Design and Implementation for Secure Embedded Biometric Authentication Systems

1

Design and Implementation for Secure Embedded Biometric

Authentication Systems

Shenglin YangAdvisor: Ingrid Verbauwhede

Electrical Engineering Department

University of California, Los Angeles

2

Personal Authentication Systems

Biometrics

Select Authenticator

SecurityEmbedded

Software Optimization

Hardware Acceleration

Memory Management

Oracle-based Design

Crypto-Biometrics

Micro-coded Coprocessor

Secure Embedded Biometric Authentication Device

3

Outline

• Motivation and challenges

• Secure biometric matching techniques– Secure partitioning– Cryptographic Biometrics

• Fuzzy vault based fingerprint verification• Micro-coded coprocessor implementation• Secure iris verification

• Conclusions

4

Biometrics

Unique No token needed

No memorize needed

For mobile biometric authentication system, the template is stored on the embedded device.

•more resource-constrained•more vulnerable

Motivation and challenges

Biometrics provide a more secure and convenient way for personal authentication

5

Security Challenges

Protocol

Algorithm

Architecture (Embedded SW)

Circuit

Micro-Architecture

Traditional attacks

Channel

Stack/Memory

Bus

Side channel attacks

Timing

Power

EMI

Mobile devices are more accessible, which means that they are more vulnerable too!

• Attacks on communication channels, stack/memory, and bus …

• Side Channel Attacks (SCA) on mobile devices

6


Biometrics


SecurityEmbedded



Memory Management

Oracle-based Design

Crypto-Biometrics



7

Logic Level Solution

0-1 Transition

1-0 Transition

SCA based on Differential Power Analysis:

• Asymmetric power consumption in standard CMOS

• Obtain the secret key of an encryption system using the power variations

• Unprotected AES cracked under 3 min.

Solution: special logic (WDDL) • Exactly one charging event per cycle • Charge capacitance is constant for different outputs

Tiri, K. and Verbauwhede, I., Security encryption algorithms against DPA at the logic level: next generation smart card technology, Workshop on Cryptographic Hardware and Embedded Systems (Lecture Notes Computer Science Vol.2779), Sept. 2003, pp 125-136, Cologne, Germany.

8

Security Partitioning

• Security comes with penalty : larger chip size• Only the sensitive template and the corresponding

processes need to be protected.

MatchingAlgorithmAlgorithm

MinutiaeExtraction

SecretKey

Load Bogus

Load Key

Template

CryptoModule

Unprotected

Protected

9

Secure MatchingInput (Unsecure) Template (Secure)

Unprotected software

Protected oracle

Query Response

For each input minutiae pair I For each template minutiae pair T if (I=T) matching_count++

If matching_count >N return TRUE else return FALSE

Results: 1% FRR and <0.01% FAR

10


Biometrics


SecurityEmbedded



Memory Management

Oracle-based Design

Crypto-Biometrics



11

Cryptographic Biometrics

• Noninvertible transformed version of template• Fuzzy vault scheme

Ref: Juels, A. and Sudan, M., “A fuzzy vault scheme,” Proceedings 2002 IEEE International Symposium on Information Theory, 2002, pp.408. Piscataway, NJ.

Alice

List of favorite movies(KEY)

Bob

List of favorite movies(KEY’)

Telephone Num

CipherText

If KEY and KEY’ are similar enough, Bob can extract the Telephone number of Alice from the cipher text

12

Fingerprint Vault• Biometrics, such as fingerprint, can act as the KEY in the

fuzzy vault schemep(x)

MinutiaeTemplate

Fuzzy Vault

Add Noise

Matching

PIN

PIN OK?

ThumbPod

MinutiaeInput

Lock set

MinutiaeTemplate

Fuzzy Vault

Encode (GF)

Add Noise

Matching

PIN

PIN OK?

ThumbPod

MinutiaeInput

Lock set

p(x)

13

Effect of Shifting and Rotation

(a)

(b)

(a) and (b) are two prints from a same finger; (c) is the positions of the features.

(c)

14

Feature Alignment

2

1 1d

Figu

2d

Fig

1

Fig

2

Fi

212121 ,,,,, ddM

Overlap of four minutiae feature sets aligned based on a well-selected reference point

15

Experimental Results (1)

• Unlock complexity varies according to the degree of polynomial for different size of impostor set.

Size of unlock set / Degree of polynomial

Lo

g c

om

ple

xity

(lo

g2)

16

Size of unlock size / Degree of polynomial

Err

or R

ate

verification accuracy varies along with polynomial degrees for difference size of the impostor set.

Experimental Results (2)

Size of unlock set / Degree of polynomial

Err

or

rate

17

Experimental Results (3)• The influence of the polynomial degree and the chaff set size on the

system performance (Complexity-Accuracy Factor)

CER THCTHERM 1

Size of unlock set / polynomial degree

Complexity-Accuracy Factor

18


Biometrics


SecurityEmbedded



Memory Management

Oracle-based Design

Crypto-Biometrics



19

Implementation Approaches

Embedded Application

CPU DSP ASIPMicro-coded Design

ASIC

Standard Instruction Set Architecture

Specialized Instruction Set Architecture

Custom Instruction Set Architecture

Custom Micro-architecture

Custom Circuit

20

RNG

IO

ARM

TRIGFM TRIDAGRAMALURF

MICROCODE ROM

PCZ

IR

DE

CO

DE

RController

MEM

ArchitectureA 16-bit microcoded coprocessor, FV16, is design to implement the fuzzy vault algorithm

21

Performance Comparison

• Taking advantage of the special function blocks, the execution time is significantly reduced– GFM: 14 times– RNG: 162 times– TRI: 82 times

22

Human Iris

Iris

• iris forms during gestation and remains the same for the rest of one’s life

• iris is unique for individuals • it is well protected and extremely difficult to be modified

Sclera

Pupil

23

Iris Feature Extraction

Segmentation

Detect iris boundary

Detect pupil boundary

Isolate eyelid & eyelash

Normalization (Daugman’s rubber sheet model)

r r

Feature Coding

24

Feature Coding

r

2D signal

1D Gabor filter

Real response

Imaginaryresponse

Phase quantization Iris template

Feature Coding

1D signal

Position

Intensity

25

Template-Protect Verification

ENC

Secret data generation

Hash

Recovering the random bit stream

Storage

Comparing

Iris feature

Input iris feature

Enrollment

Verification

Result

W

Hash

W

S’

CS

(1023,46,219) BCH

26

Two-Segment AlgorithmFeature extraction

Reliable bits selection

Select flag Reliable bits (Z)

RNG

S

Storage

F

C

Division Z1 Z2

InputReliable bits selection

F

Division

W1

W2

W1 W2

DEC

DEC

Hash

Storage

Compare

Decision

Y/N

Hs

(Hs)1Hs

(Hs)2

R1

R2

Z1

Z2

S1

S2

ENC

Hash

Hash

27

Verification Performance

0

0.1

0.2

0.3

0.4

0 0.2 0.4 0.6 0.8 1

Hamming distance

Pro

babi

lity

Intra-class

inter-class

0

0.005

0.01

0.015

0.02

0.35 0.4 0.45 0.5 0.55

All feature bits are used for verification

0

0.1

0.2

0.3

0 0.2 0.4 0.6 0.8 1

Hamming distance

Prob

abil

ity

Intra-class

Inter-class

0

0.005

0.01

0.015

0.02

0.35 0.4 0.45 0.5 0.55

Reliable feature bits are used for verification

(a) (b)

28

Performance vs Reliable Bits Sizes(1)

0

0.2

0.4

0.6

0.8

1

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Threshold

Err

or

rate

FRR

FAR

Desired verification threshold

1460 reliable bits

29

1096 reliable bits

0

0.2

0.4

0.6

0.8

1

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Threshold

Err

or

rate

FRR

FAR



30

974 reliable bits


0

0.2

0.4

0.6

0.8

1

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Threshold

Err

or

rate

FRR

FAR


31

Performance Comparison

Reliable bits size Desired threshold FRR FAR

1460 30.0% 14.7% 0.0%

1096 40.0% 0.8% 0.0%

974 45.0% 1.6% 23.0%

The iris verification system based on 1096 reliable bits achieves the best performance

32

Conclusions

• An efficient secure embedded fingerprint authentication

system is designed and implemented.

• System security for biometric authentication systems is

addressed from two levels: Logic level and algorithm

level.– Security partitioning based fingerprint matching algorithm is

proposed

– Fuzzy vault based fingerprint matching is designed and

implemented using microcoded coprocessor

– Template-protected iris verification is proposed

33

Selected PublicationsYang, S., Sakiyama, K., and Verbauwhede, I., “Efficient and Secure Fingerprint Verification for Embedded Devices,” EURASIP Journal on Applied Signal Processing, vol.2006, no.3, pp. 11, 2006.

Yang, S., Schaumont, P., and Verbauwhede, I., “Microcoded Coprocessor for Embedded Secure Biometric Authentication Systems,” Proc. IEEE/ACM/IFIP International Conference on Hardware - Software Codesign and System Synthesis, pp. 130-135, September. 2005.

Yang, S. and Verbauwhede, I., “Automatic Secure Fingerprint Verification System Based on Fuzzy Vault Scheme,” Proc. IEEE International Conference on Acoustics, Speech, and Signal Processing, pp. 609-612, March 2005.

Yang, S. and Verbauwhede, I., “Secure Fuzzy Vault Based Fingerprint Verification System,” Proc. 38th IEEE Asilomar Conference on Signals, Systems, and Computers, Vol. 1, pp. 577-581, November 2004.

Yang, S. and Verbauwhede, I., “Methodology for Memory Analysis and Optimization in Embedded Systems,” Proc. GSPx Embedded Signal Processing Conference, pp. 1-6, September 2004.

Yang, S. and Verbauwhede, I., “A Realtime, Memory Efficient Fingerprint Verification System,” Proc. IEEE International Conference on Acoustics, Speech, and Signal Processing, pp. 189-192, May 2004.

Yang, S. and Verbauwhede, I., “A Secure Fingerprint Matching Technique,” Proc. ACM Workshop on Biometrics: Methods and Applications, pp.89-94, November 2003.

Yang, S., Sakiyama, K., and Verbauwhede, I., “A Compact and Efficient Fingerprint Verification System for Secure Embedded Systems,” Proc. 37th IEEE Asilomar Conference on Signals, Systems, and Computers, pp. 2058-2062, November 2003.

34

Thank You!

Design and Implementation for Secure Embedded Biometric Authentication Systems

Documents

Transcript of Design and Implementation for Secure Embedded Biometric Authentication Systems