Sources of entropy that are not precisely reproducible nor uniformly distributed, such as biometrics, nontraditional passwords, or physical random functions, are increasingly suggested as tools in electronic and physical security. There are, however, many significant unresolved questions about exactly how such sources should be used and stored. This proposal focuses on investigating how to use them securely, reliably, privately and versatilely. The techniques studied will have applications well beyond biometric authentication, to settings where noisy data needs to be stored securely, compared privately, or used cryptographically.
A simple motivating scenario for our research is that of password-based authentication. In order to avoid security vulnerabilities inherent in storing passwords, systems often store their one-way hashes instead. When a user's password is entered for verification, it is first hashed and then compared to the stored hash value. The problem with passwords, of course, is that their entropy is low. The problem with using highentropy inputs, on the other hand, is that the readily available ones are hard to reproduce precisely: humans make typographical errors in long passphrases and forget some of the answers to multiple questions, while machines cannot precisely reproduce fingerprints and iris scans from one reading to the next. Therefore, the one-way hash function approach does not work, because even slight variations in the input will results in drastic changes of the hash value. Without additional techniques, one has no choice but to store the original enrollment value and accept the inherent security vulnerabilities, or to exhaustively search all values close to the input value.
Intellectual Merits of the Proposed Project The proposed research will allow verification of such noisy high-entropy inputs without requiring secret storage or performing brute-force search. What distinguishes our work from related prior work in the literature is that our approach is rigorous and versatile. The techniques we propose to study will allow the use of unreliable nonuniform inputs not only in the above password-authentication scenario, but also for keys is any cryptographic application. Moreover, the same techniques will have other applications, such as privacy-preserving data mining.
Our proposal builds on the recent work of the two PIs [42]. That work introduced new notions for using nonuniform and unreliable data cryptographically: secure sketches and fuzzy extractors. While the notions are already finding applications [40, 39], much work is needed to obtain and analyze practical constructions for a variety of input classes, to strengthen definitions, and to study specific new applications.
Broader Impacts of the Proposed Project ON SECURE SYSTEMS. By removing the need for large-volume distributed secure storage, our work has the potential to significantly lower the costs and potential liabilities of systems that utilize biometric or other sensitive inputs for security (as detailed in the proposal description). Moreover, it may enable systems that have relied on low-entropy passwords to switch to more secure approaches, such as biometric-based key agreement.
ON PRIVACY. A significant drawback of many systems that require authentication is the loss of privacy that users experience (e.g., when having their social security numbers stored as passwords for their credit card accounts, or when having their fingerprints stored as passwords for secure doors). This work will remove the need to store private data in many applications. Moreover, as further detailed in the proposal description, the privacy protection will extend not only to the biometric (or similar) password, but also to the data protected by it, ensuring that no one without the right password will have access to the data.
ON EDUCATION. The two PIs regularly teach courses on cryptography and network security, and will be able incorporate the new results into the courses they teach. In addition, the proposal has a significant graduate student training component.