Remote secure object authentication: Secure sketches, fuzzy extractors, and security protocols

Authentication; Fingerprint-like features; Remote authentication protocol; Robust fuzzy extractor; Robust secure sketch; Secrecy; Authentication protocols; Fingerprint-like feature; Fuzzy extractors; Remote authentication; Robust fuzzy; Secure sketch; Computer Science (all); Law

Abstract :

[en] Coating objects with microscopic droplets of liquid crystals makes it possible to identify and authenticate objects as if they had biometric-like features: this is extremely valuable as an anti-counterfeiting measure. How to extract features from images has been studied elsewhere, but exchanging data about features is not enough if we wish to build secure cryptographic authentication protocols. What we need are authentication tokens (i.e., bitstrings), strategies to cope with noise, always present when processing images, and solutions to protect the original features so that it is impossible to reproduce them from the tokens. Secure sketches and fuzzy extractors are the cryptographic toolkits that offer these functionalities, but they must be instantiated to work with the peculiar specific features extracted from images of liquid crystals. We show how this can work and how we can obtain uniform, error-tolerant, and random strings, and how they are used to authenticate liquid crystal coated objects. Our protocol reminds an existing biometric-based protocol, but only apparently. Using the original protocol as-it-is would make the process vulnerable to an attack that exploits certain physical peculiarities of our liquid crystal coatings. Instead, our protocol is robust against the attack. We prove all our security claims formally, by modeling and verifying in Proverif, our protocol and its cryptographic schemes. We implement and benchmark our solution, measuring both the performance and the quality of authentication.

Disciplines :

Computer science

Author, co-author :

Arenas, Mónica P. ; SnT, University of Luxembourg, Esch-sur-Alzette, Luxembourg

FOTIADIS, Georgios ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust > APSIA > Team Peter RYAN

LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC

RAKEEI, Mohammadamin ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC

External co-authors :

Language :

English

Title :

Remote secure object authentication: Secure sketches, fuzzy extractors, and security protocols

Publication date :

January 2025

Journal title :

Computers and Security

ISSN :

0167-4048

Publisher :

Elsevier Ltd

Volume :

148

Pages :

104131

Peer reviewed :

Peer Reviewed verified by ORBi

Additional URL :

https://api.elsevier.com/content/article/PII:S016740482400436X?httpAccept=text/xml

Available on ORBilu :

since 14 October 2024

Statistics

Number of views

150 (15 by Unilu)

Number of downloads

103 (4 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

Adler, A., Youmaran, R., Loyka, S., Towards a measure of biometric feature information. Pattern Anal. Appl. 12:3 (2009), 261–270, 10.1007/S10044-008-0120-3.
Al-Assam, H., Abboud, A.J., Sellahewa, H., Jassim, S., Exploiting relative entropy and quality analysis in cumulative partial biometric fusion. Trans. Data Hiding Multim. Secur. 8 (2012), 1–18, 10.1007/978-3-642-31971-6_1.
Arenas, M.P., Bingöl, M.A., Demirci, H., Fotiadis, G., Lenzini, G., A secure authentication protocol for cholesteric spherical reflectors using homomorphic encryption. Batina, L., Daemen, J., (eds.) Progress in Cryptology - AFRICACRYPT 2022: 13th International Conference on Cryptology in Africa, AFRICACRYPT 2022, Fes, Morocco, July 18-20, 2022, Proceedings Lecture Notes in Computer Science, 2022, Springer Nature Switzerland, 425–447, 10.1007/978-3-031-17433-9_18.
Arenas, M., Demirci, H., Lenzini, G., Cholesteric spherical reflectors as physical unclonable identifiers in anti-counterfeiting. The 16th Int. Conf. on Availability, Reliability and Security, 2021, ACM, Vienna, 1–11, 10.1145/3465481.3465766 URL https://dl.acm.org/doi/10.1145/3465481.3465766.
Arenas, M., Demirci, H., Lenzini, G., An analysis of cholesteric spherical reflector identifiers for object authenticity verification. Mach. Learn. Knowl. Extract. 4:1 (2022), 222–239, 10.3390/make4010010 URL https://www.mdpi.com/2504-4990/4/1/10.
Barker, E., Roginsky, A., Transitioning the Use of Cryptographic Algorithms and Key Lengths: NIST Special Publication 800-131A Revision 2 Tech. Rep. March., 2019, National Institute of Standards and Technology, Gaithersburg, MD, 33, 10.6028/NIST.SP.800-131Ar2 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
Blanchet, B., An efficient cryptographic protocol verifier based on prolog rules. Proc. 14th IEEE Computer Security Foundations Workshop, vol. 1, 2001, IEEE, Citeseer, Nova Scotia, 82–96.
Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A., 2005. Secure Remote Authentication Using Biometric Data. In: Cramer, R. (Ed.), In: Advances in Cryptology – EUROCRYPT 2005, vol. 3494, Springer Berlin Heidelberg, ISBN: 978-3-540-25910-7 978-3-540-32055-5, pp. 147–163. http://dx.doi.org/10.1007/11426639_9, URL, Series Title, Lecture Notes in Computer Science.
Canetti, R., Fuller, B., Paneth, O., Reyzin, L., Smith, A., Reusable fuzzy extractors for low-entropy distributions. J. Cryptology, 34(1), 2021, 2.
Deledalle, C.-A., Denis, L., Tupin, F., How to compare noisy patches? Patch similarity beyond Gaussian noise. Int. J. Comput. Vis. 99:1 (2012), 86–102, 10.1007/s11263-012-0519-6 https://hal-imt.archives-ouvertes.fr/hal-00672357 http://link.springer.com/10.1007/s11263-012-0519-6.
Delvaux, J., Gu, D., Verbauwhede, I., Hiller, M., Yu, M.D.M., Efficient fuzzy extraction of PUF-induced secrets: Theory and applications. LNCS, vol. 9813 LNCS, 2016, 412–431, 10.1007/978-3-662-53140-2_20.
Dodis, Y., Kanukurthi, B., Katz, J., Reyzin, L., Smith, A., Robust fuzzy extractors and authenticated key agreement from close secrets. IEEE Trans. Inform. Theory 58:9 (2012), 6207–6222, 10.1109/TIT.2012.2200290.
Dodis, Y., Katz, J., Reyzin, L., Smith, A., Robust fuzzy extractors and authenticated key agreement from close secrets. Dwork, C., (eds.) Advances in Cryptology - CRYPTO 2006, 2006, Springer Berlin Heidelberg, Berlin, Heidelberg, 232–250.
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.D., Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38:1 (2008), 97–139, 10.1137/060651380.
Dodis, Y., Reyzin, L., Smith, A., Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Int. Conf. on the Theory and Applications of Cryptographic Techniques, 2004, Springer, Switzerland, 523–540.
Dolev, D., Yao, A., On the security of public key protocols. IEEE Trans. Inform. Theory 29:2 (1983), 198–208.
Gedraite, E.S., Hadad, M., Investigation on the effect of a Gaussian blur in image filtering and segmentation. Proc. ELMAR-2011, 2011, IEEE, Switzerland, 393–396.
Geng, Y., Noh, J., Drevensek-Olenik, I., Rupp, R., Lenzini, G., Lagerwall, J.P., High-fidelity spherical cholesteric liquid crystal Bragg reflectors generating unclonable patterns for secure authentication. Sci. Rep. 6 (2016), 1–9, 10.1038/srep26840.
Jiang, Q., Zhang, N., Ni, J., Ma, J., Ma, X., Choo, K.-K.R., Unified biometric privacy preserving three-factor authentication and key agreement for cloud-assisted autonomous vehicles. IEEE Trans. Veh. Technol. 69:9 (2020), 9390–9401.
Kang, H., Hori, Y., Katashita, T., Hagiwara, M., Iwamura, K., Cryptographie key generation from PUF data using efficient fuzzy extractors. Proc. of 16th Int. Conf. on Advanced Communication Technology, ICACT, 2014, IEEE, Pyeongchang, Korea (South), 23–26, 10.1109/ICACT.2014.6778915.
Lenzini, G., Ouchani, S., Roenne, P., Ryan, P.Y., Geng, Y., Lagerwall, J., Noh, J.H., Security in the shell: An optical physical unclonable function made of shells of cholesteric liquid crystals. 2017 IEEE Workshop on Information Forensics and Security, WIFS 2017, vol. 2018-Janua, 2017, 1–6, 10.1109/WIFS.2017.8267644.
Li, N., Guo, F., Mu, Y., Susilo, W., Nepal, S., Fuzzy extractors for biometric identification. 2017 IEEE 37th Int. Conf. on Distributed Computing Systems, ICDCS, 2017, IEEE, United States, 667–677.
Li, Q., Sutcu, Y., Memon, N., Secure sketch for biometric templates. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4284 LNCS, 2006, 99–113, 10.1007/11935230_7.
Liu, X., Wang, Y., Li, X., Yi, Z., Deng, R., Liang, L., Xie, X., Loong, D.T., Song, S., Fan, D., All, A.H., Zhang, H., Huang, L., Liu, X., Binary tempor al upconversion codes of Mn2+-activated nanoparticles for multilevel anti-counterfeiting. Nature Commun. 8:1 (2017), 1–7, 10.1038/s41467-017-00916-7.
Mesaritakis, C., Akriotou, M., Kapsalis, A., Grivas, E., Chaintoutis, C., Nikas, T., Syvridis, D., Physical unclonable function based on a multi-mode optical waveguide OPEN. Sci. Rep. 8:1 (2018), 1–12, 10.1038/s41598-018-28008-6.
Nandakumar, K., Jain, A.K., Biometric template protection: Bridging the performance gap between theory and practice. IEEE Signal Process. Mag. 32:5 (2015), 88–100.
Nandakumar, K., Jain, A.K., Biometric template protection: Bridging the performance gap between theory and practice. IEEE Signal Process. Mag. 32:5 (2015), 88–100, 10.1109/MSP.2015.2427849.
Nisan, N., Zuckerman, D., Randomness is linear in space. J. Comput. System Sci. 52:1 (1996), 43–52, 10.1006/jcss.1996.0004.
Peng, W.H., Lee, M.Y., Li, T.H., Huang, C.H., Lin, P.C., Performance comparison of image keypoint detection, description, and matching methods. Proc. of IEEE 5th Global Conference on Consumer Electronics, GCCE 2016, 2016, IEEE, Kyoto, Japan, 4–5, 10.1109/GCCE.2016.7800416.
Schwartz, M., Geng, Y., Agha, H., Kizhakidathazhath, R., Liu, D., Lenzini, G., Lagerwall, J.P.F., Linking physical objects to their digital twins via fiducial markers designed for invisibility to humans. Multifunct. Mater., 2021, 10.1088/2399-7532/ac0060 https://creativecommons.org/licences/by/3.0, https://iopscience.iop.org/article/10.1088/2399-7532/ac0060.
Shariati, S., Standaert, F.X., Jacques, L., Macq, B., Analysis and experimental evaluation of image-based PUFs. J. Cryptogr. Eng. 2:3 (2012), 189–206, 10.1007/s13389-012-0041-3.
Takahashi, K., Murakami, T., A measure of information gained through biometric systems. Image Vis. Comput., 32, 2013, 10.1109/ICPR.2010.296.
Tuyls, P., Akkermans, A.H., Kevenaar, T.A., Schrijen, G.J., Bazen, A.M., Veldhuis, R.N., Practical biometric authentication with template protection. LNCS 3546 (2005), 436–446, 10.1007/11527923_45.
Wang, Q., Wang, D., Cheng, C., He, D., Quantum2FA: Efficient quantum-resistant two-factor authentication scheme for mobile devices. IEEE Trans. Dependable Secure Comput. 20:1 (2021), 193–208.
Wen, Y., Liu, S., Robustly reusable fuzzy extractor from standard assumptions. LNCS, vol. 11274 LNCS, 2018, Springer International Publishing, Brisbane, 459–489, 10.1007/978-3-030-03332-3_17.
Wen, Y., Liu, S., Gu, D., Generic constructions of robustly reusable fuzzy extractor. LNSC, vol. 11443 LNCS, 2019, Springer International Publishing, Beijing, 349–378, 10.1007/978-3-030-17259-6_12.
Youmaran, R., Adler, A., Measuring biometric sample quality in terms of biometric feature information in Iris images. J. Electr. Comput. Eng. 2012 (2012), 282589:1–282589:9, 10.1155/2012/282589.
Zhu, H., Xiao, M., Sherman, D., Li, M., 2023. SoundLock: A Novel User Authentication Scheme for VR Devices Using Auditory-Pupillary Response. In: NDSS Symposium.