BRAKE: Biometric Resilient Authenticated Key Exchange

Biometric data are uniquely suited for connecting individuals to their digital identities. Deriving cryptographic key exchange from successful biometric authentication therefore gives an additional layer of trust compared to password-authenticated key exchange. However, biometric data are sensitive personal data that need to be protected on a long-term basis. Furthermore, efficient feature extraction and comparison components resulting in high intra-subject tolerance and inter-subject distinguishability, documented with good biometric performance, need to be applied in order to prevent zero-effort impersonation attacks. In this work, we present a novel protocol for Biometric Resilient Authenticated Key Exchange that fulfils the above requirements of biometric information protection compliant with the international ISO/IEC 24745 standard. In our protocol, we present a novel modification of unlinkable fuzzy vault schemes that allows their connection with oblivious pseudo-random functions to achieve resilient protection against offline attacks crucial for the protection of biometric data. Our protocol is independent of the biometric modality and can be implemented based on the security of discrete logarithms as well as lattices. We provide an open-source implementation of both instantiations of our protocol which achieve real-time efficiency with transaction times of less than one second from the image capture to the completed key exchange

Development of a peripheral device for software control using the Arduino platform

Cilj ovog rada bila je izrada perifernog uređaja za upravljanje softverom i pripadajućeg upravljačkog softvera. Prije opisa samog uređaja i softvera opisana je ukratko Arduino platforma, njezine hardverske i softverske komponente te konkretna struktura Arduino Leonardo razvojne pločice koja je korištena u ovom projektu. Nakon opisa Arduino platforme predstavljene su osnovne ideje i koncepti koji su korišteni u izradi i programiranju samog uređaja. Potom su ukratko navedene i objašnjene elektroničke komponente korištene u izradi uređaja. Objašnjeni su i najbitniji dijelovi programskog koda, pogotovo koda koji upravlja Arduinom. Osim Arduino koda objašnjen je i upravljački softver koji se izvodi na računalu i reagira na podatke koje Arduino šalje te izvodi zadane funkcije. Na kraju rada navedena su moguća poboljšanja uređaja i softverskog dijela projekta

Development of a peripheral device for software control using the Arduino platform

Cilj ovog rada bila je izrada perifernog uređaja za upravljanje softverom i pripadajućeg upravljačkog softvera. Prije opisa samog uređaja i softvera opisana je ukratko Arduino platforma, njezine hardverske i softverske komponente te konkretna struktura Arduino Leonardo razvojne pločice koja je korištena u ovom projektu. Nakon opisa Arduino platforme predstavljene su osnovne ideje i koncepti koji su korišteni u izradi i programiranju samog uređaja. Potom su ukratko navedene i objašnjene elektroničke komponente korištene u izradi uređaja. Objašnjeni su i najbitniji dijelovi programskog koda, pogotovo koda koji upravlja Arduinom. Osim Arduino koda objašnjen je i upravljački softver koji se izvodi na računalu i reagira na podatke koje Arduino šalje te izvodi zadane funkcije. Na kraju rada navedena su moguća poboljšanja uređaja i softverskog dijela projekta

BRAKE: Biometric Resilient Authenticated Key Exchange

Biometric data are uniquely suited for connecting individuals to their digital identities. Deriving cryptographic key exchange from successful biometric authentication therefore gives an additional layer of trust compared to password-authenticated key exchange. However, biometric data are sensitive personal data that need to be protected on a long-term basis. Furthermore, efficient feature extraction and comparison components resulting in high intra-subject tolerance and inter-subject distinguishability, documented with good biometric performance, need to be applied in order to prevent zero-effort impersonation attacks. In this work, we present a novel protocol for Biometric Resilient Authenticated Key Exchange that fulfils the above requirements of biometric information protection compliant with the international ISO/IEC 24745 standard. In our protocol, we present a novel modification of unlinkable fuzzy vault schemes that allows their connection with oblivious pseudo-random functions to achieve resilient protection against offline attacks crucial for the protection of biometric data. Our protocol is independent of the biometric modality and can be implemented based on the security of discrete logarithms as well as lattices. We provide an open-source implementation of both instantiations of our protocol which achieve real-time efficiency with transaction times of less than one second from the image capture to the completed key exchange