Secure Outsourced Biometric Authentication With Performance Evaluation on Smartphones

We design privacy-preserving protocols for scaled Manhattan and scaled Euclidean verifiers, secure against malicious clients and honest-but-curious server. We then augment our protocols with principal component analysis (PCA), which can help to improve authentication accuracy. We evaluate the performance of our protocols on an emerging application-namely, continuous authentication of smartphone users. We compare the performance of protocols secure under the malicious client model, with three protocols secure in the honest-but-curious model. We report tradeoffs between computation overhead, communication cost, and authentication accuracy. Our key observations are: 1) scaled Manhattan without PCA gives the best tradeoff between security, accuracy, and overhead and 2) with PCA, memory availability on current smartphones limits the number of features that can be used with scaled Manhattan, and prevents the scaled Euclidean protocol from running. Our extended evaluation on a laptop client shows that PCA with both scaled Manhattan and scaled Euclidean verifiers is feasible given sufficient memory.

[1]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[2]  Vir V. Phoha,et al.  Privacy-preserving population-enhanced biometric key generation from free-text keystroke dynamics , 2014, IEEE International Joint Conference on Biometrics.

[3]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[4]  Craig Gentry,et al.  Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[5]  Ivan Damgård,et al.  A correction to 'efficient and secure comparison for on-line auctions' , 2009, Int. J. Appl. Cryptogr..

[6]  Ahmad-Reza Sadeghi,et al.  Efficient Privacy-Preserving Face Recognition , 2009, ICISC.

[7]  Ivan Damgård,et al.  Asynchronous Multiparty Computation: Theory and Implementation , 2008, IACR Cryptol. ePrint Arch..

[8]  Roy A. Maxion,et al.  Comparing anomaly-detection algorithms for keystroke dynamics , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[9]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[10]  C. Sanchez-Avilaa,et al.  Two different approaches for iris recognition using Gabor filters and multiscale zero-crossing representation , 2004 .

[11]  Adam D. Smith,et al.  Efficient Two Party and Multi Party Computation Against Covert Adversaries , 2008, EUROCRYPT.

[12]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[13]  Vir V. Phoha,et al.  Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[14]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[15]  Nathan Chenette,et al.  Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions , 2011, CRYPTO.

[16]  Ivan Damgård,et al.  Homomorphic encryption and secure comparison , 2008, Int. J. Appl. Cryptogr..

[17]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[18]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[19]  Jonathan Katz,et al.  Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose , 2013, CRYPTO.

[20]  Benny Pinkas,et al.  SCiFI - A System for Secure Face Identification , 2010, 2010 IEEE Symposium on Security and Privacy.

[21]  Boris Skoric,et al.  Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting , 2007 .

[22]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[23]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[24]  M. Turk,et al.  Eigenfaces for Recognition , 1991, Journal of Cognitive Neuroscience.

[25]  Sharath Pankanti,et al.  Fuzzy Vault for Fingerprints , 2005, AVBPA.

[26]  Sharath Pankanti,et al.  Filterbank-based fingerprint matching , 2000, IEEE Trans. Image Process..

[27]  Berry Schoenmakers,et al.  Computationally Secure Authentication with Noisy Data , 2007 .

[28]  Manuel Barbosa,et al.  Secure Biometric Authentication with Improved Accuracy , 2008, ACISP.

[29]  Ahmad-Reza Sadeghi,et al.  Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima , 2009, IACR Cryptol. ePrint Arch..

[30]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[31]  Ahmad-Reza Sadeghi,et al.  TASTY: tool for automating secure two-party computations , 2010, CCS '10.

[32]  Kiran S. Balagani,et al.  Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[33]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[34]  Youtian Du,et al.  User Authentication Through Mouse Dynamics , 2013, IEEE Transactions on Information Forensics and Security.

[35]  Thomas Plantard,et al.  Fully Homomorphic Encryption Using Hidden Ideal Lattice , 2013, IEEE Transactions on Information Forensics and Security.

[36]  Marina Blanton,et al.  Secure and Efficient Protocols for Iris and Fingerprint Identification , 2011, ESORICS.

[37]  Reihaneh Safavi-Naini,et al.  Privacy-Preserving Implicit Authentication , 2014, IACR Cryptol. ePrint Arch..

[38]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[39]  Venu Govindaraju,et al.  Combination of Symmetric Hash Functions for Secure Fingerprint Matching , 2010, 2010 20th International Conference on Pattern Recognition.

[40]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[41]  S. Rajsbaum Foundations of Cryptography , 2014 .

[42]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2010, IACR Cryptol. ePrint Arch..

[43]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[44]  Tao Feng,et al.  Continuous mobile authentication using a novel Graphic Touch Gesture Feature , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[45]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[46]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[47]  Stefan Katzenbeisser,et al.  Privacy-Preserving Face Recognition , 2009, Privacy Enhancing Technologies.

[48]  Vincenzo Piuri,et al.  Privacy-preserving fingercode authentication , 2010, MM&Sec '10.

[49]  Feng Li,et al.  Outsourceable two-party privacy-preserving biometric authentication , 2014, AsiaCCS.

[50]  Thomas J. Watson,et al.  An empirical study of the naive Bayes classifier , 2001 .

[51]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[52]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[53]  Qiang Tang,et al.  An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication , 2007, ACISP.