Enhancing Security with Biometric Authentication Solutions
Explore the advantages of biometric authentication over password-based systems, including better usability and protection against server-side breaches. Learn about FIDO Alliance, fuzzy matching, and distributed FIDO solutions for improved security. Discover the challenges and solutions for storing biometric data on mobile devices effectively.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
BETA: Biometric Enabled Threshold Authentication BETA: Biometric Enabled Threshold Authentication Saikrishna Badrinarayanan (Visa Research) Joint work with Shashank Agrawal Payman Mohassel Pratyay Mukherjee Sikhar Patranabis Western Digital Facebook Visa Research Visa Research
Password-based Authentication Enrollment phase Enroll password on the server store salted hash Online phase Server Phone Password User Password Match / No Match Issues Offline dictionary attacks - Large scale real world breaches Usability concerns: High entropy requirement
Biometric Authentication Enrollment phase store biometric template on a server Online phase Server Phone User Measurement Enter biometric Match / No Match Better usability than passwords Server side breaches are more damaging
FIDO Alliance and how it works Enrollment phase Server Phone User pk Enter biometric template 1. Single point of failure 2. Need the same device each time Store sk Store pk Online Phase Server Phone User Challenge Enter biometric measurement Signature Match / No Match to unlock sk Verify signature to authenticate
How to store biometric data on the phone? Secure Hardware Costly, not easily available, hard to program. Salted Hash Biometric matching is fuzzy . Offline attacks. Fuzzy Extractors Requires high-entropic biometric data. Loss in accuracy. Offline dictionary attacks.
Our Solution Our Solution: ``Distributed FIDO ``Distributed FIDO
Fuzzy Threshold Tokenizer (FTT) Fuzzy Threshold Tokenizer (FTT) Enrollment phase Server Phone User pk Enter biometric Template w (w1, sk1) Secret share template and signing key (w2, sk2) (wn, skn) (w3, sk3) Can also replace with multiple servers . . .
Fuzzy Threshold Tokenizer (FTT) Fuzzy Threshold Tokenizer (FTT) Online phase Server Phone User Challenge Enter biometric Measurement u Signature Verify signature to authenticate Match / No Match (wn, skn) (w3, sk3) (w2, sk2) . . .
Threshold Structure and Communication Pattern (wT, skT) (w3, sk3) (w2, sk2) 1. Need to involve only a threshold T number of devices. 2. The devices don t interact amongst themselves all communication is via the ``initiator . 3. Initiator need not be the phone or the same device each time.
Security Goals Malicious adversary. Corrupts a set of less than T devices. Biometric template privacy Biometric measurement privacy Unforgeability Adversary should not be able to generate a valid signature without running the protocol on a valid measurement. At most one signature from each session. Formalized using a simulation-based definition in the UC framework.
Biometric Matching How to compare two biometric measurements? Y X ?1 ?2 ?? ?1 ?2 ?? Match if Dist (X, Y) < t Match / No Match
Our Results Our Results New Primitive for threshold biometric authentication and formal security model with UC security. Three protocols secure against malicious adversaries with various tradeoffs. Distance Metric Parties N: no bound Based on Concrete Efficiency T Corrupt Protocol 1 Any Any Any 2 Round MPC Feasibility Protocol 2 Any Any Any Threshold FHE Feasibility Protocol 3 Cosine Similarity, Euclidean Distance 3 1 Paillier encryption Efficient Fingerprint, Face recognition
Techniques Techniques 2 round MPC based protocol 2 round MPC based protocol
If no constraint on communication pattern (w1, sk1, u, Chall) (wT, skT) (w3, sk3) (w2, sk2) Run MPC for the following function: Reconstruct w from (w1, , wT) and sk from (sk1, , skT) If (u, w) are ``close , generate threshold signature on Chall.
Emulating 2 round MPC ? Let N = T = 3 (w3, sk3) (w1, sk1, u, Chall) (w2, sk2) ``Begin ``Begin ?.?????1 ?.?????1 , Signature , Signature Forward ?.?????1 , Signature , Signature Forward ?.?????1 ???3= ?1.?.?????1 ???2= ?1.?.?????1 Check signature Check signature ?.?????2 ?.?????2 Learn Output What if ???2 ???3 ?
Conditional Disclosure PRF keys K2, K3 PRF key K2, K3 (w1, sk1, u, Chall) (w2, sk2) (w3, sk3) . . . . . . ???2= ?1.?.?????1 ???3= ?1.?.?????1 Encrypt and send ?.?????2 ?.?????2 ???(?2,???2) ???(?3,???3) PRF(K2, msg3) PRF(K3, msg2) Decrypt to learn ?.?????2 and ?.?????2 Can be generalized for arbitrary N, T
Techniques Techniques 3 party 1 corruption protocol 3 party 1 corruption protocol
Biometric Matching: Cosine Similarity Typically, n is 256 or 512. Match if ?1 ?2 ?? ?1 ?2 ?? ????> ? ? Match / No Match
Enrollment (w1, sk1) (w2, sk2) (w2, sk2) Randomness R Randomness R
Online phase (w3, sk3, R) (w2, sk2, R) (w1, sk1, u, Chall) OT1 (w1, u), Chall OT1 (w1, u) Garble the following circuit using R: 1. Reconstruct w from w1, w2 2. Check if <u, w> > t 3. If so, output ek 1. GC computation expensive 2. Input consistency for w1? GC, OT2(.) Hash( GC, OT2(.), ) ????(? ???) ek 1. Check hash 2. Recover labels from OT 3. Evaluate GC
Paillier encryption (w3, sk3, R) (w2, sk2, R) (w1, sk1, u, Chall) u u , pk , pk pk pk <u, w2> Hash(. ) <u, w2> 1. Check hash 2. Decrypt and add local term <u, w1> to get ip = <u, w> Much more efficient OT1 (ip) OT1 (ip), Chall Garble the following circuit: 1. Reconstruct w from w1, w2 2. Check if ip > t 3. If so, output ek GC, OT2(.) Hash( GC, OT2(.), ) ????(? ???) ek
Solving input consistency (w3, sk3, R) (w2, sk2, R) (w1, sk1, u, Chall) u u , pk , pk pk pk + NIZK <u, w1> + NIZK <u, w1> <u, w2> <u, w> Hash(. ) <u, w2> <u, w> 1. Check hash 2. Decrypt to get ip = <u, w> . . . . . .
Other issues (w3, sk3, R) (w2, sk2, R) (w1, sk1, u, Chall) . . . . . . <u, w> + r Leakage Compute ip = <u, w> Compute ip = <u, w> + r OT1 (ip) OT1 (ip), Chall Garble the following circuit: How to ensure that the decrypted value is used in the OT ? 1. <u, w> = ip - r 2. Check if <u, w> > t 3. If so, output ek Additional one-time MACs. Handle modulus with more checks.
Conclusion and Open Problems New formal model with UC-secure definition for threshold biometric authentication. Two feasibility results and one efficient protocol for Cosine Similarity. Weaker game-based definition and more efficient protocols? Other distance functions like Hamming distance? Dynamic system? Adaptive corruption?
