helper data schemes for privacy preserving biometrics
play

Helper data schemes for privacy-preserving biometrics Boris kori - PowerPoint PPT Presentation

Sep 20, 2022 •420 likes •828 views

Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der Meulen seminar Leuven, December 2011 1 Outline Security with noisy data - biometrics & privacy - Physical Unclonable Functions (PUFs)

  1. Helper data schemes for privacy-preserving biometrics Boris Š kori ć TU Eindhoven van der Meulen seminar Leuven, December 2011 1

  2. Outline • “Security with noisy data” - biometrics & privacy - Physical Unclonable Functions (PUFs) - anti-counterfeiting • Secure Sketches & Fuzzy Extractors - basics - Leftover Hash Lemma - some easy constructions 2

  3. Example A: biometric authentication • Biometrics are not really secret - easy to obtain - don’t entrust important secrets to biometric key • ... but have to be treated confidentially - privacy legislation - large databases, insider attacks 3

  4. Example A: biometric authentication • Biometrics are not really secret - easy to obtain - don’t entrust important secrets to biometric key • ... but have to be treated confidentially - privacy legislation - large databases, insider attacks • Solution - treat biom. authentication same as Unix passwords - store hash of {biometric + salt} • Problem - noisy measurements - hash has no noise tolerance 0010110101 1110111001... 3

  5. PUFs • Relatively new security primitive (Pappu 2001) • Physical Unclonable Function - complex piece of material - challenge-response pairs (CRPs) - difficult to characterize (“opaque”) - difficult to clone physically - difficult to emulate (“mathematical unclonability”) • Various applications - authentication token - anti-counterfeiting - secure key storage - software to hardware binding - tamper evidence 4

  6. Optical PUF Pappu 2001 Silicon PUF [Gassend et al. 2002] TiO 2 � TiN � Coating PUF Posch 1998; Tuyls et al. 2006 SRAM PUF FPGA ‘butterfly’ PUF Guajardo et al. Su et al. 2007 Kumar et al. 2008 5

  7. Anti-counterfeiting Traditional approach : • add authenticity mark to product • hard to forge • all marks are identical 6

  8. Anti-counterfeiting Traditional approach : • add authenticity mark to product • all marks are identical } Er, ... WTF? • hard to forge 6

  9. Anti-counterfeiting Traditional approach : • add authenticity mark to product • all marks are identical } Er, ... WTF? • hard to forge Imagine your company needs a security label ... • how do you know what you are buying? - nobody discloses technology details - there is no “AES” for anti-counterfeiting - perfect market for snake oil • by the way, many of the suppliers are Chinese 6

  10. From a Chinese company webpage: is a high-tech company which is professional in laser security. (...) We can supply our clients with the comprehensive products in this field, such as: hologram label design, hologram master shooting, related professional equipments and related hologram materials. (...) And our clients are quite satisfied with our products and services. We are sure that we can meet your demands as well. Welcome to visit our company.Any more requirements, please connect us. 7

  11. Example B: anti-counterfeiting with bare PUFs • Unique marks [Bauder, Simmons < 1991] - uncontrollable process - even manufacturer cannot clone Certificate • digitally signed by Enrollment Authority. • Two-step verification !"#$%&'()"*+,%" - check signature of Authority !"-.#*$/"&0)-" - check the mark. !"10$2"&-)0*34" • Forgery needs either - physical cloning !"#"$%&'("#)%$*+,' - or fake signature. -.'/*$01+"$.'234' • Allows open approach - no longer security-by-obscurity. 8

  12. Example B: anti-counterfeiting with bare PUFs • Unique marks [Bauder, Simmons < 1991] - uncontrollable process - even manufacturer cannot clone Certificate • digitally signed by Enrollment Authority. • Two-step verification !"#$%&'()"*+,%" - check signature of Authority !"-.#*$/"&0)-" - check the mark. !"10$2"&-)0*34" • Forgery needs either - physical cloning !"#"$%&'("#)%$*+,' - or fake signature. -.'/*$01+"$.'234' • Allows open approach - no longer security-by-obscurity. Manufacturer afraid to reveal product properties • just like biometric privacy • store hash of {mark + salt} → problem with noise 8

  13. Example C: remote authentication with bare PUF Eve has occasional access to the PUF Alice has {c i , S i } Bob has the PUF c i Random i Check if c i is replay Measure PUF response S’ Authenticated channel; MAC key S i Never use c i again • PUF serves as huge repository of keys • Problem: noisy measurements ! 9

  14. Example D: Read-proof key storage Device secrets stored during off state • attacker has full access • assumption: digital NV memory is insecure Derive encryption key from Silicon/Coating PUF • only when needed • non-digital, hard to read from outside • tampering destroys key • Physically Obfuscated Key (POK) Integrated components Insecure NV-mem E K [Device secrets] POK sensor crypto processor K Noise! 10

  15. Secure Sketches & Fuzzy Extractors 11

  16. A special kind of noise correction Redundancy data Juels, Wattenberg 1999 Dodis, Reyzin, Smith 2003 • required for error correction Linnartz, Tuyls 2003 • created at enrollment • assumed public! (stored e.g. in DB) • must not leak Secure Sketch Fuzzy Extractor SS Gen S X X W (helper data) W ˆ X X’ X’ Rec Rep S’ • Prob[ ≠ X] is low ˆ • Prob[S’ ≠ S] is low X • I (W; X) is small • I (W; S) is small • don’t care about I (W;X) 12

  17. Which technique to use, SS or FE? privacy uniform Application Technique of X ? secret? authentication ∎ One-Way Function by password biometric authentication ∎ Secure Sketch + OWF anticounter- ∎ Secure Sketch + OWF feiting PUF anticounter- --- feiting PUF bare PUF PUF authent. --- w/o MACs PUF authent. ∎ Fuzzy Extractor with MACs ∎ POK Fuzzy Extractor 13

  18. ̂ Privacy-preserving biometric database Enrollment: X i SS W i hash ID helper data salt 1 W 1 c 1 H 1 =h(c 1 ||X 1 ) ... ... ... ... n W n c n H n =h(c n ||X n ) Authentication: c i H i W i yes/no X i X' i Rec h(.||.) Compare 14

  19. Helper Data; some intuition SS Gen S X X SS FE W W ˆ X X’ Rec X’ Rep S’ Noisy measurement X stable part noisy part } W key 15

  20. Helper Data; some intuition SS Gen S X X SS FE W W ˆ X X’ Rec X’ Rep S’ Noisy measurement X Helper Data reveals noisy part of X. stable part noisy part • SS: How much privacy is lost? Not so bad: } - W is subject to noise anyway W key - many people may have same W • FE: How much of the key is leaked? Zero if W, S derived from independent parts of X 15

  21. Bluff your way in Secure Sketches Discrete non-uniform noisy X. w ← SS(x) Enrollment phase: 16

  22. Bluff your way in Secure Sketches Discrete non-uniform noisy X. w ← SS(x) Enrollment phase: x w 16

  23. x ̂ = Rep(x’,w) Reconstruction phase: x’ 17

  24. x ̂ = Rep(x’,w) Reconstruction phase: x’ w 17

  25. x ̂ = Rep(x’,w) Reconstruction phase: x ̂ x’ w 17

  26. Secure Sketch: privacy of X How much does W leak? • position of X in a tile w How bad is that? • generally not so bad • “least significant bits” • subject to noise anyway • attacker must guess which tile 18

  27. Secure Sketch: privacy of X How much does W leak? • position of X in a tile w How bad is that? • generally not so bad • “least significant bits” • subject to noise anyway • attacker must guess which tile Can you do without helper data? • only if all enrollments occur first • but then the tiling itself leaks 18

  28. Fuzzy Extractor: generic construction from SS Dodis, Reyzin, Smith 2003 public Gen S UHF SS X random r W x ̂ X’ S’ Rec UHF Rep UHF = universal hash function 19

  29. Almost Universal Hash Functions Φ : X × R → T is called η -almost universal if, for fixed x, x’ Prob[ Φ R ( x ) = Φ R ( x ′ )] ≤ η Called Universal for η = 1/ | T | Carter, Wegman 1979 Leftover hash lemma If F : X × R → {0,1} ℓ is 2 − ℓ (1+ δ ) -almost universal, then ∆ ( F ( X, R ) Y R ; U ℓ Y R ) ≤ 1 � δ + 2 ℓ − e H 2 ( X | Y ) 2 Distance of F(X,R) from uniformity, given Y and R 20

  30. Extractable randomness Invert the leftover hash lemma: H 2 ( X | Y ) + 2 − 2 log 1 ext ( X | Y ) ≥ � ℓ ε ε penalty due to uniformity requirement Rather bad • H 2 ≤ Shannon entropy • Penalty term depends on target ε , not on uniformity improvement . 21

  31. Basic examples of Fuzzy Extractors 22

  32. Code offset method • X = binary string • Use a linear ECC Enrollment • random key s • encode to c s • w = c s -x Reconstruction • s’ = decode(x’+w) 23

  33. Fuzzy Extractor purely from UHFs B Š , Tuyls 2008 helper data MAC key 24

  34. Fuzzy Extractor purely from UHFs B Š , Tuyls 2008 helper data MAC key MAC on w 24

  35. Fuzzy Extractor from partitions Verbitskiy, Tuyls, Obi, Schoenmakers, B Š 2008 • First partition: equiprobable keys • 2nd partition: helper data, equiprob. subpartitions • S | W=w is uniform 25

  36. Protecting the helper data (no PKI) SS x “robustness” Boyen 2005 of helper data w and h=hash(x, w) attack Random oracle model w’, h’ x ̂ x’ Rec Check h’==hash(x ̂ ,w’) 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My experience with biometrics and privacy Academic background on privacy Gradiants goal: transfer of knowledge to industry We bring state of

193 views • 6 slides
Data Synchronization in Privacy-Preserving RFID Authentication Schemes S ebastien CANARD and

Data Synchronization in Privacy-Preserving RFID Authentication Schemes S ebastien CANARD and

Data Synchronization in Privacy-Preserving RFID Authentication Schemes S ebastien CANARD and Iwen COISEL Orange Labs R&amp;D - Caen - France RFIDSec 08 - 10 th July 2008 Outline 1 General Context 2 A synchronization problem 3 A

714 views • 33 slides
Positivity- -preserving Lagrangian schemes for preserving Lagrangian schemes for Positivity

Positivity- -preserving Lagrangian schemes for preserving Lagrangian schemes for Positivity

Sino-German Symposium on Advanced Numerical Methods for Compressible Fluid Mechanics and Related Problems, May 22-26, 2014 Beijing Positivity- -preserving Lagrangian schemes for preserving Lagrangian schemes for Positivity multi-

746 views • 53 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong CS573 Data Privacy and Anonymity Partial slides credit: W. Du, Syracuse University, Y. Gao, Peking University Privacy Preserving Data Mining

659 views • 39 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining &amp; Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining &amp; Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining &amp; Information Privacy: New Problems and the Search for Solutions March 15 th , 2004 Tal Zarsky The Information Society Project, Yale Law School Introduction: Various

273 views • 25 slides
Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes Ben-Gurion University, Israel This talk presents joint work with Boris Rozenberg Talk Outline Motivation for Privacy-Preserving Distributed Data

1.48k views • 68 slides
Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption With good encryption, data values not readable So whats the problem? Lecture 17 Page 1 CS 236 Online Traffic Analysis

532 views • 21 slides
Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

CS573 Data Privacy and Security Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li Xiong Slides credit: Chris Clifton, Purdue University; Murat Kantarcioglu, UT Dallas Outline Overview Data

901 views • 42 slides
CSCI E-170: Computer Security, Privacy and Usability Hour #2: Biometrics Biometrics Something

CSCI E-170: Computer Security, Privacy and Usability Hour #2: Biometrics Biometrics Something

CSCI E-170: Computer Security, Privacy and Usability Hour #2: Biometrics Biometrics Something that you know Something that you have Something that you are Uses of Biometrics: Simple: Verification Is this who he claims to be?

592 views • 40 slides
New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego Sensitive Data Medical Records Genetic Data Search Logs AOL Violates Privacy AOL Violates Privacy Netflix Violates Privacy [NS08]

957 views • 92 slides
Privacy preserving data mining multiplicative perturbation techniques Li Xiong CS573 Data

Privacy preserving data mining multiplicative perturbation techniques Li Xiong CS573 Data

Privacy preserving data mining multiplicative perturbation techniques Li Xiong CS573 Data Privacy and Anonymity Outline Review and critique of randomization approaches (additive noise) Multiplicative data perturbations Rotation

526 views • 39 slides
Efficient Privacy-Preserving Biometric Identification Yan Huang Lior Malka David Evans Jonathan

Efficient Privacy-Preserving Biometric Identification Yan Huang Lior Malka David Evans Jonathan

Efficient Privacy-Preserving Biometric Identification Yan Huang Lior Malka David Evans Jonathan Katz http://www.mightbeevil.org/secure-biometrics/ Feb 9, 2011 Motivating Scenario: Private No-Fly Checking Threat Models Semi-honest adversary

1.4k views • 40 slides
Motivation Dramatic increase in digital data Privacy-Preserving Data Mining World Wide

Motivation Dramatic increase in digital data Privacy-Preserving Data Mining World Wide

Motivation Dramatic increase in digital data Privacy-Preserving Data Mining World Wide Web Growing Privacy Concerns Rakesh Agrawal Ramakrishnan Srikant A Surveys of web users IBM Almaden Research Center 17%

369 views • 8 slides
On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph

On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph

On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph Geumlek,* Max Welling, + Kamalika Chaudhuri* + University of Amsterdam *University of California, San Diego Overview Bayesian Privacy-preserving

878 views • 75 slides
What is an experiment? In an experiment, a Physical Phenomenon is isolated as good as possible

What is an experiment? In an experiment, a Physical Phenomenon is isolated as good as possible

What is an experiment? In an experiment, a Physical Phenomenon is isolated as good as possible from the environment and its effect on (or interaction with) a Measuring quantity is recorded. Using a model , if the physical interaction is well

561 views • 37 slides
3 He target tests Kai Jin University of Virginia June 15, 2018 Status Oven Installation

3 He target tests Kai Jin University of Virginia June 15, 2018 Status Oven Installation

3 He target tests Kai Jin University of Virginia June 15, 2018 Status Oven Installation change of EPR Water NMR Beam compensation Installation of oven The new oven is installed in target lab in EEL building(the size is

233 views • 9 slides
Signal to Noise ratio and SN clustering thresholds in the SVD June 17, 2016 University of

Signal to Noise ratio and SN clustering thresholds in the SVD June 17, 2016 University of

Signal to Noise ratio and SN clustering thresholds in the SVD June 17, 2016 University of Melbourne Giacomo Caria and Phillip Urquijo 1 SN ratio - Different features for U and V sides, to be understood 3.2 - V direction 2 Clustering

221 views • 5 slides
Signal-to-Noise Ratio Measurements for IoT Communications with Quantum Tunneling Reflectors

Signal-to-Noise Ratio Measurements for IoT Communications with Quantum Tunneling Reflectors

Signal-to-Noise Ratio Measurements for IoT Communications with Quantum Tunneling Reflectors Francesco Amato December 13 th 2016 f.amato@gatech.edu School of Electrical and Computer Engineering Georgia Institute of Technology 1 Movement

460 views • 22 slides
Secure Face Matching Using Fully Homomorphic Encryption Vishnu Boddeti Michigan State University

Secure Face Matching Using Fully Homomorphic Encryption Vishnu Boddeti Michigan State University

Secure Face Matching Using Fully Homomorphic Encryption Vishnu Boddeti Michigan State University October 23rd, 2018 []$ [1/1] &gt;&gt;&gt; Face Representation and Matching * Face Representation: Alignment Embedding Function Representation

1.19k views • 55 slides
Section 7: Lab 2 &amp; Authentication CSE 484 / CSE M 584 Administrivia May 15 th May 25 th

Section 7: Lab 2 &amp; Authentication CSE 484 / CSE M 584 Administrivia May 15 th May 25 th

Section 7: Lab 2 &amp; Authentication CSE 484 / CSE M 584 Administrivia May 15 th May 25 th Final Project Checkpoint 1 Due @ Memorial Day: No Lecture 11:59pm Lab 2 Due @ 11:59pm Homework 3 Due @ 11:59pm May 22 nd May 29 th More Lab 2 Hints

868 views • 33 slides
CyLab A Case Study on the Role of Usability Studies in Developing Public Engineering

CyLab A Case Study on the Role of Usability Studies in Developing Public Engineering

CyLab A Case Study on the Role of Usability Studies in Developing Public Engineering &amp; Policy Public Policy Rebecca Balebako, Richard Shay, Lorrie Faith Cranor y &amp; c S a e v c i u r P r i t e y l b L a a s

708 views • 37 slides
Lecture 7: Authentication Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi

Lecture 7: Authentication Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi

T-79.159 Cryptography and Data Security Lecture 7: Authentication Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi T-79.159 Cryptography and Data Security, 10.03.2004 Lecture 7: Authentication, Helger Lipmaa 1 Recap

904 views • 53 slides

More recommend