Secure Authentication Using Biometric Data - 06/11/2010

Karen Cui

Abstract:

Biometric data, as a potential source of high-entropy, secret information, have been suggested as a way to enable strong, cryptographically-secure authentication of human users without requiring them to remember or store traditional cryptographic keys. However, there are two issues being addressed: (1) biometric data are not uniformly distributed; and (2) they are not exactly reproducible.

Dodis, Reyzin, and Smith’s work has provided formal definitions and efficient secure techniques for turning noisy information into keys usable for any cryptographic application, and, in particular, reliably and securely authenticating biometric data. However, their work does not address the issue of active adversary who may modify the message sent between the server and the user. The paper, written by Boyen, Dodis, Katz, Ostrovsky, and Smith, has shown two efficient techniques enabling the use of biometric data to achieve mutual authentication or authenticated key exchange over a completely insecure (i.e., adversarially controlled) channel. Their solution achieves stronger security guarantees and tolerates a broader class of errors.

• AuthenticationPresentation_Karen2.pptx: PPT used for the presentation