Biometric Cryptosystems - PowerPoint PPT Presentation

About This Presentation
Title:

Biometric Cryptosystems

Description:

Biometric Cryptosystems Presenters: Yeh Po-Yin Yang Yi-Lun – PowerPoint PPT presentation

Number of Views:250
Avg rating:3.0/5.0
Slides: 34
Provided by: dash150
Category:

less

Transcript and Presenter's Notes

Title: Biometric Cryptosystems


1
Biometric Cryptosystems
  • Presenters
  • Yeh Po-Yin
  • Yang Yi-Lun

2
Cryptosystem
  • User authentication
  • Cryptographic keys
  • Login password
  • RSA Public keys

3
Cryptographic Keys
  • Long and random
  • Stored somewhere
  • Computer
  • Smart card
  • Released base on user password

4
User password
  • Short and simple
  • Easily guessed
  • password
  • Same as account
  • Birth date
  • Tel
  • Use the same password everywhere

5
What if?
  • A single password is compromised while user uses
    the same password across different applications?
  • A complex password is written down some easily
    accessible locations?
  • The device which stores the cryptographic keys
    had been cracked?

6
Traditional cryptosystems
  • Base on secret keys
  • Forgotten
  • Lost
  • Stolen
  • Repudiation

7
Biometric authentication
  • More reliable
  • Can not be lost or forgotten
  • Difficult to copy, share, and distribute
  • Hard to forge
  • Unlikely to repudiate
  • Relatively equal security level

8
Biometric
  • No biometric is optimal
  • Depends on the requirement of the application

9
Comparison of biometrics
  • Properties
  • Universality
  • Distinctiveness
  • Permanence
  • Collect ability
  • Attributes
  • Performance
  • Acceptability
  • Circumvention

10
(No Transcript)
11
Biometric signal variations
  • Inconsistent presentation
  • Irreproducible presentation
  • Imperfect signal acquisition

12
(No Transcript)
13
(No Transcript)
14
Biometric Matcher
  • Exact match is not very useful
  • Aligning
  • Matching score
  • Fingerprint
  • Identify minutiae neighbors

15
(No Transcript)
16
Performance
  • Two type of errors
  • False match ( false accept )
  • False non-match ( false reject )
  • Error rates
  • False match rate ( FMR )
  • False non-match rate ( FNMR )
  • Tradeoff relation

17
Biometric keys
  • Biometric-based authentication
  • User authentication
  • Biometric component
  • Cryptographic system
  • Key release on positive match

18
Biometric key database
  • Cryptographic key
  • User name
  • Biometric template
  • Access privileges
  • Other personal information

19
What if?
  • The theft of biometric data crack into the
    biometric key database?

20
Hacking Attack
21
Definition
  • Hacker
  • Cracker
  • Attack
  • Disturbance
  • Block
  • Incursion

22
Attacking Step
  • Decide target
  • Easy
  • Worth
  • Purpose
  • Gain information
  • Firewall
  • System

23
  • Detect path
  • Ping
  • Traceroute
  • Hopping site
  • Bot
  • Make incursion

24
Types of attack
  • Interruption
  • attack on availability
  • Interception
  • attack on confidentiality
  • Modification
  • attack on integrity
  • Fabrication
  • attack in authentication

25
  • Reference ????????

26
Common form of attack
  • Denial of Service (DoS) attacks
  • Distributed Denial of Service (DDoS) attacks
  • Trojan Horse
  • Virus
  • Websites
  • Worm

27
  • Sniffing
  • Spoofing
  • Bug
  • Buffer overflow

28
Protection
  • Firewall
  • Antivirus program
  • Update
  • Close non-necessary program
  • Close non-necessary internet service
  • Scan computer

29
Back to biometric keys
  • Is it possible to issue a new biometric template
    if the biometric template in an application is
    compromised?
  • Is it possible to use different template on
    different applications?
  • Is it possible to generate a cryptographic key
    using biometric information?

30
Solving Q1 and Q2
  • Store H(x) instead of x
  • H is the transform function
  • x is the original biometric signal

31
Solving Q3
  • Hide the key within the users biometric template
  • Biometric key generation or binding
  • Bind a private key into the user biometric
    information
  • Both key and biometric are inaccessible to
    attacker
  • No biometric matching at all

32
Conclusion
  • Combining difficulties
  • Existing biometric authentication technologies is
    not perfect
  • Difficult to align the representations in the
    encrypted domain
  • Should not have systematic correlation between
    the identity and the key

33
Reference
  • Umut Uludag, Sharath Pankanti, Salil Probhakar,
    and Anil K. Jain Biometric Cryptosystems Issues
    and Challenges, Proceedings of IEEE, 2004
  • Uludag U, Anil Jain Securing Fingerprint
    Template Fuzzy Vault with Helper Data, Computer
    Vision and Pattern Recognition Workshop, 2006
    Conference on
  • http//www.crucialp.com/resources/tutorials/websit
    e-web-page-site-optimization/hacking-attacks-how-a
    nd-why.php
  • ????????
  • http//www.hacker.org.tw/?carticles_showarticlei
    d882
  • http//www.gamez.com.tw/viewthread.php?tid58607
  • http//www.symantec.com/region/tw/enterprise/artic
    le/todays_hack.html
Write a Comment
User Comments (0)
About PowerShow.com