Skip to main content

Hitachi

Corporate InformationResearch & Development

Photo: TAKAHASHI Kenta
TAKAHASHI Kenta
Senior Researcher

Wherever a person may go, he or she can enjoy services without having to use a smart card or a password. Their privacy is protected in a safe and secure manner too. Aiming to create the social infrastructure to support that kind of world, Hitachi, Ltd. is pushing ahead with research on a daily basis.

A concept born from that research is a "public biometric infrastructure" (PBI). By fusing together two technologies—namely, biometric authentication and digital signature—it is possible to create a mechanism that will satisfy both users and service providers.

An epoch-making digital signature technology utilizing biometric information

It sounds like you've developed an epoch-making digital signature technology, right?

TAKAHASHIYes, we've developed an digital signature technology that utilizes biometric information. Although technologies have been available that use biometric authentication to manage private keys for digital signatures, such as using smart cards together with, the technology we developed is epoch-making because it is based on a digital signature that uses biometric information as a private key.

A digital signature is one of the key technologies composing a public-key infrastructure (or PKI, for short). The developed technology is applied to construct a PKI that utilizes biometric information as a private key. The resulting structure is called a "public biometric infrastructure" (PBI).

PKI is a security platform on a network, right?

Photo: TAKAHASHI Kenta

TAKAHASHIPKI is a security platform for correctly authenticating and matching who is who between service providers and service users. It is based on public-key encryption technology and digital signature technology.

An example scenario in which PKI is used is electronic government. For example, PKI allows income-tax returns to be filled on-line simply by inserting a smart card into a home PC. So, taking electronic government as an example, I'll explain the structure of PKI in the following.

As shown in Figure 1, the data—the "private key"—held on a smart card differs from person to person; in contrast, the "public key" is made public in a manner whereby relations with the right person are certified by a certification authority. In other words, PKI is a mechanism by which a service user signs a digital document with a private key, and a service provider uses a public key to validate the user as the right person and that the submitted digital document was not falsified.

Also, PKI technology is presently being used for the security protocol known as "Secure Sockets Layer" (SSL) and electronic commerce. In fact, PKI is in some way or another involved in almost all network platforms used by society.

Figure 1: Structure of public-key infrastructure (PKI)

It has become possible to use biometric information as the private key of an digital signature, hasn't it?

TAKAHASHIYes, it has become possible. In fact, researchers have been saying for more than ten years that "It would be convenient if biometric information could be used as a key for various cryptosystems." Nevertheless, the fusing of biometric authentication and digital signature is said to be difficult, and it has been more of a dream than a reality.

If it were possible to use biometric information as a private key, it would surely be very convenient. For example, at present, when the electronic government system is utilized, government bodies must distribute smart cards to citizens, who must then buy a card reader and input passwords. The steps involved are numerous and bothersome procedure must be performed each time. What's more, elderly folk have said that such botheration is a hurdle stopping them from utilizing the electronic government system. By using biometric information as a private key, it would become possible to complete the e-government procedures by simply passing one's finger over the biometric reader without the need for a smart card or a password.

From "closed" authentication to "open" authentication

Up until now, in what kind of situations has biometric authentication been used?

Photo: TAKAHASHI Kenta

TAKAHASHIConventionally, most biometric authentication has been used in "closed" systems. For example, in the case of an access control system managing people entering and exiting a room, a template (namely, biometric-information data) is recorded on a door control device, and when a person who wants to enter the room submits his or her biometric information, that information is compared with the template, and if the two data sets match, the person in authenticated and the door opens.

Biometric authentication is also used at bank ATMs. A template is stored on the IC chip of a cash card, and when biometric information is submitted by the user after the card is inserted into an ATM, money is dispensed if the submitted information matches the template. Similar to the access control system, a bank ATM is locally "closed" when an ATM and a cash card are viewed as single systems.

Tell us about the difference between conventional biometric authentication and PBI.

TAKAHASHIAs for conventional biometric authentication, biometric information does not go out of the system. That means its usage is restricted to certain locations or necessitates always having to carry something (a cash card, etc.) around. In contrast, PBI is unrestricted in that way; it allows "empty-handed" authentication wherever one goes.

The transition of authentication technologies is overviewed in Figure 2. Authentication based on personal effects and memory has been evolved from closed authentication within individual systems (such as UNIX password) to the Kerberos-based authentication (where a trusted third party authenticates all users and distributes the authentication results to service providers), and to PKI (open distributed authentication).

According to Figure 2, when looking at the transition from personal effects and memory to biometric authentication, we see that the authentication that is popular now is simple authentication that is closed within individual systems (as shown on the left side of the figure). In 2010, Hitachi commercialized a cloud-based biometric authentication service using a technology called "cancellable biometrics". The cancellable biometrics is comparable to the Kerberos authentication—which sits midway between password authentication and PKI.

So, on the right of the figure, what remains is something like authentication comparable to PKI with high scalability in a distributed form. Accordingly, we developed PBI, which was a kind of PKI based on biometric authentication. In the years to come, I think that, without doubt, the era of PBI will come.

Figure 2: Transition of authentication technologies and positioning of PBI

*
UNIX is a registered trademark of The Open Group in the United States and other countries.
*
Kerberos is a trademark of the Massachusetts Institute of Technology (MIT).

Using biometric information including errors as a private key

What are the technical challenges that come with using biometric information?

Figure 3: Conventional digital signature and biometric authentication

TAKAHASHIA private key with a digital signature is generally treated as digital information. All digital signature technologies are formulated under the presumption that there is no error in the key data, and that is the basis upon which safety is assured.

On the contrary, biometric information is analog data. Errors are generated easily by finger placement, sensor noise, and so on. Consequently, biometric information has not been utilized as a private key for digital signatures.

Under those circumstances, a methodology which generates digital data that can be used for a private key—by applying a technique called an "error-correcting code" to correct errors in biometric information—has been proposed and taken up by many researchers.

An error-correcting code was originally a technique for correcting errors caused by noisy communication channels (such as LAN cables). It allows the receiver's side to perform decoding and the sender's side to send data permitted to contain redundancy.

By means of this approach that generates (or decodes) a private key by error correction, when biometric information is registered, data called "auxiliary information" is created by embedding a private key with redundancy into biometric information. To generate a signature, the auxiliary information is utilized to correct errors in the captured biometric information, and the private key can be decoded.

With this approach, however, a digital signature function cannot be constructed in the strict sense. What that means is that the algorithm for generating a digital signature must use two data only, namely, plain text (digital documents) and a key (in this case, biometric information). In the case of this method, to allow the errors, auxiliary information is needed.

That means conventional biometric authentication requires a smart card containing auxiliary information.

Photo: TAKAHASHI Kenta

TAKAHASHIYes, that's right. Without auxiliary information, creating a digital signature by only using biometric information containing errors is our greatest challenge. With that in mind, in regard to the technique we developed in this research, we discarded the conventional idea, that is, creating a private key by utilizing error correction, and searched for a completely new approach.

To put that more concretely, the approach we came up with is a process that randomly creates a new pair of keys (called a "one-time key pair") when a signature is made.

By embedding a private key—one of that one-time key pair—in biometric information, the scheme of a conventional digital signature can be used to create a signature for plain text. As for the new digital-signature technique we proposed in this work, biometric information embedded with a one-time private key, a one-time public key, and a signed digital document are output as signature data. By doing that, a digital signature becomes possible by simply inputting plain text and biometric information.

A new technology combining two calculation technologies is born

How do you verify that the signature is the right one?

TAKAHASHIIn fact, that verification is a really difficult task. Although the signature is verified by using the one-time public key, that verification is insufficient because it is necessary to verify that the same person created the one-time public key and the public key created on registration. That which serves to correlate these two public keys is biometric information. However, a person's biometric information must be kept secret to the verifier of the signature. Given that condition, we used two calculation methods, namely, difference calculation and homomorphic calculation.

First, using a difference calculation, the difference between the embedded data on registration and on signature creation (namely, the difference between private keys) is calculated. As shown in Figure 4, in addition to the difference between private key (yellow) embedded in a public template on registration [step (1) in the figure] and private key (grey) embedded in signature data [step (2) in the figure], the errors between the biometric information in steps (1) and (2) are included.

In step (3) (signature verification), by performing error correction on the difference, it becomes possible to eliminate the errors between the biometric-information and calculate the pure difference between the private keys. However, we needed a clever scheme to do that calculation. Among the techniques for applying an error-correction code, a particular class of code that mathematically satisfies a property called "linearity" is used. By using a linear code, it is possible to accurately correct errors even if encoded data are added or subtracted. Such a calculated differential is called a "differential private key."

Next, it is confirmed whether the public key created when the public template was generated and the one-time public key when the signature was generated correspond to the differential private key made by the differential calculation. The technology developed in this work uses a method by which the relation between the private key and the public key satisfies a property called "homomorphism". By utilizing homomorphism, it is possible to verify that the differential private key is in complete agreement with the differentials between the like private keys that correspond to the two public keys.

Figure 4: Structure of an digital signature that permits errors in a private key

The key point is a new digital-signature technology that uses a difference calculation and a homomorphic calculation, right?

TAKAHASHIThat's right. Although these two calculations are methods conventionally used in the world of cryptographic theory and communications, combining them in the manner I have described to create a signature that ultimately permits errors in the private key is an entirely new technique.

Permitting errors in the private key has for a long time been a sort-after goal. However, when that idea was first conceived, I didn't perceive that it could be applied to digital signatures. It was only felt that the technology that used by cancellable biometrics—the previous incarnation of PBI—could be made more secure. However, when I looked into that possibility more and more, I realized that technology could actually be applied to digital signatures. When I realized that, I was pretty surprised!

Aiming toward supporting a next-generation social infrastructure

Tell us about what you are working on to achieve commercialization.

Photo: TAKAHASHI Kenta

TAKAHASHIPBI is a security platform for supporting social networks. Accordingly, it has become important to make a structure that includes not only technologies but also systems.

Nonetheless, we think getting PBI to support all security platforms is a difficult path without end, and aiming for that goal will not help the adoption of PBI. A world-standard mechanism referred to as PKI already exists; accordingly; while aligning PBI with existing standards, we must brush up its structure.

Since PBI is a platform targeting verification covering service providers and service users, we want to popularize and develop it as an option that use PKI more conveniently.

With popularization as a target, it is important to make people aware of the merits and security, right?

TAKAHASHIThat's right. Conventional biometrics cost too much and is hard to operate securely. In the case of PBI, if a template of a user (i.e., biometric information) be registered with a third-party body on the first attempt, after that, the registered template can be used as is, and it won't be necessary to handle the template oneself. On top of the obvious merit from the viewpoint of users of convenience brought by "empty handedness", the merits from the viewpoint of service providers will be that biometric authentication can be introduced at low cost and that services will be used more frequently by users.

As for the security of biometric authentication, for example, it is a concern that biometric information can be forged. Various measures for detecting forgery and evaluating detection performance are already being taken, and their standardization is progressing. Beyond that, although that means straightforward research to solve problems one by one is ongoing, to get users to utilize biometric authentication in a secure manner, presenting the results of that research to the world is the duty of researchers like us.

Services can be used at one's convenience wherever one may go without the need for a smart card or a password. On top of that, security is assured and one's privacy is protected. In that sense, we intend to continue our research while aiming to create a safe, secure, and convenient society.

Figure 5: A society realized by a public biometric infrastructure (PBI)

(Publication: May 26, 2014)

Notification

  • Publication: May 26, 2014
  • Professional affiliation and official position are at the time of publication.
  • Page top

Related contents

  • Page top