CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Resilient, privacy-preserving, revocable and user-centric authentication – Biometric Capsule

Xukai Zou

Xukai Zou - Indiana University-Purdue University Indianapolis

Feb 24, 2016

Size: 201.8MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

User authentication and identity management are the first-gate defense and access protection for cyber systems. Authentication failures, including post-authentication attacks, have caused constant system breaches and resulted in serious economic and social consequences to governments, enterprises, and individuals.

Passwords or smartcards have issues related to true identity, loss/theft, interoperability, cross-system password vulnerability, and post-authentication attacks. It is frustrating to memorize passwords and painful when one cannot log into a system because of forgetting the password. Due to biometrics' memorization-free, identity-binding and loss-resistant properties, assisted with widely-deployed built-in biometric sensors in mobile devices, biometric authentication is becoming more feasible and very attractive. However, biometrics technology introduces its own challenges. One serious problem is that biometric templates are hard to replace once compromised. In addition, biometrics may disclose a user's sensitive information (e.g., race, gender, even health condition), thus creating user privacy concerns.

A demo at Black Hat USA 2015 has alerted the public: fingerprints stored on smartphones can be stolen--remotely and at a large scale. The lost biometrics cannot be revoked and the individual's biometric identity becomes permanently void. A most recent event ``iPhone Error 53" has shocked the real world, and both angered and worried end customers: the iPhones of thousands of iPhone 6 users were killed after their iPhones' touch ID home buttons were repaired (by any third party), which was caused by touch IDs' irrevocability due to the physical binding of fingerprint touch ID with the home button.

In this talk, we will present a new biometric authentication method --Biometric Capsule which can address the aforementioned issues. Unlike existing biometric authentication methods, Bio-Capsule (BC) is a template derived from the secure fusion of a user's biometrics and that of a Reference Subject (RS). The RS is simply a physical object, e.g., a doll, or an artificial one, e.g., an image. Theoretical analysis and experiments have shown that the BC mechanism is solid and efficient. BC is replaceable, non-invertible (thus, preserving privacy), and resilient.

About the Speaker

Dr. Xukai Zou is a faculty member of CERIAS and an associate professor at the Department of Computer and Information Sciences, Indiana University-Purdue University Indianapolis. His current research focus is Applied Cryptography, Network Security, Authentication, secure electronic voting and health and genomic data security and privacy. His research has been supported by NSF, the Department of Veterans Affairs and Industry such as Cisco and Northrop Grumman.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.