A New Secure Pairing Protocol using Biometrics

Secure Pairing enables two devices, which share no prior context with each other, to agree upon a security association that they can use to protect their subsequent communication. Secure pairing offers guarantees of the association partner identity and it should be resistant to eavesdropping or to a man-in-the-middle attack. We propose a user friendly solution to this problem. Keys extracted from biometric data of the participants are used for authentication. Details of the pairing protocol are presented along with a discussion of the security features, experimental validation with face recognition data and results of the usability analysis survey

SoK: Design Tools for Side-Channel-Aware Implementations

Side-channel attacks that leak sensitive information through a computing device's interaction with its physical environment have proven to be a severe threat to devices' security, particularly when adversaries have unfettered physical access to the device. Traditional approaches for leakage detection measure the physical properties of the device. Hence, they cannot be used during the design process and fail to provide root cause analysis. An alternative approach that is gaining traction is to automate leakage detection by modeling the device. The demand to understand the scope, benefits, and limitations of the proposed tools intensifies with the increase in the number of proposals. In this SoK, we classify approaches to automated leakage detection based on the model's source of truth. We classify the existing tools on two main parameters: whether the model includes measurements from a concrete device and the abstraction level of the device specification used for constructing the model. We survey the proposed tools to determine the current knowledge level across the domain and identify open problems. In particular, we highlight the absence of evaluation methodologies and metrics that would compare proposals' effectiveness from across the domain. We believe that our results help practitioners who want to use automated leakage detection and researchers interested in advancing the knowledge and improving automated leakage detection

REASSURE (H2020 731591) HW DES Dataset

The traces are fromChallenge 1of theChes 2018 CTF Algorithm: HW- DES implementation, unprotected Physical target: basic ZC 5.4 with no (noticeable) countermeasures Ext. clock=4MHz, internal clk for crypto engine: 60MHz (actual frequency is closer to 61MHz) Copyright: Creative Commons Attribution 4.0 International Open Acces

REASSURE (H2020 731591) HW DES Dataset

The traces are fromChallenge 1of theChes 2018 CTF Algorithm: HW- DES implementation, unprotected Physical target: basic ZC 5.4 with no (noticeable) countermeasures Ext. clock=4MHz, internal clk for crypto engine: 60MHz (actual frequency is closer to 61MHz) Copyright: Creative Commons Attribution 4.0 International Open Acces

REASSURE (H2020 731591) Masked AES Dataset

Item does not contain fulltextSW-AES -128 encryption, random masking, based onChallenge 2 from Ches 2018 CTF Implementation details: boolean masking added to the round key. Origin: Device D, Chip has a Cortex-M4F CPU, working at 168MHz Copyright: Creative Commons Attribution 4.0 International Open Accessnul

Maximum Key Size and Classification Performance of Fuzzy Commitment for Gaussian Modeled Biometric Sources

Template protection techniques are used within biometric systems in order to protect the stored biometric template against privacy and security threats. A great portion of template protection techniques are based on extracting a key from, or binding a key to the binary vector derived from the biometric sample. The size of the key plays an important role, as the achieved privacy and security mainly depend on the entropy of the key. In the literature, it can be observed that there is a large variation on the reported key lengths at similar classification performance of the same template protection system, even when based on the same biometric modality and database. In this work, we determine the analytical relationship between the classification performance of the fuzzy commitment scheme and the theoretical maximum key size given as input a Gaussian biometric source. We show the effect of the system parameters such as the biometric source capacity, the number of feature components, the number of enrolment and verification samples, and the target performance on the maximum key size. Furthermore, we provide an analysis of the effect of feature interdependencies on the estimated maximum key size and classification performance. Both the theoretical analysis, as well as an experimental evaluation using the MCYT fingerprint database showed that feature interdependencies have a large impact on performance and key size estimates. This property can explain the large deviation in reported key sizes in literature

Security and Artificial Intelligence: A Crossdisciplinary Approach

Abstract

A quantitative analysis of indistinguishability for a continuous domain biometric cryptosystem

Abstract. Biometric information is regarded as highly sensitive information and therefore encryption techniques for biometric information are needed to address security and privacy requirements of biometric information. Most security analyses for these encryption techniques focus on the scenario of one user enrolled in a single biometric system. In practice, biometric systems are deployed at different places and the scenario of one user enrolled in many biometric systems is closer to reality. In this scenario, cross-matching (tracking users enrolled in multiple databases) becomes an important privacy threat. To prevent such cross-matching, various methods to create renewable and indistinguishable biometric references have been published. In this paper, we investigate the indistinguishability or the protection against cross-matching of a continuous-domain biometric cryptosystem, the QIM. In particular our contributions are as follows. Firstly, we present a technique, which allows an adversary to decide whether two protected biometric reference data come from the same person or not. Secondly, we quantify the probability of success of an adversary who plays the indistinguishability game and thirdly, we compare the probability of success of an adversary to the authentication performance of the biometric system for the MCYT fingerprint database. The results indicate that although biometric cryptosystems represent a step in the direction of privacy enhancement, we are not there yet.