Privacy leakage in fuzzy commitment schemes

In 1999 Juels and Wattenberg introduced the fuzzy commitment scheme. Fuzzy commitment is a particular realization of a binary biometric secrecy system with a chosen secret key. Three cases of biometric sources are considered, i.e. memory- less and totally-symmetric biometric sources, memoryless and input-symmetric biometric sources, and memoryless biometric sources. It is shown that fuzzy commitment is only optimal for memoryless totally-symmetric biometric sources and only at the maximum secret-key rate. Moreover, it is demonstrated that for memoryless biometric sources, which are not input-symmetric, the fuzzy com- mitment scheme leaks information on both the secret key and the biometric data

Fast and secure retrieval of DNA sequences

Sequence models are retrieved from a sequences index. The sequence models model DNA or RNA sequences stored in a database, and each comprises a finite memory tree source model and parameters for the finite memory tree source model. One or more DNA or RNA sequences stored in the database are identified as being most similar to a query DNA or RNA sequence based on fitting of the retrieved sequence models to the query DNA or RNA sequence. The sequence models may be context tree weighting (CTW) models {Sx, [theta]Sx} where Sx denotes the context tree model for the DNA or RNA sequence x stored in the database, and [theta]Sx denotes parameters of the context tree model Sx. The fitting may include, for each CTW model {Sx, [theta]Sx}, computing the codeword length for the query DNA or RNA sequence y using the CTW model {Sx, [theta]Sx}

Achieving secure fuzzy commitment scheme for optical PUFs

Fuzzy commitment of Juels and Wattenberg 1999 is a popular technique for designing secure systems based on noisy data. The scheme is easy to implement using standard error-correcting codes. However, secrecy of this scheme is only guaranteed when input data are generated by uniform i.i.d. sources, while typical input data (PUFs and biometrics) are not uniform. In this paper we address the problem of extracting robust independent uniformly distributed bits out of noisy data that can be used as entries to fuzzy commitment. The proposed techniques can serve as a building block of secure fuzzy commitment systems. © 2009 IEEE

Attribute-based encryption

A system for attribute-based encryption comprises a first encrypter (11) and a second encrypter (12). The first encrypter (11) comprises an input unit (1) for determining a message and a policy over a set of attributes, wherein the policy comprises a plurality of components, and a first cryptographic unit (2) for generating an encrypted representation of the message and an encrypted representation of the plurality of components. The second encrypter (12) comprises a receiving unit (3) for receiving the encrypted representation of the message and the encrypted representation of the plurality of components, and a second cryptographic unit (4) for transforming the encrypted representation of the message and the encrypted representation of the plurality of components into an attribute-based encrypted message associated with the policy

Context trees for privacy-preserving modeling of genetic data

In this work, we use context trees for privacypreserving modeling of genetic sequences. The resulting estimated models are applied for functional comparison of genetic sequences in a privacy preserving way. Here we define privacy as uncertainty about the genetic source sequence given its model and use equivocation to quantify it. We evaluate the performance of our approach on publicly available human genomic data. The simulation results confirm that the context trees can be effectively used to detect similar genetic sequences while guaranteeing high privacy levels. However, a trade-off between privacy and utility has to be taken into account in practical applications

Information leakage in fuzzy commitment schemes

In 1999, Juels and Wattenberg introduced the fuzzy commitment scheme. This scheme is a particular realization of a binary biometric secrecy system with chosen secret keys. It became a popular technique for designing biometric secrecy systems, since it is convenient and easy to implement using standard error-correcting codes. This paper investigates privacy- and secrecy-leakage in fuzzy commitment schemes. The analysis is carried out for four cases of biometric data statistics, i.e., memoryless totally symmetric, memoryless input-symmetric, memoryless, and stationary ergodic. First, the achievable regions are determined for the cases when data statistics are memoryless totally symmetric and memoryless input-symmetric. For the general memoryless and stationary ergodic cases, only outer bounds for the achievable rate-leakage regions are provided. These bounds, however, are sharpened for systematic parity-check codes. Given the achievable regions (bounds), the optimality of fuzzy commitment is assessed. The analysis shows that fuzzy commitment is only optimal for the memoryless totally symmetric case if the scheme operates at the maximum secret-key rate. Moreover, it is demonstrated that for the general memoryless and stationary ergodic cases, the scheme leaks information on both the secret and biometric data

Fundamental limits for biometric identification with a database containing protected templates

In this paper we analyze secret generation in biometric identification systems with protected templates. This problem is closely related to the study of the biometric identification capacity of Willems et al. 2003 and O'Sullivan and Schmid 2002 and the common randomness generation of Ahlswede and Csiszár 1993. In our system two terminals observe biometric enrollment and identification sequences of a number of individuals. It is the goal of these terminals to form a common secret for the sequences that belong to the same individual by interchanging public (helper) messages for all individuals in such a way that the information leakage about the secrets from these helper messages is negligible. It is important to realize that biometric data are unique for individuals and cannot be replaced if compromised. Therefore the helper messages should contain as little as possible information about the biometric data. On the other hand, the second terminal has to establish the identity of the individual who presented his biometric sequence, based on the helper data produced by the first terminal. In this paper we determine the fundamental tradeoff between secret-key rate, identification rate and privacy-leakage rate in biometric identification systems

Efficient key generation scheme for SRAM-PUFs using polar codes

Physical unclonable functions (PUFs) are a new promising means to realize cryptographic scenarios such as identification, authentication and secret key generation. PUFs avoid the need for key storage, because the device-unique randomness can be translated into a cryptographic key. SRAM-PUFs enjoy the properties that, while being easily evaluated (after a device power-up), they are unique, reproducible, physically unclonable and unpredictable. Error correction codes (ECCs) are essential blocks of secret-generation schemes, since PUF observations are always effected by noise and environmental changes. In this paper, we propose practical error correction schemes for PUF-based secret generation that are based on polar codes. The proposed scheme could generate a 128-bit key or 256-bit key using less PUF bits and helper data bits than before and achieve a low failure probability for a practical SRAM-PUFs application with error probability between 15% and 25%. Therefore SRAM-PUFs are considered to combine very well with authentication and unique cryptographic key generation for resource constrained devices

Zero-leakage multiple key-binding scenarios for SRAM-PUF systems based on the XOR-Method

We show that the XOR-method based on linear error-correcting codes can be applied to achieve the secret-key capacity of binary-symmetric SRAM-PUFs.\u3cbr/\u3eThen we focus on multiple key-bindings. We prove that no information is leaked by all the helper data about a single secret key both in the case where we use the same key all the time and when we use di↵erent keys. The notion of symmetry is crucial in these proofs

Behavior of temperature dependent SRAM-PUFs, and consequences for secret-key capacity

Physical Unclonable Functions (PUFs) are a resource for generating and sharing secret keys. \u3cbr/\u3eThe mutual information between two respective observations of the same PUF gives an upper bound for the achievable secret-key rate of a secret-sharing scheme that relies on this PUF. \u3cbr/\u3eThis mutual information can be increased by including side information about the source.\u3cbr/\u3eWe show for a given statistical model of the SRAM-PUFs, how side information can be estimated from multiple observations of an SRAM cell. Finally, we calculate the achievable increased secret-key rate given the estimated side information