| 1. |
- Abidin, Aysajan, 1983, et al.
(author)
-
A Privacy-preserving Biometric Authentication Protocol Revisited
- 2014
-
In: In Proceedings of YACC 2014, Porquerolles island, France, June 2014.
-
Conference paper (peer-reviewed)abstract
- Biometric authentication establishes the identity of an individual based on biometric templates (i.e. fingerprints, retina scans etc.). Although biometric authentication has important advantagesand many applications, it also raises serious security and privacy concerns. In this parer, we investigatea privacy-preserving biometric authentication protocol that has been proposed by Bringer et al. andadopts a distributed architecture (i.e. multiple entities are involved in the authentication process). Wepresent an attack algorithm that can be employed to mount a number of attacks on the protocol underinvestigation and propose an improved version of the Bringer et al. protocol that combats the presentedattacks.
|
|
| 2. |
- Abidin, Aysajan, 1983, et al.
(author)
-
Attacks on Privacy-Preserving Biometric Authentication
- 2014
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - 1611-3349 .- 0302-9743. ; 8788:2014, s. 293-294
-
Conference paper (peer-reviewed)
|
|
| 3. |
- Abidin, Aysajan, 1983-
(author)
-
Authentication in Quantum Key Distribution : Security Proof and Universal Hash Functions
- 2013
-
Doctoral thesis (other academic/artistic)abstract
- Quantum Key Distribution (QKD) is a secret key agreement technique that consists of two parts: quantum transmission and measurement on a quantum channel, and classical post-processing on a public communication channel. It enjoys provable unconditional security provided that the public communication channel is immutable. Otherwise, QKD is vulnerable to a man-in-the-middle attack. Immutable public communication channels, however, do not exist in practice. So we need to use authentication that implements the properties of an immutable channel as well as possible. One scheme that serves this purpose well is the Wegman-Carter authentication (WCA), which is built upon Almost Strongly Universal2 (ASU2) hashing. This scheme uses a new key in each authentication attempt to select a hash function from an ASU2 family, which is then used to generate the authentication tag for a message.The main focus of this dissertation is on authentication in the context of QKD. We study ASU2 hash functions, security of QKD that employs a computationally secure authentication, and also security of authentication with a partially known key. Specifically, we study the following.First, Universal hash functions and their constructions are reviewed, and as well as a new construction of ASU2 hash functions is presented. Second, security of QKD that employs a specific computationally secure authentication is studied. We present detailed attacks on various practical implementations of QKD that employs this authentication. We also provide countermeasures and prove necessary and sufficient conditions for upgrading the security of the authentication to the level of unconditional security. Third, Universal hash function based multiple authentication is studied. This uses a fixed ASU2 hash function followed by one-time pad encryption, to keep the hash function secret. We show that the one-time pad is necessary in every round for the authentication to be unconditionally secure. Lastly, we study security of the WCA scheme, in the case of a partially known authentication key. Here we prove tight information-theoretic security bounds and also analyse security using witness indistinguishability as used in the Universal Composability framework.
|
|
| 4. |
- Abidin, Aysajan, et al.
(author)
-
Direct proof of security of Wegman-Carter authentication with partially known key
- 2014
-
In: Quantum Information Processing. - : Springer. - 1570-0755 .- 1573-1332. ; 13:10, s. 2155-2170
-
Journal article (peer-reviewed)abstract
- Information-theoretically secure (ITS) authentication is needed in Quantum Key Distribution (QKD). In this paper, we study security of an ITS authentication scheme proposed by Wegman& Carter, in the case of partially known authentication key. This scheme uses a new authentication key in each authentication attempt, to select a hash function from an Almost Strongly Universal2 hash function family. The partial knowledge of the attacker is measured as the trace distance between the authentication key distribution and the uniform distribution; this is the usual measure in QKD. We provide direct proofs of security of the scheme, when using partially known key, first in the information-theoretic setting and then in terms of witness indistinguishability as used in the Universal Composability (UC) framework. We find that if the authentication procedure has a failure probability ε and the authentication key has an ε´ trace distance to the uniform, then under ITS, the adversary’s success probability conditioned on an authentic message-tag pair is only bounded by ε +|Ƭ|ε´, where |Ƭ| is the size of the set of tags. Furthermore, the trace distance between the authentication key distribution and the uniform increases to |Ƭ|ε´ after having seen an authentic message-tag pair. Despite this, we are able to prove directly that the authenticated channel is indistinguishable from an (ideal) authentic channel (the desired functionality), except with probability less than ε + ε´. This proves that the scheme is (ε + ε´)-UC-secure, without using the composability theorem.
|
|
| 5. |
- Abidin, Aysajan, 1983, et al.
(author)
-
Efficient Verifiable Computation of XOR for Biometric Authentication
- 2016
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 10052, s. 284-298
-
Conference paper (peer-reviewed)abstract
- This work addresses the security and privacy issues in remote biometric authentication by proposing an efficient mechanism to verify the correctness of the outsourced computation in such protocols. In particular, we propose an efficient verifiable computation of XORing encrypted messages using an XOR linear message authentication code (MAC) and we employ the proposed scheme to build a biometric authentication protocol. The proposed authentication protocol is both secure and privacy-preserving against malicious (as opposed to honest-but-curious) adversaries. Specifically, the use of the verifiable computation scheme together with an homomorphic encryption protects the privacy of biometric templates against malicious adversaries. Furthermore, in order to achieve unlinkability of authentication attempts, while keeping a low communication overhead, we show how to apply Oblivious RAM and biohashing to our protocol. We also provide a proof of security for the proposed solution. Our simulation results show that the proposed authentication protocol is efficient.
|
|
| 6. |
- Abidin, Aysajan, et al.
(author)
-
New Universal Hash Functions
- 2012
-
In: Lecture Notes in Computer Science, Vol. 7242. - Berlin, Heidelberg : Springer Berlin Heidelberg. - 9783642341588 - 9783642341595 ; , s. 99-108
-
Conference paper (peer-reviewed)abstract
- Universal hash functions are important building blocks for unconditionally secure message authentication codes. In this paper, we present a new construction of a class of Almost Strongly Universal hash functions with much smaller description (or key) length than the Wegman-Carter construction. Unlike some other constructions, our new construction has a very short key length and a security parameter that is independent of the message length, which makes it suitable for authentication in practical applications such as Quantum Cryptography.
|
|
| 7. |
- Abidin, Aysajan
(author)
-
On Security of Universal Hash Function Based Multiple Authentication
- 2012
-
In: Lecture Notes in Computer Science, Vol. 7618. - Berlin, Heidelberg : Springer Berlin Heidelberg. - 9783642341281 - 9783642341298 ; , s. 303-310
-
Conference paper (peer-reviewed)abstract
- Universal hash function based multiple authentication was originally proposed by Wegman and Carter in 1981. In this authentication, a series of messages are authenticated by first hashing each message by a fixed (almost) strongly universal$_2$ hash function and then encrypting the hash value with a preshared one-time pad. This authentication is unconditionally secure. In this paper, we show that the unconditional security cannot be guaranteed if the hash function output for the first message is not encrypted, as remarked in [Atici and Stinson, CRYPTO '96. LNCS, vol. 1109]. This means that it is not only sufficient, but also necessary, to encrypt the hash of every message to be authenticated in order to have unconditional security. The security loss is demonstrated by a simple existential forgery attack.
|
|
| 8. |
- Abidin, Aysajan, et al.
(author)
-
Quantum cryptography and authentication with low key-consumption
- 2011
-
In: Proceedings of SPIE - The International Society for Optical Engineering. - : SPIE. - 9780819488176 ; , s. 818916-
-
Conference paper (peer-reviewed)abstract
- Quantum Key Distribution (QKD - also referred to as Quantum Cryptography) is a technique for secret key agreement. It has been shown that QKD rigged with Information-Theoretic Secure (ITS) authentication (using secret key) of the classical messages transmitted during the key distribution protocol is also ITS. Note, QKD without any authentication can trivially be broken by man-in-the-middle attacks. Here, we study an authentication method that was originally proposed because of its low key consumption; a two-step authentication that uses a publicly known hash function, followed by a secret strongly universal2 hash function, which is exchanged each round. This two-step authentication is not information-theoretically secure but it was argued that nevertheless it does not compromise the security of QKD. In the current contribution we study intrinsic weaknesses of this approach under the common assumption that the QKD adversary has access to unlimited resources including quantum memories. We consider one implementation of Quantum Cryptographic protocols that use such authentication and demonstrate an attack that fully extract the secret key. Even including the final key from the protocol in the authentication does not rule out the possibility of these attacks. To rectify the situation, we propose a countermeasure that, while not informationtheoretically secure, restores the need for very large computing power for the attack to work. Finally, we specify conditions that must be satisfied by the two-step authentication in order to restore informationtheoretic security.
|
|
| 9. |
- Abidin, Aysajan, 1983, et al.
(author)
-
Security aspects of privacy-preserving biometric authentication based on ideal lattices and ring-LWE
- 2014
-
In: 2014 IEEE International Conference on Communications Workshops, ICC 2014. ; , s. 60-65
-
Conference paper (peer-reviewed)abstract
- In this paper, we study the security of two recently proposed privacy-preserving biometric authentication protocols that employ packed somewhat homomorphic encryption schemes based on ideal lattices and ring-LWE, respectively. These two schemes have the same structure and have distributed architecture consisting of three entities: a client server, a computation server, and an authentication server. We present a simple attack algorithm that enables a malicious computation server to learn the biometric templates in at most 2N-τ queries, where N is the bit-length of a biometric template and τ the authentication threshold. The main enabler of the attack is that a malicious computation server can send an encryption of the inner product of the target biometric template with a bitstring of his own choice, instead of the securely computed Hamming distance between the fresh and stored biometric templates. We also discuss possible countermeasures to mitigate the attack using private information retrieval and signatures of correct computation.
|
|
| 10. |
- Abidin, Aysajan, 1983, et al.
(author)
-
Security of a Privacy-Preserving Biometric Authentication Protocol Revisited
- 2014
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. - 9783319122809 ; 8813, s. 290-304
-
Conference paper (peer-reviewed)abstract
- Biometric authentication establishes the identity of an individual based on biometric templates (e.g. fingerprints, retina scans etc.). Although biometric authentication has important advantages and many applications, it also raises serious security and privacy concerns. Here, we investigate a biometric authentication protocol that has been proposed by Bringer et al. and adopts a distributed architecture (i.e. multiple entities are involved in the authentication process). This protocol was proven to be secure and privacy-preserving in the honest-but-curious (or passive) attack model. We present an attack algorithm that can be employed to mount a number of attacks on the protocol under investigation. We then propose an improved version of the Bringer et al. protocol that is secure in the malicious (or active) insider attack model and has forward security.
|
|
