Embed Size (px)
Citation preview
10/06/2020
1
Blockchain and Biometrics:
Opportunities and Challenges
Prof. Julian FIERREZ
http://biometrics.eps.uam.es/
Universidad Autonoma de Madrid - SPAIN
Biometrics: Privacy and Security
• Loss of Privacy: Attacker discovers information about the
biometric.
• Loss of Security: Attacker gains access to the system. E.g.
– Sensitive files and data (Trade secrets)
– Finances (Bank accounts)
– Services (Gym, parking lot, etc.)
• Distinct notions: One does not necessarily imply the other!
Access Control Device
Protected System or Services
1
2
10/06/2020
2
Evaluating the Privacy/Security in Biometrics (I)
J. Galbally, J. Fierrez, F. Alonso and M. Martinez-Diaz, "Evaluation of Direct Attacks to Fingerprint
Verification Systems", Telecommunication Systems, Special Issue on Biometrics, January 2011.
M. Martinez-Diaz, J. Fierrez, J. Galbally and J. Ortega-Garcia, "An Evaluation of Indirect Attacks and
Countermeasures in Fingerprint Verification Systems", Pattern Recognition Letters, September 2011.
A. Hadid, N. Evans, S. Marcel and J. Fierrez, "Biometrics Systems under Spoofing attack: An
Evaluation Methodology and Lessons Learned", IEEE Signal Processing Magazine, September 2015
Evaluating the Privacy/Security in Biometrics (II)
SensorFace
RecognitionSystem
J. Galbally, S. Marcel and J. Fierrez, "Biometric Anti-spoofing Methods: A Survey in Face
Recognition", IEEE Access, December 2014.
3
4
10/06/2020
3
Evaluating the Privacy/Security in Biometrics (III)
A. Merle, J. Bringer, J. Fierrez and N. Tekampe, "BEAT: A Methodology for Common Criteria Evaluations
of Biometrics Systems", in Proc. Intl. Common Criteria Conf., ICCC, London, UK, September 2015.
+Security with add-ons (e.g., PAD modules)
J. Hernandez-Ortega, J. Fierrez, E. Gonzalez-Sosa and A. Morales,
"Continuous Presentation Attack Detection in Face Biometrics
based on Heart Rate", X. Bai et al. (Eds.), Video Analytics. Face
and Facial Expression Recognition, Springer, April 2019.
J. Galbally, S. Marcel and J. Fierrez, "Image Quality Assessment for
Fake Biometric Detection: Application to Iris, Fingerprint and Face
Recognition", IEEE Trans. on Image Processing, Feb. 2014.
5
6
10/06/2020
4
Improving the Privacy/Security
in Biometrics: Elements
Conventional Password Authentication (I)
• At enrollment, computer stores a cryptographic hash (e.g.
SHA 256, MD5) of a password, not the password itself.
• Authentication involves comparison of hashes.
• Computational privacy, since hash assumed non-invertible.
• Computational security, attacker needs to find a hash
collision to gain access.
EnrollPassword X
TestPassword Y
yes
no
7
8
10/06/2020
5
Hashing and Biometrics (I)
• Hashing works for passwords, does not work for biometrics.
• Even legitimate biometrics can generate very different hashes.
• Is it possible to perform biometric authentication without
storing the biometric in the clear at the device?
• YES → Biometric Template Protection
110010011
110110011
Enroll
Test
Hashing and Biometrics (II)
M. Freire, J. Fierrez, J. Galbally and J.
Ortega-Garcia, "Biometric hashing based
on genetic selection and its application to
on-line signatures", in Proc. International
Conference on Biometrics, August 2007.
9
10
10/06/2020
6
Biometric Template Protection
Pattern Recognition
CryptographySignal Processing
Biometric Template Protection Scrambling or encryption
to prevent attacks, design of secure protocols
Robust and accuratefeature extraction & matching
Signal transformations & comparison
Information Theory
Error correcting codes, and theoretical analysis
Notation: Biometrics
A110010011
B110110011
C101001100
Attack vector
11
12
10/06/2020
7
Notation: Keys (if required)
• Keys may be chosen by the user or assigned at enrollment
• They may be memorized, carried on smart card, etc.
110101011
Attack vector
110101011
011001100
Framework for Secure Biometrics
• Encoding module, storage module, decision module
• For 1-factor systems, replace the keys by null
• Depending on architecture, decision processing can be a ECC
decoder, cryptographic protocol, or other signal processing
F
g
Encoding
Decision
A
K
(B, K)
Secret Key
EnrollmentVector
Probe Vectorand Secret Key
Attack Vectorand Fake Key (C, J)
(D, L)
BiometricDatabaseS
or
Stored Data
13
14
10/06/2020
8
Privacy Leakage
• Quantifies the difficulty of guessing the biometric.
• #bits of info leaked about the biometric feature vector
when the stored data and/or the secret key is
compromised. Suppose info leaked is or or
Access Control Device
Protected System or Services
S
,A
Security Break
• Quantifies difficulty of breaking into the system when
the stored data and/or the secret key is compromised.
Suppose info leaked is or or
• SAR = Probability of Successful Attack
Access Control Device
Protected System or Services
S
,A
15
16
10/06/2020
9
Biometric Template Protection: Architectures
• Fuzzy Vault and Fuzzy Sketches
• Secure Multiparty Computation
• Cancelable Templates
• Bio-Hashing via Random Projections
• Bloom Filters
• Homomorphic Encryption
• …
• M. Gomez-Barrero, E. Maiorana, J. Galbally, P. Campisi and J. Fierrez, "Multi-Biometric Template
Protection Based on Homomorphic Encryption", Pattern Recognition, July 2017.
• M. Gomez-Barrero, J. Galbally, A. Morales and J. Fierrez, "Privacy-Preserving Comparison of
Variable-Length Data with Application to Biometric Template Protection", IEEE Access, June 2017.
• M. Gomez-Barrero, C. Rathgeb, J. Galbally, C. Busch and J. Fierrez, "Unlinkable and Irreversible
Biometric Template Protection based on Bloom Filters", Information Sciences, November 2016.
• P. Campisi, E. Maiorana, J. Fierrez, J. Ortega-Garcia and A. Neri, "Cancelable Templates for
Sequence Based Biometrics with Application to On-Line Signature Recognition", IEEE Trans. on
Systems, Man and Cybernetic, Part A: Systems and Humans, May 2010.
Improving the Privacy/Security
in Biometrics: Challenges
17
18
10/06/2020
10
Revocability: Multiple Uses in Time
M. Gomez, J Galbally, C Rathgeb, C Busch, “General Framework to Evaluate Unlinkability in Biometric
Template Protection Systems”, IEEE Transactions on Information Forensics and Security, June 2018.
Encoding
ABiometricDatabase
CancelableTransform
K
Encoding
ABiometricDatabaseS
CancelableTransform
K
Encoding
ABiometricDatabaseS’
CancelableTransform
K’
SAdversary compromisesS or K
Admin revokes BOTHS and K /
/
Admin assigns newK’ and generates S’
Unlinkability: Multiple Uses in Space (I)
• Alice has enrolled the same fingerprint at her gym, her apartment,
bank account, on her laptop.
• Systems have different accuracy, security and privacy specifications.
M. Gomez, J Galbally, C Rathgeb, C Busch, “General Framework to Evaluate Unlinkability in Biometric
Template Protection Systems”, IEEE Transactions on Information Forensics and Security, June 2018.
19
20
10/06/2020
11
Unlinkability: Multiple Uses in Space (II)
• Objectives
– Discover Alice’s biometric
– Gain access to Alice’s bank account
• Strategy: Compromise devices with weaker privacy/security
specifications, gain partial information about stored data and/or
keys, then attack well-protected devices.
• Tradeoff between privacy and security
M. Gomez, J Galbally, C Rathgeb, C Busch, “General Framework to Evaluate Unlinkability in Biometric
Template Protection Systems”, IEEE Transactions on Information Forensics and Security, June 2018.
Signal Processing and Pattern Recognition
Challenges
FAR
FR R
EER
(0,0)
ROC for feature vectors
ROC for secure biometric system using the same feature vectors
Need for feature spaces whose FRR-FAR tradeoff is not
significantly impacted by secure primitives.
Need for schemes robust to misalignment or allow alignment
under privacy constraints.Alignment params
often stored in the clear.
21
22
10/06/2020
12
Other Challenges for Security and Privacy in
Biometric Systems
• Standardization
– ISO/IEC JTC1 SC27 Information Security
• ISO/IEC 24745:2011 BTP Guidance for Confidentiality,
Integrity, and Revocability
– ISO/IEC JTC1 SC37 Biometrics
• ISO/IEC WD 30136:2018 BTP Performance Testing
• Interoperability across
– Different sensor types
– Data storage facilities and network interfaces
– Computing equipment
– Environmental effects
• Metrics for evaluation
– Need to rethink meaning of security and privacy
– Need a way to evaluate tradeoffs among various metrics
Blockchain for Biometrics:
OPPORTUNITIES• Computational Privacy and Security (distributed)
• Immutability
• Accountability
• Availability
• Universal Access
Biometrics for Blockchain:
OPPORTUNITIES• Better digital identity models
• New use cases, e.g., IoT
• Biometric wallets
23
24
10/06/2020
13
Blockchain for Biometric Template Protection
Blockchain
IPFS
Securing partial/full Biometric Systems with BC (I)
BLOCKCHAIN
BlockchainOracle?
Public/Private
25
26
10/06/2020
14
BLOCKCHAIN
BlockchainOracle?
SIDE CHAINS or
STATE CHANNELS
Securing partial/full Biometric Systems with BC (II)
+EfficiencyOn/Off-Chain
Public/Private
• Revocability and Unlinkability? (across different blockchains)
• Public blockchains cannot directly process secret data
– New cryptosystems to fully integrate blockchains and biometrics
E.g.: fully homomorphic cryptography, ZKPs, etc.
• Limited scalability
– Limited processing:• 10s of trans/sec (Ethereum)
• 7-8 trans/sec (Bitcoin)
– Confirmation time: 10 mins (Bitcoin)
– Storage: 200 GB (Bitcoin)
• Running costs
– Computation: sum (1 gas), SHA3 (20 gas), matching (??)
– Storage: 256 bits (100 gas) → 1 KB bio template ca. 0’001$ (less with IPFS)
• Development is tricky and prone to errors! (e.g., DAO hack in 2016)
Blockchain for Biometrics:
CHALLENGES
27
28
