Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.
-
Upload
fred-woodin -
Category
Documents
-
view
217 -
download
0
Transcript of Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.
![Page 1: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/1.jpg)
Security with Noisy Data
Boris ŠkorićTU EindhovenEi/Ψ anniversary, 24 April 2009
1
![Page 2: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/2.jpg)
OUTLINE
1.Private biometrics
2.Physical Unclonable Functions (PUFs)
• PUFs for anti-counterfeiting
• PUFs for secure key storage
3.Fuzzy extractors
4.General remarks
2
![Page 3: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/3.jpg)
Private biometrics: intro
What's so private?•fingerprints everywhere•easily photographed•no secrecy!
Biometrics database•access control•identification
Insider attacks• db encryption not enough!
How to abuse the database? • impersonation• identity theft• cross-db linking• detectable pathologies• ... yet undiscovered attacks
3
![Page 4: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/4.jpg)
How to preserve privacy?
•Don't store biometric itself
•Store a one-way hash(like UNIX password file)
•Attacker has to invert hash
Problem: noise
•Measurement never the same twice
•Any bit flip ⇒hash totally changed
•Need error correction
•Redundancy data may leak!
one-wayfunction
00101101011110111001...
4
Private biometrics: noisy biometrics
![Page 5: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/5.jpg)
SecureSketch
Recover
hash compare
Gen
[Dodis et al., 2003]
"Fuzzy Extractor"
Uniform string:
• Efficient storage
• Quick db search
• Efficient processing
5
HelperData Reproduce
"extractedstring"
compare
Gen
Private biometrics: secure error correction
![Page 6: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/6.jpg)
6
OUTLINE
1.Private biometrics
2.Physical Unclonable Functions (PUFs)
• PUFs for anti-counterfeiting
• PUFs for secure key storage
3.Fuzzy extractors
4.General remarks
![Page 7: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/7.jpg)
The counterfeiting problem
Frightening numbers:10% of all medication10% aircraft spare parts
Short history of paper money• 800 AD: China, first bills•1450 AD: China abolishes paper money•1601 AD: introduction in Sweden
7
Anti-counterfeiting: introduction
![Page 8: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/8.jpg)
8
Anti-counterfeiting: think big
![Page 9: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/9.jpg)
[Source: Kirovski 2007]
Anti-counterfeiting, more voodoo than science
Lots of obscurity
9
![Page 10: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/10.jpg)
Traditional approach:
• add authenticity mark to product
• hard to forge
• all marks are identicalEr, ... WTF?
10
Alternative: [Bauder, Simmons < 1991]
• unique marks
- uncontrollable process
- even manufacturer cannot clone
• digitally signed
• two-step verification
- check sig., then check mark
• forgery ← cloning / fake signature
• allows "open" approach
- product info- expiry date- mark details
Digital signatureby Authority XYZ
- product info- expiry date- mark details
Digital signatureby Authority XYZ
Anti-counterfeiting: a new approach
![Page 11: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/11.jpg)
Physical Unclonable Function (PUF) [Pappu et al. 2001]
•physical object
•unpredictable challenge-response behaviour
•hard to scrutinize without damaging
•hard to model mathematically
•hard ($) to clone physically, even for manufacturer
Use PUF as anti-counterfeiting mark
Anti-counterfeiting: PUFs
![Page 12: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/12.jpg)
Examples of anti-counterfeiting PUFs
Kirovski et al. 2006Microsoft research
Škorić et al. 2008Philips research
Pappu et al. 2001Buchanan et al. 2005MIT, Ingenia,Philips research
Anti-counterfeiting: PUF types
![Page 13: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/13.jpg)
Simplest case:
•mark is not secret
•use "distance" between measurements
•no error correction
Just like biometrics.
Use fuzzy extractor!
Without added mark:
•mark is part of product
•mark not really secret
•but ... preserve "privacy" of product
•noisy measurements
Anti-counterfeiting: analogy with biometrics
![Page 14: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/14.jpg)
OUTLINE
1.Private biometrics
2.Physical Unclonable Functions (PUFs)
• PUFs for anti-counterfeiting
• PUFs for secure key storage
3.Fuzzy extractors
4.General remarks
![Page 15: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/15.jpg)
Secure key storage: intro
Problem:
• Many devices need secret keys
- authentication
- encryption / decryption
- signing
• Digital key storage
- 0/1 often distinguishable
- invasive attacks
Alternative approach: Derive key from PUF
•more opaque than digital memory
•extract key when needed, then wipe from RAM
•invasive attack ⇒ key destroyed
![Page 16: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/16.jpg)
Physical Unclonable Function (PUF)•physical object
•unpredictable challenge-response behaviour
•hard to scrutinize without damaging•hard to model mathematically
•hard ($) to clone physically, even for manufacturer
"Physically Obscured Key" (POK)[Gassend et al. 2003]
16
EEPROM
- Helper data
- EK[Device secrets]
PUF
Sensor
reproduce
K
Crypto processor
Inte
gra
ted
Secure key storage: PUFs
![Page 17: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/17.jpg)
TiN
TiO2
S-RAM PUF[Guajardo et al., Su et al. 2007]
Coating PUF[Posch 1998; Tuyls et al. 2006]
Integrated optical PUF[Ophey et al. 2006]
Silicon PUF[Gassend et al. 2002]
FPGA "butterfly"[Kumar et al. 2008]
Secure key storage: PUF types
![Page 18: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/18.jpg)
OUTLINE
1.Private biometrics
2.Physical Unclonable Functions (PUFs)
• PUFs for anti-counterfeiting
• PUFs for secure key storage
3.Fuzzy extractors
4.General remarks
![Page 19: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/19.jpg)
Required for e.g.
•privacy preserving biometrics
•anti-counterfeiting with "product privacy"
•PUF-based key storage
Properties
• Secrecy and uniformity: Δ(WS; WU) ≤ ε.
"S given W is almost uniform"
• Correctness: If X' sufficiently close to X, then S'=S.
• Robustness [Boyen et al. 2005]:Detection of active attack against W
noisy
Dodis et al. 2003Juels+Wattenberg 1999Linnartz+Tuyls 2003
Fuzzy Extractors: intro
![Page 20: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/20.jpg)
Fuzzy Extractors: high-level look at helper data
X
W
Enrolment phase
X: measurement W: helper data S: region index (extracted secret)
S
Gen(X) = {S, W}
X sufficiently "smooth" ⇒ W reveals little or nothing about S
![Page 21: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/21.jpg)
Fuzzy Extractors: high-level look at helper data
X'
Reproduction phase
W
S
Rep(X',W) = S
![Page 22: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/22.jpg)
You need helper data.
You really do.
Fuzzy Extractors: necessity of helper data
• Enrolments happen after fixing grid
• Some X inevitably on boundary
- noise can go either way
• Helper data removes the ambiguity
![Page 23: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/23.jpg)
Fuzzy Extractors: active attacks
Active Attack: Modify Waccept wrong X'accept key S' ≠ S
Defense:
1.TTP's signature on W.
2.But ... what if there's no PKI?Use secret S itself to authenticate W !
a. hash(W||S). [Boyen 2005]
• random oracle assumption
b. Sacrifice part of S as authentication key.
• S = S1 || S2.
• MAC(S1, W) (sort of) [Dodis et al. 2006]
• information-theoretic security if X has sufficient entropy rate
![Page 24: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/24.jpg)
24
Fuzzy Extractors & PUFs: variety of disciplines
FUZZYEXTRACTION
FROM PUF
physics informatio
n theory
crypto
error-correcting codes
security engineerin
g
![Page 25: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/25.jpg)
OUTLINE
1.Private biometrics
2.Physical Unclonable Functions (PUFs)
• PUFs for anti-counterfeiting
• PUFs for secure key storage
3.Fuzzy extractors
4.General remarks
![Page 26: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/26.jpg)
General remarks: PUF proliferation
optical PUF
coating PUF
Silicon PUF
optical fiber PUF
RF COA
LC-PUF
S-RAM PUF
Arbiter PUF
fluorescent PUF
Delay PUF
Butterfly PUF
diode breakdown PUF
reconfigurable PUF
acoustic PUF
controlled PUF
phosphor PUF
...
![Page 27: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/27.jpg)
General remarks: PUF family tree
MvD
![Page 28: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/28.jpg)
General remarks: after years of preaching the PUF gospel ...
![Page 29: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/29.jpg)
29
General remarks: ¥€££$
Making money from security with noisy data
Philips spin-off
Philips spin-off
MIT spin-off
Imperial College Londonspin-off
![Page 30: Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.](https://reader036.fdocument.pub/reader036/viewer/2022062409/56649ca35503460f94963d41/html5/thumbnails/30.jpg)
• Noisy sources of key material
- privacy preserving storage of biometric data
- anti-counterfeiting
- secure key storage with PUFs
• Fuzzy extractors
- extract key from noisy source
- reproducibility
- secrecy of output
- resilience against attacks on helper data
• Subject becoming more popular
• Not just theory, also $$$
Summary