Title: Design and Implementation for Secure Embedded Biometric Authentication Systems
1Design and Implementation for Secure Embedded
Biometric Authentication Systems
- Shenglin Yang
- Advisor Ingrid Verbauwhede
- Electrical Engineering Department
- University of California, Los Angeles
2Personal Authentication Systems
Select Authenticator
Biometrics
Security
Embedded
Software Optimization
Oracle-based Design
Memory Management
Crypto-Biometrics
Hardware Acceleration
Micro-coded Coprocessor
Secure Embedded Biometric Authentication Device
3Outline
- Motivation and challenges
- Secure biometric matching techniques
- Secure partitioning
- Cryptographic Biometrics
- Fuzzy vault based fingerprint verification
- Micro-coded coprocessor implementation
- Secure iris verification
- Conclusions
4Motivation and challenges
Biometrics provide a more secure and convenient
way for personal authentication
Unique
No token needed
Biometrics
No memorize needed
- For mobile biometric authentication system, the
template is stored on the embedded device. - more resource-constrained
- more vulnerable
5Security Challenges
- Mobile devices are more accessible, which means
that they are more vulnerable too! - Attacks on communication channels, stack/memory,
and bus - Side Channel Attacks (SCA) on mobile devices
Traditional attacks
Side channel attacks
Protocol
Algorithm
Channel
Timing
Architecture (Embedded SW)
Stack/Memory
Power
Micro-Architecture
Bus
EMI
Circuit
6Personal Authentication Systems
Select Authenticator
Biometrics
Security
Embedded
Software Optimization
Oracle-based Design
Memory Management
Crypto-Biometrics
Hardware Acceleration
Micro-coded Coprocessor
Secure Embedded Biometric Authentication Device
7Logic Level Solution
- Asymmetric power consumption in standard CMOS
- Obtain the secret key of an encryption system
using the power variations - Unprotected AES cracked under 3 min.
- Solution special logic (WDDL)
- Exactly one charging event per cycle
- Charge capacitance is constant for different
outputs
Tiri, K. and Verbauwhede, I., Security encryption
algorithms against DPA at the logic level next
generation smart card technology, Workshop on
Cryptographic Hardware and Embedded Systems
(Lecture Notes Computer Science Vol.2779), Sept.
2003, pp 125-136, Cologne, Germany.
8Security Partitioning
Secret Key
Minutiae Extraction
Unprotected
Load Key
Crypto Module
Template
Load Bogus
Protected
- Security comes with penalty larger chip size
- Only the sensitive template and the corresponding
processes need to be protected.
9Secure Matching
Input (Unsecure)
Template (Secure)
For each input minutiae pair I For each
template minutiae pair T
Unprotected software
if (IT) matching_count If
matching_count gtN return TRUE else return
FALSE
Query
Response
Protected oracle
Results 1 FRR and lt0.01 FAR
10Personal Authentication Systems
Select Authenticator
Biometrics
Security
Embedded
Software Optimization
Oracle-based Design
Memory Management
Crypto-Biometrics
Hardware Acceleration
Micro-coded Coprocessor
Secure Embedded Biometric Authentication Device
11Cryptographic Biometrics
- Noninvertible transformed version of template
- Fuzzy vault scheme
Alice
Bob
Telephone Num
Cipher Text
List of favorite movies (KEY)
List of favorite movies (KEY)
If KEY and KEY are similar enough, Bob can
extract the Telephone number of Alice from the
cipher text
Ref Juels, A. and Sudan, M., A fuzzy vault
scheme, Proceedings 2002 IEEE International
Symposium on Information Theory, 2002, pp.408.
Piscataway, NJ.
12Fingerprint Vault
- Biometrics, such as fingerprint, can act as the
KEY in the fuzzy vault scheme
p(x)
Minutiae
PIN
Template
Lock set
Add Noise
ThumbPod
Fuzzy Vault
Minutiae
PIN OK?
Matching
Input
13Effect of Shifting and Rotation
(a)
(b)
(c)
(a) and (b) are two prints from a same finger
(c) is the positions of the features.
14Feature Alignment
Overlap of four minutiae feature sets aligned
based on a well-selected reference point
15Experimental Results (1)
- Unlock complexity varies according to the degree
of polynomial for different size of impostor set.
Log complexity (log2)
Size of unlock set / Degree of polynomial
16verification accuracy varies along with
polynomial degrees for difference size of the
impostor set.
Experimental Results (2)
Error rate
Size of unlock set / Degree of polynomial
17Experimental Results (3)
- The influence of the polynomial degree and the
chaff set size on the system performance
(Complexity-Accuracy Factor)
Complexity-Accuracy Factor
Size of unlock set / polynomial degree
18Personal Authentication Systems
Select Authenticator
Biometrics
Security
Embedded
Software Optimization
Oracle-based Design
Memory Management
Crypto-Biometrics
Hardware Acceleration
Micro-coded Coprocessor
Secure Embedded Biometric Authentication Device
19Implementation Approaches
Embedded Application
CPU DSP ASIP Micro-coded Design ASIC
Standard Instruction Set Architecture Specialized Instruction Set Architecture Custom Instruction Set Architecture Custom Micro-architecture Custom Circuit
20Architecture
A 16-bit microcoded coprocessor, FV16, is design
to implement the fuzzy vault algorithm
RNG
GFM
TRI
DAG
RAM
ALU
RF
TRI
Controller
Z
PC
IR
DECODER
IO
MICROCODE ROM
ARM
MEM
21Performance Comparison
- Taking advantage of the special function blocks,
the execution time is significantly reduced - GFM 14 times
- RNG 162 times
- TRI 82 times
22Human Iris
Sclera
Iris
Pupil
- iris forms during gestation and remains the same
for the rest of ones life - iris is unique for individuals
- it is well protected and extremely difficult to
be modified
23Iris Feature Extraction
Segmentation
Detect iris boundary
Detect pupil boundary
Isolate eyelid eyelash
Normalization (Daugmans rubber sheet model)
?
r
r
?
Feature Coding
24Feature Coding
Feature Coding
1D signal
2D signal
Intensity
r
?
Position
1D Gabor filter
Real response
Imaginary response
Phase quantization
Iris template
25Template-Protect Verification
Iris feature
(1023,46,219) BCH
C
Secret data generation
S
ENC
Enrollment
Hash
W
Storage
W
Recovering the random bit stream
Input iris feature
S
Verification
Comparing
Hash
Result
26Two-Segment Algorithm
Feature extraction
Reliable bits selection
Select flag
Reliable bits (Z)
F
Division
RNG
Z
Z
1
2
Storage
S
W
C
1
ENC
W2
Hash
F
Input
Hs
Reliable bits selection
W1
W2
Storage
Hs
Z1?
(Hs)1
S1?
R1
DEC
Hash
Division
Compare
Decision
Y/N
Z2?
S2?
(Hs)2
DEC
Hash
R2
27Verification Performance
(a)
(b)
Reliable feature bits are used for verification
All feature bits are used for verification
28Performance vs Reliable Bits Sizes(1)
1460 reliable bits
Error rate
FRR
FAR
0.4
0.5
0.6
0.7
0.8
0.9
1
Threshold
29Performance vs Reliable Bits Sizes(2)
1096 reliable bits
Desired verification threshold
1
0.8
Error rate
0.6
0.4
0.2
FRR
FAR
0
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Threshold
30Performance vs Reliable Bits Sizes(3)
974 reliable bits
1
0.8
Error rate
0.6
0.4
FRR
0.2
FAR
0
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Threshold
31Performance Comparison
The iris verification system based on 1096
reliable bits achieves the best performance
32Conclusions
- An efficient secure embedded fingerprint
authentication system is designed and
implemented. - System security for biometric authentication
systems is addressed from two levels Logic level
and algorithm level. - Security partitioning based fingerprint matching
algorithm is proposed - Fuzzy vault based fingerprint matching is
designed and implemented using microcoded
coprocessor - Template-protected iris verification is proposed
33Selected Publications
Yang, S., Sakiyama, K., and Verbauwhede, I.,
Efficient and Secure Fingerprint Verification
for Embedded Devices, EURASIP Journal on Applied
Signal Processing, vol.2006, no.3, pp. 11,
2006. Yang, S., Schaumont, P., and Verbauwhede,
I., Microcoded Coprocessor for Embedded Secure
Biometric Authentication Systems, Proc.
IEEE/ACM/IFIP International Conference on
Hardware - Software Codesign and System
Synthesis, pp. 130-135, September. 2005. Yang,
S. and Verbauwhede, I., Automatic Secure
Fingerprint Verification System Based on Fuzzy
Vault Scheme, Proc. IEEE International
Conference on Acoustics, Speech, and Signal
Processing, pp. 609-612, March 2005. Yang, S.
and Verbauwhede, I., Secure Fuzzy Vault Based
Fingerprint Verification System, Proc. 38th IEEE
Asilomar Conference on Signals, Systems, and
Computers, Vol. 1, pp. 577-581, November 2004.
Yang, S. and Verbauwhede, I., Methodology for
Memory Analysis and Optimization in Embedded
Systems, Proc. GSPx Embedded Signal Processing
Conference, pp. 1-6, September 2004. Yang, S.
and Verbauwhede, I., A Realtime, Memory
Efficient Fingerprint Verification System, Proc.
IEEE International Conference on Acoustics,
Speech, and Signal Processing, pp. 189-192, May
2004. Yang, S. and Verbauwhede, I., A Secure
Fingerprint Matching Technique, Proc. ACM
Workshop on Biometrics Methods and Applications,
pp.89-94, November 2003. Yang, S., Sakiyama, K.,
and Verbauwhede, I., A Compact and Efficient
Fingerprint Verification System for Secure
Embedded Systems, Proc. 37th IEEE Asilomar
Conference on Signals, Systems, and Computers,
pp. 2058-2062, November 2003.
34Thank You!