Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secret-Key Agreement Using Physical Identifiers for Degraded and Less Noisy Authentication Channels

Vamoua Yachongka, Hideki Yagi, Hideki Ochiai

TL;DR

This paper addresses secret-key agreement for authentication using physical identifiers under realistic noisy enrollment and authentication channels. By focusing on degraded and less-noisy authentication channels, it shows that a single auxiliary random variable suffices to characterize the capacity regions for GS and CS models, simplifying computation relative to prior two-variable forms. The authors derive closed-form results for binary sources and continuous Gaussian sources, and provide corollaries with computable parametric forms, along with numerical insights into how enrollment noise and storage constraints shape the secret-key and privacy-leakage trade-offs. The work bridges theory and practice by offering tight, computable bounds that can guide code design (e.g., polar/LDPC) for PUF- or biometric-based IoT authentication in both visible and hidden-source settings. Overall, the results advance practical secure key agreement with physical identifiers by identifying when single-auxiliary-variable characterizations are possible and how they behave under realistic noise models.

Abstract

Secret-key agreement based on biometric or physical identifiers is a promising security protocol for authenticating users or devices with small chips due to its lightweight security. In previous studies, the fundamental limits of such a protocol were analyzed, and the results showed that two auxiliary random variables were involved in the capacity region expressions. However, with these two auxiliary random variables, the complexity of computing the capacity regions may be prohibitively high. To deal with this problem, we explore classes of authentication channels that require only one auxiliary random variable in the expressions of the capacity regions. It is revealed that for the classes of degraded and less noisy authentication channels, a single auxiliary random variable is sufficient to express the capacity regions. As specific examples, we derive the closed-form expressions for binary and Gaussian sources. Also, numerical calculations for Gaussian sources are provided to show the trade-off between secret-key and privacy-leakage rates under a given storage rate, and to illustrate how the noise in the enrollment phase affects the capacity region.

Secret-Key Agreement Using Physical Identifiers for Degraded and Less Noisy Authentication Channels

TL;DR

This paper addresses secret-key agreement for authentication using physical identifiers under realistic noisy enrollment and authentication channels. By focusing on degraded and less-noisy authentication channels, it shows that a single auxiliary random variable suffices to characterize the capacity regions for GS and CS models, simplifying computation relative to prior two-variable forms. The authors derive closed-form results for binary sources and continuous Gaussian sources, and provide corollaries with computable parametric forms, along with numerical insights into how enrollment noise and storage constraints shape the secret-key and privacy-leakage trade-offs. The work bridges theory and practice by offering tight, computable bounds that can guide code design (e.g., polar/LDPC) for PUF- or biometric-based IoT authentication in both visible and hidden-source settings. Overall, the results advance practical secure key agreement with physical identifiers by identifying when single-auxiliary-variable characterizations are possible and how they behave under realistic noise models.

Abstract

Secret-key agreement based on biometric or physical identifiers is a promising security protocol for authenticating users or devices with small chips due to its lightweight security. In previous studies, the fundamental limits of such a protocol were analyzed, and the results showed that two auxiliary random variables were involved in the capacity region expressions. However, with these two auxiliary random variables, the complexity of computing the capacity regions may be prohibitively high. To deal with this problem, we explore classes of authentication channels that require only one auxiliary random variable in the expressions of the capacity regions. It is revealed that for the classes of degraded and less noisy authentication channels, a single auxiliary random variable is sufficient to express the capacity regions. As specific examples, we derive the closed-form expressions for binary and Gaussian sources. Also, numerical calculations for Gaussian sources are provided to show the trade-off between secret-key and privacy-leakage rates under a given storage rate, and to illustrate how the noise in the enrollment phase affects the capacity region.
Paper Structure (23 sections, 14 theorems, 89 equations, 11 figures, 1 table)

This paper contains 23 sections, 14 theorems, 89 equations, 11 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related Work
  3. Motivations
  4. Summary of Contributions
  5. Modeling Assumptions
  6. Notation and Organization
  7. System Models and Problem Formulations
  8. System Models
  9. Problem Formulations for the GS and CS Models
  10. The Capacity Regions With Two Auxiliary Random Variables
  11. Statement of Main Results
  12. Examples
  13. Binary Sources
  14. Scalar Gaussian Sources
  15. Behaviors of the Capacity Region for Gaussian Sources
  16. ...and 8 more sections

Key Result

Theorem 1

(Günlü et al. gksc2018) The capacity regions of the GS and CS models under the general class of ACs are given by where auxiliary random variables $U$ and $V$ satisfy the Markov chain $V-U-\Tilde{X}-X-(Y,Z)$ and their cardinalities are limited to $|\mathcal{V}| \le |\Tilde{\mathcal{X}}| + 6$ and $|\mathcal{U}| \le (|\Tilde{\mathcal{X}}| + 6)(|\Tilde{\mathcal{X}}| + 5)$. ∎

Figures (11)

  • Figure 1: A basic concept of secret-key agreement using physical and biometric identifiers itw3.
  • Figure 2: System models in the presence of Eve: The arrows attached with (GS) and (CS) denote the directions of the secret keys in the GS and CS models, respectively.
  • Figure 3: Transition probabilities of each channel for binary example
  • Figure 4: Data flows of the original system model (top) and transformed one (bottom) for Gaussian sources and channels
  • Figure 5: Projection of the capacity region $\mathcal{R}_G$ in \ref{['corollary11']} with different $\rho^2_1$ onto $R_JR_S$-plane.
  • ...and 6 more figures

Theorems & Definitions (20)

  • Definition 1
  • Definition 2
  • Theorem 1
  • Definition 3
  • Definition 4
  • Theorem 2
  • Remark 1
  • Theorem 3
  • Remark 2
  • Theorem 4
  • ...and 10 more