Multiple Encryption New Cryptanalytic Algorithms and Applications Orr Dunkelman Computer

Multiple Encryption New Cryptanalytic Algorithms and Applications Orr Dunkelman Computer

Multiple NewMITM Dissection Summary Multiple Encryption New Cryptanalytic Algorithms and Applications Orr Dunkelman Computer Science Department University of Haifa 4th July, 2013 Orr Dunkelman Multiple Encryption 1/ 35 Multiple

1.49k views • 110 slides
Preventing bugs with pluggable type checking Michael Ernst University of Washington Joint work with

Preventing bugs with pluggable type checking Michael Ernst University of Washington Joint work with

print( @Readonly Object x) { List< @NonNull String> lst; } Preventing bugs with pluggable type checking Michael Ernst University of Washington Joint work with Mahmood Ali and Matthew Papi Motivation java.lang.NullPointerException

561 views • 30 slides
Aspects on the Flow-Level Performance of Wireless Fading Channels Amr Rizk in parts joint work

Aspects on the Flow-Level Performance of Wireless Fading Channels Amr Rizk in parts joint work

10 00 11 01 Aspects on the Flow-Level Performance of Wireless Fading Channels Amr Rizk in parts joint work with K. Mahmood, Y. Jiang, N. Becker and M. Fidler Institute of Communications Technology Leibniz Universitt Hannover, Germany

568 views • 21 slides
Presented by: Ajwad Alam Prepared By: Ajwad Alam, Jaman Sharif, Makame Mahmud & Raqib Al

Presented by: Ajwad Alam Prepared By: Ajwad Alam, Jaman Sharif, Makame Mahmud & Raqib Al

Presented by: Ajwad Alam Prepared By: Ajwad Alam, Jaman Sharif, Makame Mahmud & Raqib Al Mahmood Host: CREL Ecosystem resilience refers to ecosystem's stability and capability of tolerating disturbance and restoring itself. Natural

372 views • 19 slides
Cryptanalysis of Lightweight Block Ciphers: Theory Meets Dependencies Orr Dunkelman Computer

Cryptanalysis of Lightweight Block Ciphers: Theory Meets Dependencies Orr Dunkelman Computer

Dependency Other Win Open Cryptanalysis of Lightweight Block Ciphers: Theory Meets Dependencies Orr Dunkelman Computer Science Department University of Haifa, Israel December 14th, 2019 Orr Dunkelman Cryptanalysis of Lightweight Block

322 views • 31 slides
CREATIVITY AND INNOVATIVE WORK CULTURE Prof. Mahmood Ahmad Khan Dean and Head Faculty of

CREATIVITY AND INNOVATIVE WORK CULTURE Prof. Mahmood Ahmad Khan Dean and Head Faculty of

CREATIVITY AND INNOVATIVE WORK CULTURE Prof. Mahmood Ahmad Khan Dean and Head Faculty of Education, University of Kashmir Creativity Wertheimer (1945) Creativity as the breaking down and restructuring of thoughts about a topic to gain

535 views • 11 slides
Related-Key Attacks Orr Dunkelman Department of Computer Science, University of Haifa Faculty of

Related-Key Attacks Orr Dunkelman Department of Computer Science, University of Haifa Faculty of

Related-Key Attacks Slide Statistical RK Related-Key Attacks Orr Dunkelman Department of Computer Science, University of Haifa Faculty of Mathematics and Computer Science Weizmann Institute of Science June 2nd, 2011 Orr Dunkelman

441 views • 42 slides
The Hitchhikers Guide to the SHA-3 Competition Orr Dunkelman Computer Science Department

The Hitchhikers Guide to the SHA-3 Competition Orr Dunkelman Computer Science Department

History First Second Third The Hitchhikers Guide to the SHA-3 Competition Orr Dunkelman Computer Science Department University of Haifa 4 July, 2012 Orr Dunkelman The Hitchhikers Guide to the SHA-3 Competition 1/ 46 History First

909 views • 75 slides
Standardization Robustness Distinguishers/Key recovery for FFX-3.1 and FEA Orr Dunkelman 1 ,

Standardization Robustness Distinguishers/Key recovery for FFX-3.1 and FEA Orr Dunkelman 1 ,

Standardization Robustness Distinguishers/Key recovery for FFX-3.1 and FEA Orr Dunkelman 1 , Abhishek Kumar 2 , Eran Lambooij 1 and Somitra Kumar Sanadhya 2 1 University of Haifa, Israel 2 IIT Ropar, India 1 / 7 ISO 3103 Figure: A broken tea cup

676 views • 12 slides
Assouad Dimension and Random Fractals (Contains joint work with Jonathan M. Fraser and Jun J.

Assouad Dimension and Random Fractals (Contains joint work with Jonathan M. Fraser and Jun J.

Assouad Dimension and Random Fractals (Contains joint work with Jonathan M. Fraser and Jun J. Miao) Sascha Troscheit University of St Andrews October 3, 2014 Pure Postgraduate Seminar Sascha Troscheit Assouad Dimension and Random Fractals

1.15k views • 92 slides
Joint Probability Distributions In many experiments, two or more random variables have values that

Joint Probability Distributions In many experiments, two or more random variables have values that

ST 380 Probability and Statistics for the Physical Sciences Joint Probability Distributions In many experiments, two or more random variables have values that are determined by the outcome of the experiment. For example, the binomial experiment

281 views • 15 slides
Use of AIRS data in the Joint Center for Satellite Data Assimilation Lars Peter Riishojgaard

Use of AIRS data in the Joint Center for Satellite Data Assimilation Lars Peter Riishojgaard

Use of AIRS data in the Joint Center for Satellite Data Assimilation Lars Peter Riishojgaard Joint Center for Satellite Data Assimilation John Le Marshall Bureau of Meteorology Emily Liu, Ivanka Stajner Global Modeling and Assimilation Office

584 views • 24 slides
Assessment of HTS for Fusion. Activities of EFDA Manel Sanmart (IREC) On behalf of EFDA-HTS

Assessment of HTS for Fusion. Activities of EFDA Manel Sanmart (IREC) On behalf of EFDA-HTS

Assessment of HTS for Fusion. Activities of EFDA Manel Sanmart (IREC) On behalf of EFDA-HTS Work Program AIME on Superconductivity, Ciemat, 27th-28th May 2013 CONTENTS Introduction HTS for Fusion activities before 2011 Why HTS for

508 views • 35 slides
Jointly Distributed Random Variables IE 502: Probabilistic Models Jayendran Venkateswaran IE

Jointly Distributed Random Variables IE 502: Probabilistic Models Jayendran Venkateswaran IE

Jointly Distributed Random Variables IE 502: Probabilistic Models Jayendran Venkateswaran IE & OR Joint Distribution Functions X and Y are random variables Joint cumulative distribution function of X and Y Individual CDFs of

505 views • 8 slides
A depth formula for Tate Tor independent modules over Gorenstein rings Joint work with David A.

A depth formula for Tate Tor independent modules over Gorenstein rings Joint work with David A.

A depth formula for Tate Tor independent modules over Gorenstein rings Joint work with David A. Jorgensen arXiv:1107.3102[math.AC] Lars Winther Christensen Texas Tech University Lincoln NE, 16 October 2011 Auslanders depth formula Setup

527 views • 8 slides
By H.W.Weijers Presented at the Workshop on High Temperature Superconducting Magnets for Muon

By H.W.Weijers Presented at the Workshop on High Temperature Superconducting Magnets for Muon

High field magnets with coated conductors A viewpoint emerging from projects at the NHMFL By H.W.Weijers Presented at the Workshop on High Temperature Superconducting Magnets for Muon Collider Wilson Hall, Fermi National Accelerator Lab,

928 views • 17 slides
Joint Word Segmentation and pos-Tagging using a Single Perceptron Yue Zhang and Stephen Clark

Joint Word Segmentation and pos-Tagging using a Single Perceptron Yue Zhang and Stephen Clark

Joint Word Segmentation and pos-Tagging using a Single Perceptron Yue Zhang and Stephen Clark Oxford University Computing Laboratory June 5, 2008 Oxford University Computing Laboratory Introduction of Chinese pos-tagging Chinese sentences

571 views • 34 slides

More recommend