html5-img
1 / 34

Design and Implementation for Secure Embedded Biometric Authentication Systems

Design and Implementation for Secure Embedded Biometric Authentication Systems. Shenglin Yang Advisor: Ingrid Verbauwhede Electrical Engineering Department University of California, Los Angeles. Personal Authentication Systems. Select Authenticator. Biometrics. Embedded. Security.

dolf
Download Presentation

Design and Implementation for Secure Embedded Biometric Authentication Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Design and Implementation for Secure Embedded Biometric Authentication Systems Shenglin Yang Advisor: Ingrid Verbauwhede Electrical Engineering Department University of California, Los Angeles

  2. Personal Authentication Systems Select Authenticator Biometrics Embedded Security Software Optimization Oracle-based Design Memory Management Crypto-Biometrics Hardware Acceleration Micro-coded Coprocessor Secure Embedded Biometric Authentication Device

  3. Outline • Motivation and challenges • Secure biometric matching techniques • Secure partitioning • Cryptographic Biometrics • Fuzzy vault based fingerprint verification • Micro-coded coprocessor implementation • Secure iris verification • Conclusions

  4. Motivation and challenges Biometrics provide a more secure and convenient way for personal authentication Unique No token needed Biometrics No memorize needed • For mobile biometric authentication system, the template is stored on the embedded device. • more resource-constrained • more vulnerable

  5. Security Challenges Mobile devices are more accessible, which means that they are more vulnerable too! • Attacks on communication channels, stack/memory, and bus … • Side Channel Attacks (SCA) on mobile devices Traditional attacks Side channel attacks Protocol Algorithm Channel Timing Architecture (Embedded SW) Stack/Memory Power Micro-Architecture Bus EMI Circuit

  6. Personal Authentication Systems Select Authenticator Biometrics Embedded Security Software Optimization Oracle-based Design Memory Management Crypto-Biometrics Hardware Acceleration Micro-coded Coprocessor Secure Embedded Biometric Authentication Device

  7. SCA based on Differential Power Analysis: 0-1 Transition 1-0 Transition Logic Level Solution • Asymmetric power consumption in standard CMOS • Obtain the secret key of an encryption system using the power variations • Unprotected AES cracked under 3 min. • Solution: special logic (WDDL) • Exactly one charging event per cycle • Charge capacitance is constant for different outputs Tiri, K. and Verbauwhede, I., Security encryption algorithms against DPA at the logic level: next generation smart card technology, Workshop on Cryptographic Hardware and Embedded Systems (Lecture Notes Computer Science Vol.2779), Sept. 2003, pp 125-136, Cologne, Germany.

  8. Matching Algorithm Algorithm Security Partitioning Secret Key Minutiae Extraction Unprotected Load Key Crypto Module Template Load Bogus Protected • Security comes with penalty : larger chip size • Only the sensitive template and the corresponding processes need to be protected.

  9. Secure Matching Input (Unsecure) Template (Secure) For each input minutiae pair I For each template minutiae pair T Unprotected software if (I=T) matching_count++ If matching_count >N return TRUE else return FALSE Query Response Protected oracle Results: 1% FRR and <0.01% FAR

  10. Personal Authentication Systems Select Authenticator Biometrics Embedded Security Software Optimization Oracle-based Design Memory Management Crypto-Biometrics Hardware Acceleration Micro-coded Coprocessor Secure Embedded Biometric Authentication Device

  11. Cryptographic Biometrics • Noninvertible transformed version of template • Fuzzy vault scheme Alice Bob Telephone Num Cipher Text List of favorite movies (KEY) List of favorite movies (KEY’) If KEY and KEY’ are similar enough, Bob can extract the Telephone number of Alice from the cipher text Ref: Juels, A. and Sudan, M., “A fuzzy vault scheme,” Proceedings 2002 IEEE International Symposium on Information Theory, 2002, pp.408. Piscataway, NJ.

  12. p(x) Minutiae Encode (GF) PIN Template Lock set Add Noise ThumbPod Fuzzy Vault Minutiae PIN OK? Matching Input Fingerprint Vault • Biometrics, such as fingerprint, can act as the KEY in the fuzzy vault scheme p(x) Minutiae PIN Template Lock set Add Noise ThumbPod Fuzzy Vault Minutiae PIN OK? Matching Input

  13. Effect of Shifting and Rotation (a) (b) (c) (a) and (b) are two prints from a same finger; (c) is the positions of the features.

  14. Feature Alignment Overlap of four minutiae feature sets aligned based on a well-selected reference point

  15. Experimental Results (1) • Unlock complexity varies according to the degree of polynomial for different size of impostor set. Log complexity (log2) Size of unlock set / Degree of polynomial

  16. verification accuracy varies along with polynomial degrees for difference size of the impostor set. Experimental Results (2) Error rate Size of unlock set / Degree of polynomial

  17. Experimental Results (3) • The influence of the polynomial degree and the chaff set size on the system performance (Complexity-Accuracy Factor) Complexity-Accuracy Factor Size of unlock set / polynomial degree

  18. Personal Authentication Systems Select Authenticator Biometrics Embedded Security Software Optimization Oracle-based Design Memory Management Crypto-Biometrics Hardware Acceleration Micro-coded Coprocessor Secure Embedded Biometric Authentication Device

  19. Implementation Approaches Embedded Application

  20. Architecture A 16-bit microcoded coprocessor, FV16, is design to implement the fuzzy vault algorithm RNG RF ALU RAM DAG GFM TRI TRI Controller Z PC DECODER IR IO MICROCODE ROM ARM MEM

  21. Performance Comparison • Taking advantage of the special function blocks, the execution time is significantly reduced • GFM: 14 times • RNG: 162 times • TRI: 82 times

  22. Human Iris Sclera Iris Pupil • iris forms during gestation and remains the same for the rest of one’s life • iris is unique for individuals • it is well protected and extremely difficult to be modified

  23. Iris Feature Extraction Segmentation Detect iris boundary Detect pupil boundary Isolate eyelid & eyelash Normalization (Daugman’s rubber sheet model)  r r  Feature Coding

  24. Feature Coding Feature Coding 1D signal 2D signal Intensity r  Position 1D Gabor filter Real response Imaginary response Iris template Phase quantization

  25. Template-Protect Verification Iris feature (1023,46,219) BCH C Secret data generation S ENC Enrollment Hash W Storage W Recovering the random bit stream Input iris feature S’ Verification Comparing Hash Result

  26. Two-Segment Algorithm Feature extraction Reliable bits selection Select flag Reliable bits (Z) Division F RNG Z Z 1 2 Storage S W C 1 ENC W2 Hash F Input Hs Reliable bits selection W2 W1 Storage Hs Z1 (Hs)1 S1 R1 Hash DEC Division Y/N Decision Compare Z2 S2 (Hs)2 DEC Hash R2

  27. Verification Performance (a) (b) Reliable feature bits are used for verification All feature bits are used for verification

  28. 1 0.8 0.6 0.4 Desired verification threshold 0.2 0 0 0.1 0.2 0.3 Performance vs Reliable Bits Sizes(1) 1460 reliable bits Error rate FRR FAR 0.4 0.5 0.6 0.7 0.8 0.9 1 Threshold

  29. Performance vs Reliable Bits Sizes(2) 1096 reliable bits Desired verification threshold 1 0.8 Error rate 0.6 0.4 0.2 FRR FAR 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Threshold

  30. Desired verification threshold Performance vs Reliable Bits Sizes(3) 974 reliable bits 1 0.8 Error rate 0.6 0.4 FRR 0.2 FAR 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Threshold

  31. Performance Comparison The iris verification system based on 1096 reliable bits achieves the best performance

  32. Conclusions • An efficient secure embedded fingerprint authentication system is designed and implemented. • System security for biometric authentication systems is addressed from two levels: Logic level and algorithm level. • Security partitioning based fingerprint matching algorithm is proposed • Fuzzy vault based fingerprint matching is designed and implemented using microcoded coprocessor • Template-protected iris verification is proposed

  33. Selected Publications Yang, S., Sakiyama, K., and Verbauwhede, I., “Efficient and Secure Fingerprint Verification for Embedded Devices,” EURASIP Journal on Applied Signal Processing, vol.2006, no.3, pp. 11, 2006. Yang, S., Schaumont, P., and Verbauwhede, I., “Microcoded Coprocessor for Embedded Secure Biometric Authentication Systems,” Proc. IEEE/ACM/IFIP International Conference on Hardware - Software Codesign and System Synthesis, pp. 130-135, September. 2005. Yang, S. and Verbauwhede, I., “Automatic Secure Fingerprint Verification System Based on Fuzzy Vault Scheme,” Proc. IEEE International Conference on Acoustics, Speech, and Signal Processing, pp. 609-612, March 2005. Yang, S. and Verbauwhede, I., “Secure Fuzzy Vault Based Fingerprint Verification System,” Proc. 38th IEEE Asilomar Conference on Signals, Systems, and Computers, Vol. 1, pp. 577-581, November 2004. Yang, S. and Verbauwhede, I., “Methodology for Memory Analysis and Optimization in Embedded Systems,” Proc. GSPx Embedded Signal Processing Conference, pp. 1-6, September 2004. Yang, S. and Verbauwhede, I., “A Realtime, Memory Efficient Fingerprint Verification System,” Proc. IEEE International Conference on Acoustics, Speech, and Signal Processing, pp. 189-192, May 2004. Yang, S. and Verbauwhede, I., “A Secure Fingerprint Matching Technique,” Proc. ACM Workshop on Biometrics: Methods and Applications, pp.89-94, November 2003. Yang, S., Sakiyama, K., and Verbauwhede, I., “A Compact and Efficient Fingerprint Verification System for Secure Embedded Systems,” Proc. 37th IEEE Asilomar Conference on Signals, Systems, and Computers, pp. 2058-2062, November 2003.

  34. Thank You!

More Related