Fuzzy Vaults: Toward Secure Client-Side Matching

Ari JuelsRSA Laboratories

10th CACR Information Security Workshop8 May 2002

LABORATORIES

Fingerprint scanning Iris scanning Voice recognition

Many types of biometric authentication...

Many others...

Face recognition Body odor Authenticating...

A Comparison Among Biometric Architectures

Registration

Template

Alice

Template is stored

Authentication

Authentication

?

It’s Alice!

The big questions

Where is the match performed?– Determines architecture

How is the template protected?– Critical because….

Limited password changes

First password

Second password

Templates represent intrinsic information about

you

Alice

Theft of a template is theft of identity

An Important Note

Biometrics no more secure than PINs!– Static values– False acceptance rates imply, e.g.,

1/100,000 security (i.e., perhaps 17 bits) Thus, it is at present unwise to protect

cryptographic systems with biometrics alone

Biometrics are a good second factor, i.e., PIN replacement

The Three Architectures:Server-side, Client-side, and

On-device

Server-side matching

Server

Client

Server-side matching

Server

Client

“access

granted”

Server-side matching: Drawbacks

Risk of template compromise en bloc – Hundreds of thousands of fingerprints make

an excellent hacker target– Privacy, liability concerns considerable

Architecturally complex Matching is CPU-intensive for server

Client-side matching

Server

“It’s Alice!”“Hi, Alice!”

Client-side matching

Most convenient and simple to build

Fine for, e.g., locking desktop with screen saver

Not secure for remote authentication... client can be made to lie!

Client-side matching

Server

“It’s Alice!”“It’s Alice!”“Hi, Alice!”

On-device matching

SecurID

On-device matching

SecurID

On-device matching

On-device security provides full privacy and integrity

With smartcard, biometric unlocks card, thus no need for modification of client or server software

But...

On-device matching

But Alice must always have her smart card with her -- portability lost

At present, true on-device match available only with expensive (i.e., $200) units

Most “on-card” matching systems process data on PC, reducing security

“Fuzzy Vault”:A New Architecture

“password”

UNIX protection of passwords

“password” h(“password”)

“password”

Template protection?

h( )

Fingerprint is variable

Differing angles of presentation Differing amounts of pressure Chapped skin

Don’t have exact key!So hashing won’t work...

We want “fuzzy” vault

Differing angles of presentation Differing amounts of pressure Chapped skin

We want “fuzzy” vault

How do we do it?

Fuzzy vault is just a piece of encrypted data

Uses error-correcting codes– Technology used to eliminate “noise” in

telecommunications, CD players, etc. We make counterintuitive use of

error-correcting codes– Jettison the message space!

What do we get?

Fingerprint (features) not stored in clear

Fuzzy vault

Vault can be stored in directory and unlocked on client

ClientDirectory

Fuzzy vault: Caveats

Basic fuzzy vault: Does not achieve security of on-card matching Not secure against Trojan horses Still provides adequate security as second factor, e.g., PIN replacement

Fuzzy vault pros Provable security characterization

– Similar (dubious) schemes lack proofs No need for biometric server No need for smart card

– Fuzzy vault can be placed on smart or dumb card for added flexibility, though Can build secure readers without crypto All the benefits of secure, client-side match!

When can I buy a fuzzy vault?

Fuzzy vault is a research concept Validated in early prototype Needs development on biometrics side RSA Labs is looking for research partner

To learn more... Fuzzy vault I -- Suitable for iris?

– “A Fuzzy Commitment Scheme”, ACM CCS ‘99– Joint work with Martin Wattenberg, IBM

Fuzzy vault II -- Suitable for fingerprints?– “A Fuzzy Vault Scheme”, ISIT ‘01– Joint work with Madhu Sudan, MIT

Patents pending Papers at www.ari-juels.com Ari Juels at ajuels@rsasecurity.com