Rice University logoGeorge R. Brown School of Engineering
Electrical and Computer Engineering

Indelible Physical Randomness for Security: Biosignals, Silicon, and Biometrics, May 13, 2014, 3:00 PM - 5:00 PM

Thesis Defense

Graduate and Postdoctoral Studies

Masoud Rostami
Doctoral Candidate

George R. Brown Hall

In this thesis, I investigate the nature and properties of several indelible physical randomness phenomena. I leverage these indelible statistical properties to design robust and efficient security systems. Three different phenomena are discussed in this thesis: randomness in biosignals, silicon chips, and biometrics. In the first part, I present a system to authenticate external medical device programmers to Implantable Medical Devices (IMDs).IMDs have now built-in radio communication to facilitate non-invasive reprogramming, but lack well-designed authentication mechanisms, exposing patients to the risks of over-the-air attacks and physical harm. Our protocol uses biosignals for authentication mechanism, ensuring access only by a medical instrument in physical contact with an IMD-bearing patient. Based on statistical analysis of real-world data, I propose and analyze new techniques for extracting time-varying randomness from biosignals and introduce a novel cryptographic device pairing protocol that uses this randomness to protect against attacks by active adversaries, while meeting the practical challenges of lightweight implementation and noise tolerance in biosignals readings. In the second part, unavoidable physical randomness of transistors is investigated, and novel robust and low-overhead authentication, bit-commitment, and key exchange protocols are proposed. It will be meticulously shown that these protocols can achieve resiliency against reverse-engineering and replay attacks without a costly secure channel. The attack analysis guides us in tuning the parameters of the protocols for an efficient and secure implementation. In the third part, the statistical properties of fingerprint minutiae points are analyzed and a distributed security protocol will be proposed to safeguard biometric fingerprint databases based on the developed statistical models of fingerprint biometric.