ON THE (NON-)REUSABILITY OF FUZZY SKETCHES AND EXTRACTORS AND SECURITY IN THE COMPUTATIONAL SETTING

Marina Blanton, Mehrdad Aliasgari

Abstract

Secure sketches and fuzzy extractors enable the use of biometric data in cryptographic applications by correcting errors in noisy biometric readings and producing cryptographic materials suitable for many applications. Such constructions work by producing a public sketch, which is later used to reproduce the original biometric and all derived information exactly from a noisy biometric reading. It has been previously shown that release of multiple sketches associated with a single biometric presents security problems for certain constructions. Through novel analysis we demonstrate that all other constructions in the literature are also prone to similar problems, which hinders their adoption in practice. To mitigate the problem, we propose for each user to store one short secret string for all possible uses of her biometric, and show that simple constructions in the computational setting have numerous security and usability advantages under standard hardness assumptions. Our constructions are generic in that they can be used with any existing secure sketch as a black box.

References

  1. Ballard, L., Kamara, S., Monrose, F., and Reiter, M. (2008). Towards practical biometric key generation with randomized biometric templates. In ACM CCS.
  2. Blanton, M. and Hudelson, W. (2009). Biometric-based non-transferable anonymous credentials. In ICICS, pages 165-180.
  3. Boyen, X. (2004). Reusable cryptographic fuzzy extractors. In ACM CCS, pages 82-91.
  4. Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., and Smith, A. (2005). Secure remote authentication using biometric data. In EUROCRYPT, pages 147-163.
  5. Clancy, T., Kiyavash, N., and Lin, D. (2003). Secure smartcard-based fingerprint authentication. In ACM SIGMM Workshop on Biometrics Methods and Applications, pages 45-52.
  6. Davida, G., Frankel, Y., and Matt, B. (1998). On enabling secure applications through off-line biometric identification. In IEEE Symposium on Security and Privacy, pages 148-157.
  7. Dodis, Y., Katz, J., Reyzin, L., and Smith, A. (2006). Robust fuzzy extractors and authenticated key agreement from close secrets. In CRYPTO, pages 232-250.
  8. Dodis, Y., Ostrovsky, R., Reyzin, L., and Smith, A. (2008). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM Journal of Computing, 38(1):97-139.
  9. Dodis, Y., Reyzin, L., and Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In EUROCRYPT, pages 523-540.
  10. Dodis, Y. and Smith, A. (2005). Correcting errors without leaking partial information. In ACM STOC, pages 654-663.
  11. Juels, A. and Sudan, M. (2002). A fuzzy vault scheme. In International Symposium on Information Theory.
  12. Juels, A. and Wattenberg, M. (1999). A fuzzy commitment scheme. In ACM CCS, pages 28-36.
  13. Kelkboom, E. (2010). On the performance of helper data template protection schemes. PhD thesis, University of Twente.
  14. Kholmatov, A. and Yanikoglu, B. (2008). Realization of correlation attack against the fuzzy vault scheme. In Proceedings of SPIE, volume 6819.
  15. Naor, M. and Reingold, O. (1997). Number-theoretic constructions of efficient pseudo-random functions. In IEEE FOCS, pages 458-467.
  16. Nisan, N. and Ta-Shma, A. (1999). Extracting randomness: A survey and new constructions. Journal of Computer and System Sciences, 58:148-173.
  17. Pankanti, S., Prabhakar, S., and Jain, A. (2002). On the individuality of fingerprints. IEEE Transactions on Pattern Analysis and Machine Intelligence, 24(8):1010- 1025.
  18. Poon, H. and Miri, A. (2009). A collusion attack on the fuzzy vault scheme. ISC International Journal of Information Security, 1(1):27-34.
  19. Scheirer, W. and Boult, T. (2007). Cracking fuzzy vaults and biometric encryption. In IEEE Biometrics Symposium, pages 1-6.
  20. Shparlinski, I. (2001). On the uniformity of distribution of the Naor-Reingold pseudo-random function. Finite Fields and Their Applications, 7(2):318-326.
  21. Simoens, K., Tuyls, P., and Preneel, B. (2009). Privacy weaknesses of biometric sketches. In IEEE Symposium on Security and Privacy, pages 188-203.
  22. Smith, A. (2004). Maintaining secrecy when information leakage is unavoidable. PhD dissertation, MIT.
Download


Paper Citation


in Harvard Style

Blanton M. and Aliasgari M. (2011). ON THE (NON-)REUSABILITY OF FUZZY SKETCHES AND EXTRACTORS AND SECURITY IN THE COMPUTATIONAL SETTING . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 68-77. DOI: 10.5220/0003454900680077


in Bibtex Style

@conference{secrypt11,
author={Marina Blanton and Mehrdad Aliasgari},
title={ON THE (NON-)REUSABILITY OF FUZZY SKETCHES AND EXTRACTORS AND SECURITY IN THE COMPUTATIONAL SETTING},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={68-77},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003454900680077},
isbn={978-989-8425-71-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - ON THE (NON-)REUSABILITY OF FUZZY SKETCHES AND EXTRACTORS AND SECURITY IN THE COMPUTATIONAL SETTING
SN - 978-989-8425-71-3
AU - Blanton M.
AU - Aliasgari M.
PY - 2011
SP - 68
EP - 77
DO - 10.5220/0003454900680077