Sebastian Pape Templateless Biometric-Enforced Non-Transferability - - PowerPoint PPT Presentation

sebastian pape templateless biometric enforced non
SMART_READER_LITE
LIVE PREVIEW

Sebastian Pape Templateless Biometric-Enforced Non-Transferability - - PowerPoint PPT Presentation

Oct 16, 2022 102 likes •268 views

Kryptowochenende 2008 Sebastian Pape Templateless Biometric-Enforced Non-Transferability of Anonymous Credentials 1 Sebastian Pape, Databases and Interactive Systems Research Group Overview Motivation Anonymous Credentials

slide-1
SLIDE 1

Sebastian Pape, Databases and Interactive Systems Research Group

1

Sebastian Pape Templateless Biometric-Enforced Non-Transferability of Anonymous Credentials

Kryptowochenende 2008

slide-2
SLIDE 2

Sebastian Pape, Databases and Interactive Systems Research Group

2

Overview

  • Motivation
  • Anonymous Credentials
  • Problems with Biometrics
  • Wallet-with-Observer Architecture
  • Existing Approaches
  • Idea
  • Example
  • Outlook
slide-3
SLIDE 3

Sebastian Pape, Databases and Interactive Systems Research Group

3

Motivation

  • Cryptographic primitives are based on secrets
  • Private keys for digital signatures
  • Secrets in Zero-Knowledge-Proofs (ZKP)
  • Secret is knowledge and knowledge can be
  • Stolen
  • Transfered to someone
  • How can you be sure the secret was used

by its regular owner?

slide-4
SLIDE 4

Sebastian Pape, Databases and Interactive Systems Research Group

4

Anonymous Credentials

  • Consist of cryptographic tokens
  • Allow authentication without identification
  • Based on ZKP
  • Non-transferablity may be wished

⇒ Make the user not wanting to share ⇒ Embed valuable secrets into the system ⇒ Share nothing-or-all strategy ✗ Can be circumvented ✗ Raise system's value ⇒ Keep tokens secret from user

  • Use of Biometrics
slide-5
SLIDE 5

Sebastian Pape, Databases and Interactive Systems Research Group

5

Problems with Biometrics

  • Finding good/usable attributes
  • Fingerprints
  • Universality
  • Circumvention
  • Cannot be changed
  • False nonmatch rate

vs. False match rate

  • Privacy Issues
slide-6
SLIDE 6

Sebastian Pape, Databases and Interactive Systems Research Group

6

Hardware (outdated)

  • Privacy problem: Template database

Source: www.fidelica.com

slide-7
SLIDE 7

Sebastian Pape, Databases and Interactive Systems Research Group

7

Hardware (match-on-card) Source: www.fidelica.com

  • No template database
  • Privacy problem: Eavesdropper
slide-8
SLIDE 8

Sebastian Pape, Databases and Interactive Systems Research Group

8

Hardware (embedded) Source: www.fidelica.com

  • No template database
  • Protected against eavesdropper
slide-9
SLIDE 9

Sebastian Pape, Databases and Interactive Systems Research Group

9

Some Problems of Biometrics

  • Finding good/usable attributes
  • Fingerprints
  • Universality
  • Circumvention
  • Cannot be changed
  • False nonmatch rate

vs. False match rate

  • Privacy Issues
  • Trust to system
slide-10
SLIDE 10

Sebastian Pape, Databases and Interactive Systems Research Group

10

Wallet-with-Observer Architecture

  • General Problem: Contact to "correct card"?

Wallet Observer Verifier

slide-11
SLIDE 11

Sebastian Pape, Databases and Interactive Systems Research Group

11

Wallet-with-Observer Architecture + Biometrics

  • Biometrics to Observer

Wallet Observer Verifier

slide-12
SLIDE 12

Sebastian Pape, Databases and Interactive Systems Research Group

12

Existing Approaches

  • Current approaches compare biometrics to templates

✔ Underlying system needs no change ✗ Stored Templates

  • Fuzzy extractors provide same output to "close" input
  • "error correcting hash"
  • Private keys can be derived from Biometrics

✗ Derived keys need to suit to underlying system ✔ No templates/storage needed fe( ) s

slide-13
SLIDE 13

Sebastian Pape, Databases and Interactive Systems Research Group

13

Idea

  • Combine Advantages

⇒ No Templates stored ⇒ No change of underlying system fe( ) s* s

XOR, mod, ...

slide-14
SLIDE 14

Sebastian Pape, Databases and Interactive Systems Research Group

14

Example (Setup) based on Feige-Fiat-Shamir Id.-Protocol Authority chooses two large prime integers p,q calculates n= p * q generates s1, ... , sk with gcd(si,n) = 1 computes vi ≡ si

2 (mod n)

Public (known by verifier and prover): n, vi Secret (kept inside the smartcard): si Secret (kept by authority): p, q Card initialization: si is overwritten by s*

i ≡ si - fe(fpu) (mod n)

slide-15
SLIDE 15

Sebastian Pape, Databases and Interactive Systems Research Group

15

Example (Prove) based on Feige-Fiat-Shamir Id.-Protocol Smartcard: chooses a random integer r, a random sign   {-1,1} computes  x ≡ r2 (mod n)  V Verifier: chooses numbers ai  {0,1}  S Smartcard: reads fingerprint fpu computes y ≡ r(s*

1+fe(fpu))a1 * ... * (s* k+fe(fpu))ak (mod n)  V

Verifier: checks if y

2 ≡  x v1

a1* ... * vk ak (mod n)

decides if the prover has passed authorisation. s

slide-16
SLIDE 16

Sebastian Pape, Databases and Interactive Systems Research Group

16

Outlook Source: www.fidelica.com Connection to proper smartcard? User interleaved Use of flexible display e.g. for r

2

Unlimited number of uses base on n-time anonym. authentification Concrete implementation