SaTC: CORE: Brute Force-Resistant Cryptographic Protocols Based on Biometric Data
Georgia Tech Research Corporation, Atlanta GA
Investigators
Abstract
Security of most practical cryptographic protocols relies on secret keys and hence is subject to brute-force (exhaustive search) attacks. This means that an attacker can attempt to test all possible keys in order to find the right one. This is usually not a big concern, because the exhaustive search of strong cryptographic secret keys is infeasible (i.e., it takes millions of years). However, in practice, keys are often generated from users' passwords or biometric data (such as fingerprints or facial features) for convenience of key management. In this scenario, brute-force attacks become a big concern because testing all passwords and biometrics is often feasible; for instance, it was recently shown that fingerprints used to unlock phones could be brute-forced in minutes. While there are some solutions for protecting against brute-force attacks of passwords, it is not straightforward how to adapt such solutions to biometrics. This is an important problem because biometrics are increasingly used in real systems and, unlike passwords, biometrics cannot be easily changed. This project's goal is to develop new techniques and protocols to protect sensitive biometric data against brute-force attacks. The focus of this project is solving the most pressing open problem in the security of highly sensitive biometric data. This project will develop a novel protocol for biometric-based authentication and key reconstruction that is highly resistant to brute-force attacks. In order to provide the security guarantees, the project will specify a security model capturing very strong adversarial capabilities and prove security of the protocol according to the security model. An important part of the project is to implement the protocol for concrete biometric datasets and tune its parameters for acceptable precision and security levels. Finally, the project will extend the solution to a brute-force-resistant, biometric-based authenticated key exchange protocol. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →