Biometrics offer a potential source of high-entropy, secret information. Before such data can be used in cryptographic protocols, however, two issues must be addressed: biometric data (1) are not uniformly distributed, and (2) are not exactly reproducible. Recent work, most notably that of Dodis, Reyzin, and Smith, has shown how these obstacles may be overcome using public information which is reliably sent from a server to the (human) user. Subsequent work of Boyen has shown how to extend these techniques — in the random oracle model — to enable unidirectional authentication from the user to the server without the assumption of a reliable channel. Here, we show two efficient techniques enabling the use of biometric data to achieve mutual authentication/authenticated key exchange over a completely insecure (i.e., adversarially controlled) channel. In addition to achieving stronger security guarantees than the above-mentioned work of Boyen, we improve upon his solution in a number of other respects: we tolerate a broader class of errors and (in one case) improve upon the parameters of his solution and give a proof of security in the standard model. 1 Using Biometric Data for Secure Authentication Biometric data — which offers a potential source of high-entropy, secret information — has been suggested as a way to enable strong, cryptographically secure authentication of human users without requiring them to remember or store traditional cryptographic keys.1 Before such data can be used in existing cryptographic protocols, however, two issues must be addressed: first, biometric data are not uniformly distributed and hence will not guarantee “security” (at least not in any provable sense) if used as-is, say, as a key for a pseudorandom function. While the problem of non-uniformity can be addressed using a hash function (viewed either as a random oracle [2] or as a strong extractor [19]), the second and more difficult problem is that biometric data are not exactly reproducible (as two biometric scans of the same feature are rarely identical); hence, traditional protocols will not even guarantee correctness when the parties use a shared secret generated from biometric data. Much work has focused on addressing the aforementioned problems in an attempt to develop secure techniques for biometric authentication [8, 15, 18, 14, 20]. Most recently, Dodis, Reyzin, and Voltage Security. xb@boyen.org. Department of Computer Science, New York University. dodis@cs.nyu.edu Department of Computer Science, University of Maryland. jkatz@cs.umd.edu. Work supported by NSF Trusted Computing grant #0310751. Department of Computer Science, UCLA. rafail@cs.ucla.edu Wiezmann Institute of Science. adam.smith@weizmann.ac.il. Although other cryptographic applications of biometric data are certainly possible, the application to user authentication seems most natural and is the one on which we focus here.
[1]
Mihir Bellare,et al.
Authenticated Key Exchange Secure against Dictionary Attacks
,
2000,
EUROCRYPT.
[2]
Michael K. Reiter,et al.
Password hardening based on keystroke dynamics
,
2002,
International Journal of Information Security.
[3]
Yair Frankel,et al.
On enabling secure applications through off-line biometric identification
,
1998,
Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).
[4]
Noam Nisan,et al.
Extracting Randomness: A Survey and New Constructions
,
1999,
J. Comput. Syst. Sci..
[5]
Martin Wattenberg,et al.
A fuzzy commitment scheme
,
1999,
CCS '99.
[6]
Rafail Ostrovsky,et al.
Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords
,
2001,
EUROCRYPT.
[7]
Mihir Bellare,et al.
Random oracles are practical: a paradigm for designing efficient protocols
,
1993,
CCS '93.
[8]
Yehuda Lindell,et al.
A Framework for Password-Based Authenticated Key Exchange
,
2003,
EUROCRYPT.
[9]
Ari Juels,et al.
Error-tolerant password recovery
,
2001,
CCS '01.
[10]
Rafail Ostrovsky,et al.
Forward Secrecy in Password-Only Key Exchange Protocols
,
2002,
SCN.
[11]
Ronald Cramer,et al.
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
,
1998,
CRYPTO.
[12]
Steven M. Bellovin,et al.
Encrypted key exchange: password-based protocols secure against dictionary attacks
,
1992,
Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.
[13]
Evgeny Verbitskiy,et al.
RELIABLE BIOMETRIC AUTHENTICATION WITH PRIVACY PROTECTION
,
2007
.
[14]
Yehuda Lindell,et al.
Session-Key Generation Using Human Passwords Only
,
2001,
Journal of Cryptology.
[15]
Madhu Sudan,et al.
A Fuzzy Vault Scheme
,
2006,
Des. Codes Cryptogr..
[16]
Xavier Boyen,et al.
Reusable cryptographic fuzzy extractors
,
2004,
CCS '04.
[17]
Mihir Bellare,et al.
Entity Authentication and Key Distribution
,
1993,
CRYPTO.
[18]
Sarvar Patel,et al.
Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman
,
2000,
EUROCRYPT.