LOGO

A Framework of Remote Biometric Authentication on the Open
Network
From GM Labs

Copyright © 2005,2006 Institute of System & Information Technologies/ KYUSHU All rights reserved.

Agenda Background Our Goal Certificate based framework of biometric authentication One-time Biometrics Conclusion 3/20/2012 Institute of Systems & Information Technologies/ KYUSHU .

Iris.Background Biometric authentication is remarkable! Based on Physical and behavioral Characteristics ● ● ● ● ● ● Fingerprint. Facial image. Voice. Pattern of vein Etc 3/20/2012 Institute of Systems & Information Technologies/ KYUSHU .

3/20/2012 Institute of Systems & Information Technologies/ KYUSHU . ● ● ● ● E-passports Bank Monitoring entrance Etc.Background Biometric authentication is remarkable! Biometric systems are applied to many services.

History of illness. We need secure and reliable authentication systems for many E-Services! Biometrics is one of the candidates. We are not able to re-enroll spare data. etc. Biometrics has some weak points! ● ● Easy to obtain Secondary information ■ ■ Sex. However. When enrolled data is compromised. if we apply biometrics to E-services.Background On the other hands. Irreplaceable SERIOUS PRIVACY ISSUES 3/20/2012 Institute of Systems & Information Technologies/ KYUSHU .

3/20/2012 Institute of Systems & Information Technologies/ KYUSHU . One-time biometrics ■ How do we construct secure remote biometric authentication systems? ■ even though biometric authentication data is compromised.Our Goal Reliable authentication on the open networks by using Biometrics Viewpoints: 1. Certificate based framework ■ What do we require framework for reliable biometric authentication system? 2.

this area aims to International Standardization ● Ikeda et al.’s (Toshiba Solution) proposal ISO/IEC JTC1/SC27/WG2 Verification of Biometric Authentication Environment ● Isobe et al.’s (Hitachi) proposal ITU-T SG17/Q8 Bio-PKI with Template Format The above proposals have privacy issues: It is easy for anyone to get relationship between the biometric data and its ownership…… 3/20/2012 Institute of Systems & Information Technologies/ KYUSHU 7 .Certificate-based framework Public Key Infrastructure (PKI) with Biometrics Currently.

Certificate-based framework Assurance of anonymity in the Biometric Authentication by using Personal Repository Owner (User) RELATION Personal Repository RELATION Enrolled Templates Ownership Certificate Template Certificate Certificate Authority for User’s Personal Repository Certificate Authority for Template Data Legitimate user or legitimate server can verify these relationships so that Adversaries obtain no information of above. 3/20/2012 Institute of Systems & Information Technologies/ KYUSHU 8 .

Certificate-based framework A Framework of verification of ownership of PR by VA Assumption: CA issuing ownership certificate of PR. Trusted VA Certificate Authority for User’s Personal Repository Personal Repository Biometrics Device Verification Authority for User’s Personal Repository Client (User) Internet Application Server Certificate Authority for Public Key Certificate Authority for Template Data Certificate Authority for Authentication Institute of Environment Systems & Information Technologies/ KYUSHU 3/20/2012 9 .

⇒ If user colludes with VA. ■ In application server.Certificate-based framework Argument of Security Abovementioned framework ● Biometric Authentication verifies personal repository is used by legitimate user. ● Personal Repository requires following assumptions. ● ● Anti-tampered resistance Calculation power for generation and verification of digital signature 3/20/2012 Institute of Systems & Information Technologies/ KYUSHU 10 . ● Application Server receives only information of the identity as verification result from VA. Identity of User and holder ⇒ Only VA can verifies it. user is anonymity. this framework will not be secure.

In order to achieve the above concept.One-time Biometrics Now. the authentication system must react to the compromise. I am investigating. the authentication system can generate data which has one-time characteristics like one-time password. I presented this topic at Symposium of Cryptography & Information Security 2006 in Japan Today. communication data can be obtained! Whenever authentication data is compromised. On the internet. I will talk only basic idea. But. 3/20/2012 Institute of Systems & Information Technologies/ KYUSHU .

3/20/2012 Institute of Systems & Information Technologies/ KYUSHU 12 .One-time Biometrics We propose One-Time Transform (OTT): OTT: Different transform every authentication session OTT is shared by a client and a storage of template OTT is applied to extracted features and corresponding enrolled templates Transformed data is used in matching process.

and session number a2 (t1≠t2) the feature or the template in matching process Coordinate of one of the features or the templates 3/20/2012 O Institute of Systems & Information X Technologies/ KYUSHU the feature or the template in matching process axis . and session number a1 : transformed points by OTT on time t2. Iterated Function Systems : transformed points by OTT on time t1.One-time Biometrics An illustration of One-Time Transform: Candidate of OTT: Recursive non-linear transform ● Y axis Chaos transforms.

3/20/2012 Institute of Systems & Information Technologies/ KYUSHU 14 . There are optimal distance functions for evaluating matching score from the transformed data. Requirements of the OTTs It is difficult for any adversaries to calculate the original features and templates from the transformed ones.One-time Biometrics We propose One-Time Transform (OTT): OTT: Different transform every authentication session OTT is shared by a client and a storage of template OTT is applied to extracted features and corresponding enrolled templates Transformed data is used in matching process. No adversary extracts the original features & templates from OTTs used in past authentication.

One-time Biometrics Framework of biometrics with One-Time Transforms Including “Function Generator” which constructs OTTs Expectation: It is easy to implement One-Time Biometrics by UPDATING SOFTWARE from conventional systems. Time Stamp Server Time Stamping Function Generator Construction of OTTs Storage of Templates Application of OTT Client Acquisition Feature Extraction Application 3/20/2012 of OTT Authentication Server Matching Decision Institute of Systems & Information Technologies/ KYUSHU .

Client and Storage can easily detect it. Case 2: Adversaries listen communication form Function Generator. Collusion attack: FEASIBLE? Case 1: Client colludes with Function Generator. Case 2: Server colludes with Function Generator 3/20/2012 Institute of Systems & Information Technologies/ KYUSHU . Replay attack: DIFFICULT Case 1: Adversaries listen communication between Client and Server ● Transformed data is changeable in every authentication.One-time Biometrics Argument of Security Assumption: assurance of security of OTT Hill-climbing attack: DIFFICULT ● According to OTT. ● When the adversaries use past OTT. distance function and threshold are varied.

there are too many points… 3/20/2012 Institute of Systems & Information Technologies/ KYUSHU . Future Works In fact. ● Resistance against Hill-Climbing Attack. Replay Attack.Conclusion Certificate-based Framework: We propose the Framework of Biometric authentication on Open networks ● ● ● Establishment of Verification Authority Assurance of user’s anonymity against Application Server Reduce of possibility of compromising personal information One-Time Biometrics: We propose the One-Time Transform which is different every authentication session.

Thank you for your attention 3/20/2012 Institute of Systems & Information Technologies/ KYUSHU .

Sign up to vote on this title
UsefulNot useful