Earlier this year, UCLA computer science faculty members Rafail Ostrovsky and Amit Sahai presented papers at Eurocrypt 2005 outlining research that may make this vision a reality.
“In any secure system, designers must take into account two issues – users are unlikely to remember long passwords and will use short ones, and they are nearly always logging in from a remote location over the network, which opens the system to person in the middle attacks,” explains Ostrovsky.
A person in the middle (PIM) not only can try to break into the system and access the encrypted data, but can also pretend to be the other person while communicating with both parties to gain additional confidential information.
For instance, a novice chess player can play two grandmasters against each other without their knowledge. As long as one is playing white, the other black, the novice can draw or win at least one of the games against the champion players by using their moves as his own. Similar concerns happen in security protocols, explains Ostrovsky.
In 2001, Ostrovsky and his team devised a method to secure password systems against PIM attacks, and are now extending its capabilities to accept fingerprints as passwords. They have demonstrated a system in which data is transmitted back and forth and protected from PIM attacks through biometrics – the science of authentication through use of physiological features such as fingerprints or retinas.
The use of biometrics for security presents an additional challenge in that no two scans are ever exactly alike. You may place your finger slightly to one side on the pad or blink during a retina scan. Despite these slight variations that occur each time the biometretic data is obtained, the UCLA researchers have shown how biometrics can still be used to protect privacy in a secure system.
“It’s vital to protect biometric data even against PIM attacks when it is used as a password,” notes Ostrovsky, “because you can’t ‘reset’ your fingerprints if this information is stolen.”
“But even if biometric data is not kept secret,” Sahai points out, “it can still have important security applications.” Working with Brent Waters (BS 2000), now a postdoc at Stanford, Sahai has shown how to use biometric data as public keys to unlock encrypted information, replacing the numerical keys currently in use. Because biometrics are unique to individuals, one can have confidence that a public key really does belong to a particular human user. This eliminates the need for a cumbersome public key infrastructure. Sahai’s solution relies on an attribute-based system, in which identities are viewed as a set of specific characteristics.
“The error tolerance of our system allows for slight variations,” explains Sahai. Although the first [biometric] scan might be different from a second or third scan of the same person’s features, it would still be closer to later scans than to those of another person.”
Their attribute-based system can be extended to a second application beyond that involving biometrics. The system’s flexibility would allow an individual to send encrypted data to an unrestricted list of individuals, limiting access to the information based on a set of predefined attributes.
For instance, a person sending encrypted information to a list of graduate students could set the attributes so that only those majoring in computer science, who had taken a certain programming class, would be able to decrypt the information.
Ostrovsky and Sahai are directing the new Center for Information and Computation Security at UCLA.
“Together with graduate students and postdocs in computer science, mathematics and electrical engineering,” say Ostrovsky and Sahai, “we’re applying mathematics to develop elegant and appealing solutions to complex security issues.”