A Framework for Analyzing Template Security and Privacy in Biometric Authentication Systems

In this correspondence, we analyze the vulnerabilities of biometric authentication protocols with respect to user and data privacy. The goal of an adversary in such context is not to bypass the authentication but to learn information either on biometric data or on users that are in the system. We elaborate our analysis on a general system model involving four logical entities (sensor, server, database, and matcher), and we focus on internal adversaries to encompass the situation where one or a combination of these entities would be malicious. Our goal is to emphasize that when going beyond the usual honest-but-curious assumption much more complex attacks can affect the privacy of data and users. On the one hand, we introduce a new comprehensive framework that encompasses the various schemes we want to look at. It presents a system model in which each internal entity or combination of entities is a potential attacker. Different attack goals are considered and resulting requirements on data flows are discussed. On the other hand, we develop different generic attacks. We follow a blackbox approach in which we consider components that perform operations on biometric data but where only the input/output behavior is analyzed. These attack strategies are exhibited on recent schemes such as the distributed protocol of Bringer (ACISP 2007), which is based on the Goldwasser-Micali cryptosystem, the related protocol of Barbosa (ACISP 2008), which uses the Paillier cryptosystem, and the scheme of Stoianov (SPIE 2010), that features the Blum-Goldwasser cryptosystem. All these schemes have been developed in the honest-but-curious adversary model and show potential weaknesses when considered in our malicious insider attack model.

[1]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[2]  Steve Peers,et al.  Visa Information System , 2012 .

[3]  Anil K. Jain,et al.  On the security of non-invertible fingerprint template transforms , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).

[4]  Andreas Dresen An Authentication Protocol with encrypted Biometric Data , 2010 .

[5]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[6]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[7]  Qiang Tang,et al.  Extended Private Information Retrieval and Its Application in Biometrics Authentications , 2007, CANS.

[8]  Mauro Barni,et al.  eSketch: a privacy-preserving fuzzy commitment scheme for authentication using encrypted biometrics , 2010, MM&Sec '10.

[9]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[10]  Qiang Tang,et al.  An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication , 2007, ACISP.

[11]  Qiang Tang,et al.  A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes , 2008, ISPEC.

[12]  Manuel Barbosa,et al.  Secure Biometric Authentication with Improved Accuracy , 2008, ACISP.

[13]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[14]  Manuel Blum,et al.  A Simple Unpredictable Pseudo-Random Number Generator , 1986, SIAM J. Comput..

[15]  Pieter H. Hartel,et al.  Fuzzy extractors for continuous distributions , 2006, ASIACCS '07.

[16]  Nalini K. Ratha,et al.  Cancelable Biometrics: A Case Study in Fingerprints , 2006, 18th International Conference on Pattern Recognition (ICPR'06).

[17]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[18]  Vincenzo Piuri,et al.  Privacy-preserving fingercode authentication , 2010, MM&Sec '10.

[19]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[20]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[21]  Manuel Blum,et al.  An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985, CRYPTO.

[22]  Chris J. Mitchell,et al.  Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards , 2003, ACNS.

[23]  A. Stoianov Cryptographically secure biometrics , 2010, Defense + Commercial Sensing.

[24]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[25]  Boris Skoric,et al.  Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting , 2007 .

[26]  Julien Bringer,et al.  Extending Match-On-Card to Local Biometric Identification , 2009, COST 2101/2102 Conference.

[27]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[28]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[29]  Julien Bringer,et al.  Blackbox Security of Biometrics (Invited Paper) , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[30]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[31]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[32]  Luminita Vasiu,et al.  Biometric Recognition - Security and Privacy Concerns , 2004, ICETE.

[33]  Koby Crammer,et al.  On the Algorithmic Implementation of Multiclass Kernel-based Vector Machines , 2002, J. Mach. Learn. Res..