better know your limits and adversaries
play

Better know your limits and adversaries Julien Bringer julien - PowerPoint PPT Presentation

Apr 19, 2023 •350 likes •722 views

Better know your limits and adversaries Julien Bringer julien bringer (at) morpho com 0 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a

  1. Better know your limits and adversaries Julien Bringer julien bringer (at) morpho com 0 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  2. Better know your limits and adversaries A practical view on various template protection and key binding schemes This talk is based on several joint works with various co-authors, in particular Hervé Chabanne and Constance Morel from Morpho, and that have been partially funded by European FP7 projects FIDELITY and BEAT. 1 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  3.  This talk is NOT about  Classical on-the-shelf crypto  Homomorphic encryption  Cryptographic protocols (e.g. SMC, private retrieval)  PET (eg. k -anonymity, l -diversity, privacy protection of the link between ID & bio)  HW-based solution  Formal Models for PbD  …  It is about  Template Protection Schemes (TPS) or TPS-like 2 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  4.  TPS principles come from both crypto and biometrics community  Helper data, cancelable biometrics, biometric key, …  FCS, FV, Code offset, SSK, FE … Image courtesy of M. Favre 3 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  5. SECURE SKETCHES (DODIS, REYZIN & SMITH – 2004) Secure sketches (Dodis, Reyzin & Smith – 2004) ‏ SSK: secure sketch function Rec: correction function Rec( b’, SSK(b))=b if d(b,b ’)  t b’ Rec(b’,‏ SSK(b)) ‏ Rec SSK(b) ‏ 4 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  6. CODE-OFFSET CONSTRUCTION Concept introduced in late 90 ’s 5 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  7. PROBLEM SOLVED?  …  Need to find a representation compatible with TPS algorithm  Usually binary & fixed-length vector  Correcting large amount of errors  finding nice trade-off between accuracy and security  Impact of storage & computational cost on operational constraints  To date, still very important challenges: security vs performances vs use cases (functionality & cost) 6 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  8. FINGERPRINT EXAMPLE => one of the most accurate published solution but… *Related to papers @ BTAS 2010, SPIE 2011 with V. Despiegel & M. Favre 7 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  9. FINGERPRINT EXAMPLE FRR@10 -3 FA FRR@10 -3 FA FVC 2002 DB2 FVC 2000 DB2 one COTS 1.25 % 0,81 % FV(Feature-Vector)-based 14.1 % 15 %  Accuracy drop of 1 order of magnitude  Usual size  of a template w/o TPS: 100-200B  w/ the FV representation: ~29kB 8 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  10. STANDARDS  Issued ISO/IEC 24745:2011, Information technology — Security techniques — Biometric information protection  On-going ISO CD 30136, Information Technology — Performance Testing of Template Protection Schemes 9 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  11. TPS PROPERTIES: 101 TPS lBvElV93RPlgtGkZsH3 uvZf63k8gKm Match? Yes/no lBvElV93RPlgtGkZsH3 uvZf63k8gKm Image courtesy of Jens Hermans 10 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  12. TPS PROPERTIES: 101 TPS lBvElV93RPl gtGkZsH3uv Zf63k8gKm TPS MNB8e35frjP QPehukjs4SX UAa2j7nn Image courtesy of Jens Hermans 11 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  13. TPS PROPERTIES: 101 TPS w/ lBvElV93RPlgtGkZsH3 key uvZf63k8gKm Match? Yes / No lBvElV93RPlgtGkZsH3 uvZf63k8gKm Image courtesy of Jens Hermans 12 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  14. TPS PROPERTIES: 101  Also  False Match Rate (FMR) / False Accept Rate (FAR)  False Non-Match Rate (FNMR) / False Reject Rate (FRR)  Failure-To-Enroll (FTE) Rate  Failure-To-Acquire (FTA) Rate  Successful Attack Rate (SAR)  Accuracy Variation  Template Diversity  Storage Requirement per Registered User, speed… 13 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  15. THREAT MODELS (ISO 30136)  Naive Model  No information, black box, no access to any biometric data.  Collision Model  **FA attack issue** adversary possesses a large amount of biometric data.  General Models  Full knowledge of the underlying TPS  Standard Model  none of the secrets.  related to known-ciphertext attack.  Advanced Model  augmented with the capability of the adversary to execute part of or all submodules that make use of the secrets.  related to chosen-plaintext attack and chosen-ciphertext attack  Full Disclosure Model  augmented by disclosing the secrets to the adversary (e.g. malicious insider) 14 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  16. SOME PRACTICAL CONCERNS  With ECC based construction  Use of non-perfect codes => if one decodes, it is most probably that d(b,b ’)<t  unlinkability attacks (Simoens et al. 2009)  FAR attack  Linkability issue  Pseudo-reversibility issue  With SSK construction, enables to retrieve b  Biometric data and errors between data may NOT be uniformly distributed  Can we do more?  Statistical attacks possible 15 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  17. Shuffling is not sufficient *Related to IJCB 2014 Security Analysis of Cancelable Iriscodes based on a Secret Permutation with H. Chabanne & C. Morel This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  18. USE OF APPLICATION-SPECIFIC TRANSFORM  Cancelable biometrics / Ratha et al., 2001  Application-specific bio / Cambier et al. 2002  Also as user-specific secret, e.g. biohashing / Goh et al. 2004  Also combined with other techniques, e.g. with fuzzy commitment scheme (Bringer et al. 2007, Kelkboom et al. 2011) 17 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

  19. SHUFFLING ON IRIS Images from Rathgeb & Uhl, A survey on biometric cryptosystems and cancelable biometrics. EURASIP J. of. Inf. Sec. 2011  Iriscode : 256-byte iris + 256-byte mask  Mask indicates (in)exploitable data: eyelids, eyelashes, blurred pixels… VS    ( I1 I2 ) M1 M2  score (( I1 , M1 ), ( I2 , M2 ))  M1 M2 John Daugman: How iris recognition works. IEEE Trans. Circuits Syst. Video Techn. (TCSV) 14(1):21-30 (2004) 18 / PrivDay 2016 / 2016-01-17 / Better Know This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written authorization of Morpho.

Recommend

Limits of Learning-based Signature Generation with Adversaries Shobha Venkataraman, Carnegie

Limits of Learning-based Signature Generation with Adversaries Shobha Venkataraman, Carnegie

Limits of Learning-based Signature Generation with Adversaries Shobha Venkataraman, Carnegie Mellon University Avrim Blum, Carnegie Mellon University Dawn Song, University of California, Berkeley 1 Signatures Signature: function that

799 views • 41 slides
Synchrony Weakened by Message Adversaries vs Asynchrony Restricted by Failure Detectors Michel R

Synchrony Weakened by Message Adversaries vs Asynchrony Restricted by Failure Detectors Michel R

Synchrony Weakened by Message Adversaries vs Asynchrony Restricted by Failure Detectors Michel R AYNAL , Julien S TAINER Institut Universitaire de France IRISA, Universit de Rennes, France Message adversaries vs failure

467 views • 43 slides
On Optimal and Reasonable Control in the Presence of Adversaries Oded Maler CNRS-VERIMAG

On Optimal and Reasonable Control in the Presence of Adversaries Oded Maler CNRS-VERIMAG

On Optimal and Reasonable Control in the Presence of Adversaries Oded Maler CNRS-VERIMAG Grenoble, France August 2005 Optimal Control with Adversaries Oded Maler What Not New results and theorems Description of application or

896 views • 44 slides
d Limits at infinity and infinite limits i E 2 Lectures a l l u d b Dr. Abdulla Eid A

d Limits at infinity and infinite limits i E 2 Lectures a l l u d b Dr. Abdulla Eid A

Section 2.6 d Limits at infinity and infinite limits i E 2 Lectures a l l u d b Dr. Abdulla Eid A . College of Science r D MATHS 101: Calculus I Dr. Abdulla Eid (University of Bahrain) Infinite Limits 1 / 29 d 1 Finite limits

608 views • 29 slides
Different Types of Limits Besides ordinary, two-sided limits, there are one-sided limits (left-

Different Types of Limits Besides ordinary, two-sided limits, there are one-sided limits (left-

Different Types of Limits Besides ordinary, two-sided limits, there are one-sided limits (left- hand limits and right-hand limits), infinite limits and limits at infinity. One-Sided Limits x 2 4 x 5. Consider lim x 5 One might

222 views • 3 slides
MAT 166 Calculus for Bus/Soc Chapter 3 Notes Limits The Deriviative David J. Gisch Limits

MAT 166 Calculus for Bus/Soc Chapter 3 Notes Limits The Deriviative David J. Gisch Limits

5/29/2013 MAT 166 Calculus for Bus/Soc Chapter 3 Notes Limits The Deriviative David J. Gisch Limits Limits 1 5/29/2013 Limits Limits Why? Dont they always agree? 2 2 Limits Limits

633 views • 18 slides
Dr. Jeff McNeil January 29, 2015 Adversaries already present in our networks Lack of

Dr. Jeff McNeil January 29, 2015 Adversaries already present in our networks Lack of

Dr. Jeff McNeil January 29, 2015 Adversaries already present in our networks Lack of information sharing and coordination with partners Cyber response capability and authority The role of third parties to exploit political

153 views • 14 slides
Limits (the size of the pie) allocation limits minimum reliability flow of supply Limits

Limits (the size of the pie) allocation limits minimum reliability flow of supply Limits

Limits (the size of the pie) allocation limits minimum reliability flow of supply Limits Implement climate minimum change flows multiple bands/ blocks Multiple bands/block How and where to set the limits? Reliability of supply

816 views • 26 slides
Calculus without Limits: The difficulty of limits the Theory The difficulty of defining R

Calculus without Limits: The difficulty of limits the Theory The difficulty of defining R

Calculus without Limits C. K. Raju Introduction The size of calculus texts Calculus without Limits: The difficulty of limits the Theory The difficulty of defining R Current pedagogy of the calculus: a critique Imitating the European

1.82k views • 133 slides
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Hanno Bck, Aaron

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Hanno Bck, Aaron

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Hanno Bck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic 1 TLS Encryption 1. Asymmetric key exchange RSA, DHE, ECDHE 2. Symmetric encryption 2

956 views • 28 slides
DB server limits (process/sessions) DB server limits (process/sessions) Carlos Fernando Gamboa,

DB server limits (process/sessions) DB server limits (process/sessions) Carlos Fernando Gamboa,

DB server limits (process/sessions) DB server limits (process/sessions) Carlos Fernando Gamboa, BNL Andrew Wong, TRIUMF WLCG Collaboration Workshop, CERN Geneva, April 2008. DB server limits (process/sessions) DB server limits

472 views • 21 slides
Scope &amp; Limits of Scope &amp; Limits of Scope &amp; Limits of Legal Authority Legal

Scope &amp; Limits of Scope &amp; Limits of Scope &amp; Limits of Legal Authority Legal

Lesson 4. Scope &amp; Limits of Authority January 20, 2004 Scope &amp; Limits of Scope &amp; Limits of Scope &amp; Limits of Legal Authority Legal Authority Legal Authority Lesson No. 4 ENV H 471 Environmental Health Regulation Winter

669 views • 7 slides
More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad Asharov Hebrew University Yehuda Lindell Bar-Ilan University Thomas Schneider Darmstadt Michael Zohner Darmstadt EUROCRYPT 2015 From Theory to

498 views • 37 slides
Computation for Mali licious Adversaries and an Honest Majority Jun Furukawa*, Yehuda Lindell**,

Computation for Mali licious Adversaries and an Honest Majority Jun Furukawa*, Yehuda Lindell**,

Hig igh-Throughput Secure Three-Party Computation for Mali licious Adversaries and an Honest Majority Jun Furukawa*, Yehuda Lindell**, Ariel Nof** and Or Weinstein** *NEC corporation, Israel **Bar-Ilan University, Israel Eurocrypt 2017

699 views • 54 slides
Limits to Technology Limits to Technology The Ecological Boundaries of the Information Age Group

Limits to Technology Limits to Technology The Ecological Boundaries of the Information Age Group

Limits to Technology Limits to Technology The Ecological Boundaries of the Information Age Group Location Date The Free Range Salvage Server Project http://www.fraw.org.uk/workshops/limits_to_technology/ This is not about carbon, it's

505 views • 31 slides
All Quantum Adversaries Are Equivalent Robert palek joint work with Mario Szegedy Quantum

All Quantum Adversaries Are Equivalent Robert palek joint work with Mario Szegedy Quantum

All Quantum Adversaries Are Equivalent Robert palek joint work with Mario Szegedy Quantum query complexity Want to compute Boolean function f Input queried by oracle calls O x | i , b , z = | i , b x i , z Allow arbitrary

195 views • 18 slides
Modeling Limits Jaroslav Neetil Patrice Ossona de Mendez Charles University CAMS, CNRS/EHESS

Modeling Limits Jaroslav Neetil Patrice Ossona de Mendez Charles University CAMS, CNRS/EHESS

Structural Limits FO-limits? Going further Modeling Limits Jaroslav Neetil Patrice Ossona de Mendez Charles University CAMS, CNRS/EHESS LIA STRUCO Praha, Czech Republic Paris, France IHP 2018 Structural Limits FO-limits?

572 views • 35 slides
Measuring and Mitigating AS-level Adversaries Against Tor Oleksii Adva Phillipa Michael Starov

Measuring and Mitigating AS-level Adversaries Against Tor Oleksii Adva Phillipa Michael Starov

Measuring and Mitigating AS-level Adversaries Against Tor Oleksii Adva Phillipa Michael Starov Zair Gill Schapira Rishab Nithyanand Network-level Traffic Correlation Attacks Internet rou,ng is asymmetric. Source -&gt; Entry != Entry

591 views • 11 slides
Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Introduction and Adversaries Attack

Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Introduction and Adversaries Attack

Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Introduction and Adversaries Attack Setups Attacks in Theory Example: Square and Multiply Combined Attacks Conclusion, Outlook Fault Type Transient Permanent

439 views • 22 slides
Adversaries &amp; Interpretability SIDN: An IAP Practicum Shibani Santurkar Dimitris Tsipras

Adversaries &amp; Interpretability SIDN: An IAP Practicum Shibani Santurkar Dimitris Tsipras

Adversaries &amp; Interpretability SIDN: An IAP Practicum Shibani Santurkar Dimitris Tsipras gradient-science.org Outline for today 1. Simple gradient explanations Exercise 1: Gradient saliency Exercise 2: SmoothGrad 2. Adversarial

534 views • 37 slides
29: Limits and the real world A few loose ends Difficulty of problems Limits on computation

29: Limits and the real world A few loose ends Difficulty of problems Limits on computation

29: Limits and the real world A few loose ends Difficulty of problems Limits on computation Recursive Diagrams: Why use them? Modules: Why use them? Clarity: gather together related pieces of code Generosity: avoid name conflicts

731 views • 23 slides
Genetic Algorithm to Study Practical Quantum Adversaries Walter O. Krawec Sam A. Markelon

Genetic Algorithm to Study Practical Quantum Adversaries Walter O. Krawec Sam A. Markelon

Genetic Algorithm to Study Practical Quantum Adversaries Walter O. Krawec Sam A. Markelon University of Connecticut, Storrs CT USA walter.krawec@gmail.com walterkrawec.org Quantum Key Distribution (QKD) Allows two users Alice (A) and

1.03k views • 55 slides
Recognizing and Imitating Programmer Style: Adversaries in Program Authorship Attribution Lucy

Recognizing and Imitating Programmer Style: Adversaries in Program Authorship Attribution Lucy

Recognizing and Imitating Programmer Style: Adversaries in Program Authorship Attribution Lucy Simko , Luke Zettlemoyer, Tadayoshi Kohno simkol@cs.washington.edu homes.cs.washington.edu/~simkol sim Source Code Attribution B int main() { A

565 views • 52 slides
Local Limits Crash Course Gorman Lau, P.E. CWEA 2016 P3S Conference February 29, 2016

Local Limits Crash Course Gorman Lau, P.E. CWEA 2016 P3S Conference February 29, 2016

Local Limits Crash Course Gorman Lau, P.E. CWEA 2016 P3S Conference February 29, 2016 Presentation Outline Background Local limit evaluations Local limits update/development Local limits implementation Local limits

1.18k views • 83 slides

More recommend