Abstract
As the internet-of-things (IoT) era begins, there is a significant need for low-cost access control schemes that allow humans to activate and maintain IoT systems.Traditional biometric access control systems remain, however, vulnerable to physical attacks resulting in template theft/privacy, illegal access, etc. This paper aimed to address this by expanding on a proposal called BLOcKeR, which combines biometrics with two recent advances in hardware security—physically unclonable functions (PUFs) and hardware obfuscation. Hardware obfuscation is a technique to protect electronic hardware against access control circumvention attacks through locking mechanisms. A PUF is incorporated to tie the biometrics of the owner to the system. Combining these advances with biometrics, BLOcKeR protects a biometric system from physical attacks by locking its functionality and aims at ensuring successful activation of the locked system unlike the authentication /matching in biometric systems. In addition, unlike various existing approaches, BLOcKeR does not store the raw biometric of users while providing irreversibility, unlinkability, and revocability to the templates. We present a security analysis and experiments with more than 45,000 attack variants to evaluate BLOcKeR’s security against unauthorized access.
Similar content being viewed by others
Notes
This study has been mostly carried out, when Fatemeh Ganji was with Florida Institute for Cybersecurity Research
An initial assertion on this idea was discussed in our non-peer-reviewed, earlier version of this study [5], which only covered how our framework enrolls a device to one user.
This is a simplified overview of how BLOcKeR works. For details, see Sect. 3.
This cannot be performed by an adversary, even if she has access to AD, as x cannot be retrieved from AD.
More formally, the number of CRPs offered by a strong PUF is exponential in the security parameter, i.e., the number of bits in a challenge.
This notion should not be confused with Bipartite Biotokens that concerns generating revocable biotokens [42].
Alternatively, the designer of BLOcKeR can store the entire set of CRPs, which is indeed against the storage efficiency as the size of the set is exponential in the number of bits in a challenge.
\(\Delta \mathbb {H}_\infty { isdenotedby}\text {I}(\text {AD};x)\) in some reference, e.g., [36].
References
Dockrill P (2018) First-ever drone swarm attack has struck russian military bases, sources claim. Online at https://goo.gl/rABptt
Jain AK, Nandakumar K, Nagar A (2008) Biometric template security. EURASIP J Adv Signal Process 2008:113
Nandakumar K, Jain AK (2015) Biometric template protection: Bridging the performance gap between theory and practice. IEEE Signal Process Mag 32(5):88–100
Wu S-C, Chen P-T, Swindlehurst AL, Hung P-L (2018) Cancelable biometric recognition with ecgs: subspace-based approaches. IEEE Trans Inf Forensics Secur 14(5):1323–1336
Ganji F, Karimian N, Woodard D, Forte D (2019) Leave adversaries in the dark- blocker: Secure and reliable biometric access control. The Journal of the Homeland Defense and Security Information Analysis Center (HDIAC) 6(1):4–8
Forte D, Bhunia S, Tehranipoor MM (2017) Hardware protection through obfuscation. Springer
Suh GE, Devadas S (2007) Physical unclonable functions for device authentication and secret key generation. In Proceedings of the 44th annual design automation Conf ACM pp. 9–14
Rahman MT, Tajik S, Rahman MS, Tehranipoor M, Asadizanjani N (2020) The key is left under the mat: On the inappropriate security assumption of logic locking schemes. In Hardware Oriented Security and Trust (HOST) pp. 262–272
Karimian N, Tehranipoor M, Woodard D, Forte D (2019) Unlock your heart: Next generation biometric in resource-constrained healthcare systems and iot. IEEE Access 7:49135–49149
ISO/IEC 24745 (2011) Information technology–security techniques–biometric information protection
Chikkerur S, Ratha NK, Connell JH, Bolle RM (2008) Generating registration-free cancelable fingerprint templates. In 2008 IEEE Second International Conf on Biometrics: Theory, Applications and Systems pp. 1–6
Patel VM, Ratha NK, Chellappa R (2015) Cancelable biometrics: A review. IEEE Signal Process Mag 32(5):54–65
Weber S, Karger PA, Paradkar A (2005) A software flaw taxonomy: aiming tools at security. ACM SIGSOFT Software Engineering Notes 30(4):1–7
Skorobogatov SP (2005) Semi-invasive attacks: a new approach to hardware security analysis. PhD thesis, Citeseer
Wang H, Forte D, Tehranipoor MM, Shi Q (2017) Probing attacks on integrated circuits: Challenges and research opportunities. IEEE Des Test 34(5):63–71
Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In International Conf on the theory and applications of cryptographic techniques. Springer pp. 523–540
Mykletun E, Narasimha M, Tsudik G (2003) Providing authentication and integrity in outsourced databases using merkle hash trees. UCI-SCONCE Technical Report
Maes R, Verbauwhede I (2010) Physically unclonable functions: A study on the state of the art and future research directions. In Towards Hardware-Intrinsic Security. Springer pp. 3–37
Zheng Y, Cao Y, Chang C-H (2018) Facial biohashing based user-device physical unclonable function for bring your own device security. In Consumer Electronics (ICCE) IEEE International Conf pp. 1–6
Rührmair et al (2010) Modeling attacks on physical unclonable functions. In Proceedings of the 17th ACM Conf. on Computer and communications security ACM pp. 237–249
Ganji F (2018) On the learnability of physically unclonable functions. Springer
Juels A, Sudan M (2006) A fuzzy vault scheme. Des Codes Crypt 38(2):237–257
Scheirer WJ, Boult TE (2007) Cracking fuzzy vaults and biometric encryption. In Biometrics Symp IEEE pp. 1–6
Tuyls P, Akkermans AH, Kevenaar TA, Schrijen G-J, Bazen AM, Veldhuis RN (2005) Practical biometric authentication with template protection. In International Conf. on Audio-and Video-Based Biometric Person Authentication. Springer pp. 436–446
Hao F, Anderson R, Daugman J (2006) Combining crypto with biometrics effectively. IEEE Trans Comput 55(9):1081–1088
Uludag U, Pankanti S, Prabhakar S, Jain AK (2004) Biometric cryptosystems: issues and challenges. Proc IEEE 92(6):948–960
Scheirer W, Boult T (2008) Bio-cryptographic protocols with bipartite biotokens. In Biometrics Symp BSYM’08 IEEE pp. 9–16
Kumar A (2016) Security and privacy for outsourced computations. PhD thesis, Université Grenoble Alpes
Markantonakis K, Tunstall M, Hancke G, Askoxylakis I, Mayes K (2009) Attacking smart card systems: Theory and practice. Information security technical report 14(2):46–56
Su Y, Holleman J, Otis B (2007) A 1.6 pj/bit 96% stable chip-id generating circuit using process variations. In Solid-State Circuits Conf., 2007. ISSCC 2007. Digest of Technical Papers. IEEE International pp. 406–611
Delvaux J et al (2016) Efficient fuzzy extraction of puf-induced secrets: Theory and applications. In International Conf on Cryptographic Hardware and Embedded Systems. Springer pp. 412–431
Merli D, Schuster D, Stumpf F, Sigl G (2011) Side-channel analysis of pufs and fuzzy extractors. In International Conf Trust and Trustworthy Computing. Springer pp. 33–47
Hiller M et al (2013) Breaking through fixed puf block limitations with differential sequence coding and convolutional codes. In Proceedings of the 3rd international workshop on Trustworthy embedded devices ACM pp. 43–54
Karam R, Hoque T, Ray S, Tehranipoor M, Bhunia S (2016) Robust bitstream protection in fpga-based systems through low-overhead obfuscation. In ReConFigurable Computing and FPGAs (ReConFig) International Conf on IEEE pp. 1–8
Yubico Team (2018) Upgrading yubikey firmware. Online at https://support.yubico.com/support/solutions/articles/15000006434-upgrading-yubikey-firmware Accessed 24 Jul 2020
Tuyls P, Goseling J (2004) Capacity and examples of template-protecting biometric authentication systems. In International Workshop on Biometric Authentication. Springer pp. 158–170
Brglez F, Bryan D, Kozminski K (1989) Combinational profiles of sequential benchmark circuits. In IEEE International Symp Circuits and Systems pp. 1929–1934
Chen C, Veldhuis RN, Kevenaar TA, Akkermans AH (2009) Biometric quantization through detection rate optimized bit allocation. EURASIP J Adv Signal Process 2009:1–16
Spacek L (2007) Collection of facial images: Faces94. Compt. Vision Science and Research Projects, University of Essex, UK, http://cswww.essex.ac.uk/mv/allfaces/faces94.html
Doddington G, Liggett W, Martin A, Przybocki M, Reynolds D (1998) Sheep, goats, lambs and wolves: A statistical analysis of speaker performance in the nist 1998 speaker recognition evaluation. Tech. rep., National Inst of Standards and Technology Gaithersburg Md
Alaql A, Hoque T, Forte D, Bhunia S (2019) Quality obfuscation for error-tolerant and adaptive hardware ip protection. In 2019 IEEE 37th VLSI Test Symp. (VTS) pp. 1–6
Scheirer WJ, Boult TE (2009) Bipartite biotokens: Definition, implementation, and analysis. In International Conf. on Biometrics. Springer pp. 775–785
Acknowledgements
This work is supported by US Army Research Office grant under award W911NF-19-1-0102.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Shomaji, S., Guo, Z., Ganji, F. et al. BLOcKeR: A Biometric Locking Paradigm for IoT and the Connected Person. J Hardw Syst Secur 5, 223–236 (2021). https://doi.org/10.1007/s41635-021-00121-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-021-00121-5