• Speaker : Benjamin Fuller
  • Location : Laurel Hall 110
  • Date : September 26th, 2017
  • Time : 11:00 AM - 12:00 PM


Biometrics are the preferred authentication modality on mobile platforms including phones, tablets, and wearables. Biometric authentication has two primary challenges are 1) biometrics exhibit noise between repeated readings, necessitating a matching algorithm that allows for error tolerance and 2) biometrics cannot be regenerated or refreshed. Due to the noise, biometrics are stored in plaintext, so device compromise completely reveals the user’s biometric value. Unfortunately, plaintext storage of biometric values creates privacy and security risks for users.

Fuzzy extractors derive a stable cryptographic key from values that exhibit noise between repeated readings (Dodis et al., Eurocrypt 2004). They allow a computer to perform a noisy matching without storing an enrollment value. Fuzzy extractors have not seen wide deployment due to insufficient security guarantees. In particular, standard fuzzy extractors provide 1) no security guarantees for many biometric sources and 2) no security if a user enrolled the same biometric with multiple devices or providers.

We build a biometric key derivation system for the iris. We focus on the iris due to recognition as the best biometric (Prabhakar et al., S&P 2003). While previous works has claimed key derivation systems from the iris the security arguments in previous works assume unrealistic adversary models. In particular, no known construction securely handles the case of multiple enrollments. Recently, Canetti et al. (Eurocrypt 2016) proposed a new fuzzy extractor called sample-then-lock that allows enrollments with multiple services. Two limitations of their work are a requirement for samples from the biometric value to have high entropy and the inability to tolerate a linear error rate.

In this work, we build a reusable key derivation system for the iris starting from the construction of Canetti et al. Overcoming the above limitations requires changes to the iris transform and the cryptographic construction. Our modifications are backed by statistical analysis and we clearly state what statistical assumptions on the iris are necessary for security. Our construction is available in an open source Python implementation. We present multiple versions of our system that tradeoff between usability, correctness, and security. We recommend two versions depending on the use case: -An iris only system that provides 47 bits of security. -A two factor system that adds a password with 81 bits of security. The special structure of our construction allows seamless password integration which is not possible for previous biometric systems.