CAREER: Cryptographic Authentication from Biometrics

职业：生物识别技术的加密认证

• 批准号: 2141033
• 负责人: Benjamin Fuller
• 金额: $ 50.56万
• 依托单位: University of Connecticut
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-07-01 至 2027-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2141033&HistoricalAwards=false
• 关键词: CAREER; Cryptographic; Authentication; Biometrics

In current devices, biometrics are processed in plaintext inside the hardware security module. Plaintext processing of biometrics leads to master keys residing unencrypted in the hardware security module for multiple consecutive days. As devices add sensors, they are included in the hardware security module, adding complexity and risk. Fuzzy extractors are a cryptographic primitive that derives keys from biometrics. However, prior fuzzy extractors do not secure known biometrics. This project builds a computationally secure fuzzy extractor that secures all possible distributions. Such a universal fuzzy extractor is not possible if one desires information theoretic security. Universal fuzzy extractors can be built with general purpose obfuscation, but such constructions cannot be implemented on commodity hardware and there are no constructions from standard assumptions. This project builds universal fuzzy extractors and investigates required assumptions. These designs are based on limited forms of functional encryption which can be built from standard assumptions. In addition, this project expands the functionality of fuzzy extractors to 1) support new noise models, 2) support updatable encryption methods, and 3) withstand active attacks. This project expands an experimental project-based cybersecurity laboratory to middle and high school students with a focus on under-represented female and minority students. This educational program stresses the outcome-focused interdisciplinary nature of cybersecurity. Students completing these programs will be hired as research assistants and mentors for future students.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在当前的设备中，生物识别信息在硬件安全模块内以明文形式进行处理。生物识别技术的明文处理导致主密钥连续多天以未加密的方式驻留在硬件安全模块中。随着设备添加传感器，它们被包含在硬件安全模块中，从而增加了复杂性和风险。模糊提取器是一种从生物识别技术中导出密钥的加密原语。然而，现有的模糊提取器不能保证已知的生物特征识别。该项目构建了一个计算安全的模糊提取器，可以保护所有可能的分布。如果人们想要信息论安全性，那么这样一种通用的模糊提取器是不可能的。通用模糊提取器可以通过通用混淆来构建，但这种构造不能在商品硬件上实现，并且没有来自标准假设的构造。该项目构建通用模糊提取器并研究所需的假设。这些设计基于有限形式的功能加密，可以根据标准假设构建。此外，该项目扩展了模糊提取器的功能，以1）支持新的噪声模型，2）支持可更新的加密方法，以及3）抵御主动攻击。该项目将基于实验项目的网络安全实验室扩展到初中和高中学生，重点关注代表性不足的女性和少数族裔学生。该教育计划强调网络安全以结果为中心的跨学科性质。完成这些项目的学生将被聘为研究助理和未来学生的导师。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Adaptive Risk-Limiting Comparison Audits

适应性风险限制比较审核

• DOI: 10.1109/sp46215.2023.10179424
• 发表时间: 2023
• 期刊: Proceedings IEEE Symposium on Security and Privacy
• 作者: Fuller, Benjamin;Harrison, Abigail;Russell, Alexander
• 通讯作者: Russell, Alexander

Inverting Biometric Models with Fewer Samples: Incorporating the Output of Multiple Models

• DOI: 10.1109/ijcb54206.2022.10007997
• 发表时间: 2022-10
• 期刊: 2022 IEEE International Joint Conference on Biometrics (IJCB)
• 作者: Sohaib Ahmad;Kaleel Mahmood;Benjamin Fuller

Nonmalleable Digital Lockers and Robust Fuzzy Extractors in the Plain Model

• DOI: 10.1007/978-3-031-22972-5_13
• 发表时间: 2022
• 作者: Daniel Apon;Chloé Cachet;Benjamin Fuller;Peter Hall;Feng-Hao Liu

Proximity Searchable Encryption for the Iris Biometric

• DOI: 10.1145/3488932.3497754
• 发表时间: 2022-05
• 期刊: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security
• 作者: Chloé Cachet;Sohaib Ahmad;Luke Demarest;Ariel Hamlin;Benjamin Fuller