Abstract
Secure sketches are useful in extending cryptographic schemes to biometric data since they allow recovery of fuzzy secrets under inevitable noise. In practice, secrets derived from biometric data are seldom used alone, but typically employed in a multi-factor or a multimodality setting where multiple secrets with different roles and limitations are used together. To handle multiple secrets, we can generate a sketch for each secret independently and simply concatenate them. Alternatively, we can “mix” the secrets and individual sketches, for example, by taking the first secret as the key to encrypt the sketches of all other secrets. Hence, it is interesting to investigate how the secrets are to be mixed so as to cater for different requirements of individual secrets. We found that, by appropriate mixing, entropy loss on more important secrets (e.g., biometrics) can be “diverted” to less important ones (e.g., password or PIN), thus providing more protection to the former. On the other hand, we found that mixing may not be advisable if the amount of randomness invested in sketch construction is large, or the sketch contains high redundancy, or all secrets are of the same importance. Our analysis provides useful insights and guidelines in the applications of secure sketches in biometric systems.
Chapter PDF
Similar content being viewed by others
References
Boyen, X.: Reusable cryptographic fuzzy extractors. In: Proceedings ACM Conf. on Computer and Communications Security, October 2004, pp. 82–91 (2004)
Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)
Chang, E.-C., Li, Q.: Hiding secret points amidst chaff. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 59–72. Springer, Heidelberg (2006)
Chang, E.C., Shen, R., Teo, F.W.: Finding the original point set hidden among chaff. In: ACM Symposium on Information, computer and communications security, p. 188 (2006)
Clancy, T.C., Kiyavash, N., Lin, D.J.: Secure smartcard-based fingerprint authentication. In: ACM Workshop on Biometric Methods and Applications, pp. 45–52 (2003)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)
Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th international conference on World Wide Web, pp. 657–666. ACM, New York (2007)
Ho, P., Armington, J.: A dual-factor authentication system featuring speaker verification and token technology. In: Audio- and Video-Based Biometric Person Authentication, pp. 128–136 (2003)
Hong, S., Jeon, W., Kim, S., Won, D., Park, C.: The vulnerabilities analysis of fuzzy vault using password. In: Second International Conference on Future Generation Communication and Networking, FGCN’08, pp. 76–83 (2008)
Juels, A., Sudan, M.: A fuzzy vault scheme. In: IEEE Intl. Symp. on Information Theory, pp. 408–421 (2002)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proceedings ACM Conf. on Computer and Communications Security, pp. 28–36 (1999)
Kholmatov, A., Yanikoglu, B.: Realization of correlation attack against the fuzzy vault scheme. Security, Forensics, Steganography, and Watermarking of Multimedia Contents (January 2008)
Klein, D.V.: Foiling the cracker: A survey of, and improvements to, password security. In: 2nd USENIX Security Workshop, pp. 5–14 (1990)
Linnartz, J.-P.M.G., Tuyls, P.: New shielding functions to enhance privacy and prevent misuse of biometric templates. In: Kittler, J., Nixon, M.S. (eds.) AVBPA 2003. LNCS, vol. 2688, pp. 393–402. Springer, Heidelberg (2003)
Lisimaque, G.: Biometrics and smart cards. In: Proceedings of Conference of the Biometric Consortium (1999)
Monrose, F., Reiter, M., Wetzel, S.: Password hardening based on keystroke dynamics. In: Proceedings ACM Conf. Computer and Communications Security, pp. 73–82 (1999)
Morris, R., Thompson, K.: Password security: A case history. Communications of the ACM, 594–597 (1979)
Nandakumar, K., Nagar, A., Jain, A.K.: Hardening fingerprint fuzzy vault using password. In: Advances in Biometrics International Conference, August 2007, pp. 927–937 (2007)
Sanchez-Reillo, R.: Including biometric authentication in a smart card operating system. In: Bigun, J., Smeraldi, F. (eds.) AVBPA 2001. LNCS, vol. 2091, pp. 342–347. Springer, Heidelberg (2001)
Simoens, K., Tuyls, P., Preneel, B.: Privacy weaknesses in biometric sketches. In: IEEE Symposium on Security and Privacy, vol. 16. IEEE Computer Society, Los Alamitos (2009)
Soutar, C., Roberge, D., Stoianov, A., Gilroy, R., Kumar, B.V.K.V.: Biometric encryption. In: ICSA Guide to Cryptography (1999)
Sutcu, Y., Li, Q., Memon, N.: Protecting biometric templates with sketch: Theory and practice. IEEE Transactions on Information Forensics and Security, 503–512 (September 2007)
Tuyls, P., Akkermans, A.H.M., Kevenaar, T.A.M., Schrijen, G.J., Bazen, A.M., Veldhuis, R.N.J.: Practical biometric authentication with template protection. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 436–446. Springer, Heidelberg (2005)
Tuyls, P., Goseling, J.: Capacity and examples of template-protecting biometric authentication systems. In: Maltoni, D., Jain, A.K. (eds.) BioAW 2004. LNCS, vol. 3087, pp. 158–170. Springer, Heidelberg (2004)
Yousefi-Nooraie, R., Mortaz-Hedjri, S.: Dermatoglyphic asymmetry and hair whorl patterns in schizophrenic and bipolar patients. Psychiatry Research, 247–250 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fang, C., Li, Q., Chang, EC. (2010). Secure Sketch for Multiple Secrets. In: Zhou, J., Yung, M. (eds) Applied Cryptography and Network Security. ACNS 2010. Lecture Notes in Computer Science, vol 6123. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13708-2_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-13708-2_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13707-5
Online ISBN: 978-3-642-13708-2
eBook Packages: Computer ScienceComputer Science (R0)