Abstract
Biometrics exhibit noise between repeated readings. Due to the noise, devices store a plaintext template of the biometric. This stored template is an appetizing target for an attacker.
Fuzzy extractors derive a stable cryptographic key from biometrics (Dodis et al., Eurocrypt 2004). Despite many attempts, there are no iris key derivation systems that prove lower bounds on key strength.
Our starting point is a fuzzy extractor due to Canetti et al. (Eurocrypt 2016). We modify and couple the image processing and cryptographic algorithms. We then present a sufficient condition on the iris distribution for security, and analysis this condition using the ND0405 Iris dataset.
We build an iris key derivation system with \(32\) bits of security even when multiple keys are derived from the same iris. We acknowledge \(32\) bits of security is insufficient for a secure system. Multifactor systems hold the most promise for cryptographic authentication. Our scheme is suited for incorporation of additional noiseless factors such as a password.
Our scheme is implemented in C and Python and is open-sourced.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The quantity \(h_2(t/n)*n\) is the binary entropy of t/n multiplied by n. The quantity \(h_2(t/n)*n\) is larger than t (when \(t\le .5n\)). For example, if \(t=.1n\) then \(h_2(t/n)*n \approx .427n\).
- 2.
Any distribution limited to people on the earth can be described using 33 bits. The estimate of 249 should be understood as the randomness involved in creating a new iris.
- 3.
The actual result of Boyen applies to secure sketches which imply fuzzy extractors. A secure sketch is a frequently used tool to construct a fuzzy extractor.
- 4.
- 5.
The security/correctness tradeoff of our system immediately improves with an iris transform with lower error rate.
References
Alamélou, Q., et al.: Pseudoentropic isometries: a new framework for fuzzy extractor reusability. In: AsiaCCS (2018)
Apon, D., Cho, C., Eldefrawy, K., Katz, J.: Efficient, reusable fuzzy extractors from LWE. In: Dolev, S., Lodha, S. (eds.) CSCML 2017. LNCS, vol. 10332, pp. 1–18. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60080-2_1
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security (CCS), pp. 62–73 (1993)
Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 159–176. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33481-8_9
Bitansky, N., Canetti, R.: On strong simulation and composable point obfuscation. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 520–537. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_28
Blanton, M., Aliasgari, M.: On the (non-) reusability of fuzzy sketches and extractors and security improvements in the computational setting. IACR Cryptology ePrint Archive 2012, 608 (2012)
Blanton, M., Aliasgari, M.: Analysis of reusability of secure sketches and fuzzy extractors. IEEE Transact. Inf. Forensics Secur. 8(9–10), 1433–1445 (2013)
Blanton, M., Gasti, P.: Secure and efficient protocols for iris and fingerprint identification. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 190–209. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23822-2_11
Blundo, C., De Cristofaro, E., Gasti, P.: EsPRESSo: efficient privacy-preserving evaluation of sample set similarity. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM/SETOP -2012. LNCS, vol. 7731, pp. 89–103. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35890-6_7
Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, pp. 538–552. IEEE (2012)
Bonneau, J., Herley, C., Van Oorschot, P.C., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: IEEE Symposium on Security and Privacy, pp. 553–567. IEEE (2012)
Bowyer, K.W., Flynn, P.J.: The ND-IRIS-0405 iris image dataset. arXiv preprint arXiv:1606.04853 (2016)
Bowyer, K.W., Hollingsworth, K., Flynn, P.J.: Image understanding for iris biometrics: A survey. Comput. Vis. Image Underst. 110(2), 281–307 (2008)
Bowyer, K.W., Hollingsworth, K.P., Flynn, P.J.: A survey of iris biometrics research: 2008–2010. In: Burge, M., Bowyer, K. (eds.) Handbook of iris Recognition. ACVPR, pp. 15–54. Springer, London (2013). https://doi.org/10.1007/978-1-4471-4402-1_2
Boyen, X.: Reusable cryptographic fuzzy extractors. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 82–91. ACM, New York (2004)
Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_9
Bringer, J., Chabanne, H., Cohen, G., Kindarji, B., Zémor, G.: Optimal iris fuzzy sketches. In: First IEEE International Conference on Biometrics: Theory, Applications, and Systems, 2007, BTAS 2007, pp. 1–6. IEEE (2007)
Bringer, J., Chabanne, H., Patey, A.: SHADE: Secure HAmming DistancE computation from oblivious transfer. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 164–176. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_11
Canetti, R., Dakdouk, R.R.: Obfuscating point functions with multibit output. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 489–508. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_28
Canetti, R., Fuller, B., Paneth, O., Reyzin, L., Smith, A.: Reusable fuzzy extractors for low-entropy distributions. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 117–146. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_5
F. Carter and A. Stoianov. Implications of biometric encryption on wide spread use of biometrics. In EBF Biometric Encryption Seminar (June 2008), 2008
Cheon, J.H., Jeong, J., Kim, D., Lee, J.: A reusable fuzzy extractor with practical storage size: modifying Canetti et al.’s Construction. In: Susilo, W., Yang, G. (eds.) ACISP 2018. LNCS, vol. 10946, pp. 28–44. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93638-3_3
Dakdouk, R.R.: Theory and Application of Extractable Functions. PhD thesis, Yale University (2009). http://www.cs.yale.edu/homes/jf/Ronny-thesis.pdf
Daugman, J.: How iris recognition works. IEEE Transact. Circuits Syst. Video Technol. 14(1), 21–30 (2004)
Delvaux, J., Gu, D., Verbauwhede, I., Hiller, M., Yu, M.-D.M.: Efficient fuzzy extraction of puf-induced secrets: theory and applications. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 412–431. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_20
Deshmukh, S., Carter, H., Hernandez, G., Traynor, P., Butler, K.: Efficient and secure template blinding for biometric authentication. In: 2016 IEEE Conference on Communications and Network Security (CNS), pp. 480–488. IEEE (2016)
Dodis, Y., Kanukurthi, B., Katz, J., Reyzin, L., Smith, A.: Robust fuzzy extractors and authenticated key agreement from close secrets. IEEE Transact. Inf. Theory 58(9), 6207–6222 (2012)
Dodis, Y., Katz, J., Reyzin, L., Smith, A.: Robust fuzzy extractors and authenticated key agreement from close secrets. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 232–250. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_14
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_31
Dupont, P.-A., Hesse, J., Pointcheval, D., Reyzin, L., Yakoubov, S.: Fuzzy password-authenticated key exchange. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 393–424. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_13
Evans, D., Huang, Y., Katz, J., Malka, L.: Efficient privacy-preserving biometric identification. In: Proceedings of the 17th Conference Network and Distributed System Security Symposium, NDSS (2011)
Fuller, B., Meng, X., Reyzin, L.: Computational fuzzy extractors. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 174–193. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_10
Fuller, B., Reyzin, L., Smith, A.: When are fuzzy extractors possible? In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 277–306. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_10
Fuller, B., Simhadri, S., Steel, J.: Reusable authentication from the iris. Cryptology ePrint Archive, Report 2017/1177 (2017). https://eprint.iacr.org/2017/1177
Fuller, B., Simhadri, S., Steel, J.: Computational fuzzy extractors (2018). https://github.com/benjaminfuller/CompFE
Goldreich, O.: A sample of samplers: a computational perspective on sampling. In: Goldreich, O. (ed.) Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation. LNCS, vol. 6650, pp. 302–332. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22670-0_24
Grossmann, A., Morlet, J.: Decomposition of Hardy functions into square integrable wavelets of constant shape. SIAM J. Math. Anal. 15(4), 723–736 (1984)
Guo, Z., Karimian, N., Tehranipoor, M.M., Forte, D.: Hardware security meets biometrics for the age of IoT. In: 2016 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1318–1321. IEEE (2016)
Hao, F., Anderson, R., Daugman, J.: Combining crypto with biometrics effectively. IEEE Transact. Comput. 55(9), 1081–1088 (2006)
Holenstein, T., Renner, R.: One-way secret-key agreement and applications to circuit polarization and immunization of public-key encryption. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 478–493. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_29
Hollingsworth, K.P., Bowyer, K.W., Flynn, P.J.: The best bits in an iris code. IEEE Transact. Pattern Anal. Mach. Intell. 31(6), 964–973 (2009)
Itkis, G., Chandar, V., Fuller, B.W., Campbell, J.P., Cunningham, R.K.: Iris biometric security challenges and possible solutions: for your eyes only? using the iris as a key. IEEE Sig. Process. Mag. 32(5), 42–53 (2015)
Josefsson, S.: The memory-hard argon2 password hash function. In: Memory (2015)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Sixth ACM Conference on Computer and Communication Security, pp. 28–36. ACM, November 1999
Kanade, S., Camara, D., Krichen, E., Petrovska-Delacrétaz, D., Dorizzi, B.: Three factor scheme for biometric-based cryptographic key regeneration using iris. In: Biometrics Symposium 2008, BSYM 2008, pp. 59–64. IEEE (2008)
Kelkboom, E.J., Breebaart, J., Kevenaar, T.A., Buhan, I., Veldhuis, R.N.: Preventing the decodability attack based cross-matching in a fuzzy commitment scheme. IEEE Transact. Inf. Forensics Secur. 6(1), 107–121 (2011)
Komanduri, S., et al.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2595–2604. ACM (2011)
Krichen, E., Mellakh, A., Salicetti, S., Dorizzi, B.: OSIRIS (open source for IRIS) reference system (2017)
Lynn, B., Prabhakaran, M., Sahai, A.: Positive results and techniques for obfuscation. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 20–39. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_2
Nisan, N., Zuckerman, D.: Randomness is linear in space. J. Comput. Syst. Sci. 52, 43–52 (1993)
Pass, R., Seth, K., Telang, S.: Obfuscation from semantically-secure multi-linear encodings. Cryptology ePrint Archive, Report 2013/781 (2013). http://eprint.iacr.org/
Patel, V.M., Ratha, N.K., Chellappa, R.: Cancelable biometrics: a review. IEEE Sig. Process. Mag. 32(5), 54–65 (2015)
Percival, C., Josefsson, S.: The scrypt password-based key derivation function. Technical report (2016)
Phillips, P.J., Bowyer, K.W., Flynn, P.J., Liu, X., Scruggs, W.T.: The iris challenge evaluation 2005. In: 2nd IEEE International Conference on Biometrics: Theory, Applications and Systems 2008, BTAS 2008, pp. 1–8. IEEE (2008)
Phillips, P.J., et al.: FRVT 2006 and ICE 2006 large-scale experimental results. In: IEEE Transactions on Pattern Analysis and Machine Intelligence (2006)
Prabhakar, S., Pankanti, S., Jain, A.K.: Biometric recognition: security and privacy concerns. IEEE Secur. Priv. 1(2), 33–42 (2003)
Simoens, K., Tuyls, P., Preneel, B.: Privacy weaknesses in biometric sketches. In: IEEE Symposium on Security and Privacy, pp. 188–203. IEEE (2009)
Valiant, G., Valiant, P.: A CLT and tight lower bounds for estimating entropy. Electron. Colloquium Comput. Complexity (ECCC) 17, 9 (2010)
Valiant, G., Valiant, P.: Estimating the unseen: an n/log (n)-sample estimator for entropy and support size, shown optimal via new CLTs. In: Proceedings of the forty-third annual ACM symposium on Theory of computing, pp. 685–694. ACM (2011)
Wang, D., Zhang, Z., Wang, P., Yan, J., Huang, X.: Targeted online password guessing: an underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1242–1254. ACM (2016)
Wen, Y., Liu, S.: Robustly reusable fuzzy extractor from standard assumptions. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 459–489. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_17
Wen, Y., Liu, S., Han, S.: Reusable fuzzy extractor from the decisional Diffie-Hellman assumption. Des. Codes Crypt. 86, 2495–2512 (2018)
Woodage, J., Chatterjee, R., Dodis, Y., Juels, A., Ristenpart, T.: A new distribution-sensitive secure sketch and popularity-proportional hashing. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 682–710. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_23
Acknowledgements
We thank the anonymous reviews for their helpful suggestions and comments. Mariem Ouni and Tyler Cromwell contributed to software described in this work. We thank Leonid Reyzin and Alexander Russell for helpful discussions and insights. This work was supported in part through a grant with Comcast Inc. Work of S. Simhadri was done while at University of Connecticut.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Simhadri, S., Steel, J., Fuller, B. (2019). Cryptographic Authentication from the Iris. In: Lin, Z., Papamanthou, C., Polychronakis, M. (eds) Information Security. ISC 2019. Lecture Notes in Computer Science(), vol 11723. Springer, Cham. https://doi.org/10.1007/978-3-030-30215-3_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-30215-3_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30214-6
Online ISBN: 978-3-030-30215-3
eBook Packages: Computer ScienceComputer Science (R0)