Revisiting Yasuda et al.'s Biometric Authentication Protocol: Are You Private Enough?

Biometric Authentication Protocols (\(\mathsf {BAP}\)s) have increasingly been employed to guarantee reliable access control to places and services. However, it is well-known that biometric traits contain sensitive information of individuals and if compromised could lead to serious security and privacy breaches. Yasuda et al. [23] proposed a distributed privacy-preserving \(\mathsf {BAP}\) which Abidin et al. [1] have shown to be vulnerable to biometric template recovery attacks under the presence of a malicious computational server. In this paper, we fix the weaknesses of Yasuda et al.’s \(\mathsf {BAP}\) and present a detailed instantiation of a distributed privacy-preserving \(\mathsf {BAP}\) which is resilient against the attack presented in [1]. Our solution employs Backes et al.’s [4] verifiable computation scheme to limit the possible misbehaviours of a malicious computational server.

[1]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[2]  Julien Bringer,et al.  SHADE: Secure HAmming DistancE Computation from Oblivious Transfer , 2013, Financial Cryptography Workshops.

[3]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, IEEE Symposium on Security and Privacy.

[4]  Michael Backes,et al.  ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data , 2015, 2015 IEEE Symposium on Security and Privacy.

[5]  Julien Bringer,et al.  A Framework for Analyzing Template Security and Privacy in Biometric Authentication Systems , 2012, IEEE Transactions on Information Forensics and Security.

[6]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[7]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[8]  Aikaterini Mitrokotsa,et al.  Privacy-Preserving Biometric Authentication: Challenges and Directions , 2017, Secur. Commun. Networks.

[9]  Jon Howell,et al.  Geppetto: Versatile Verifiable Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[10]  Elena Pagnin Authentication under Constraints , 2016 .

[11]  A. Stoianov Cryptographically secure biometrics , 2010, Defense + Commercial Sensing.

[12]  Christos Dimitrakakis,et al.  On the Leakage of Information in Biometric Authentication , 2014, INDOCRYPT.

[13]  Eduardo Soria-Vazquez,et al.  Some applications of verifiable computation to biometric verification , 2015, 2015 IEEE International Workshop on Information Forensics and Security (WIFS).

[14]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[15]  Aikaterini Mitrokotsa,et al.  Security aspects of privacy-preserving biometric authentication based on ideal lattices and ring-LWE , 2014, 2014 IEEE International Workshop on Information Forensics and Security (WIFS).

[16]  Michael Backes,et al.  Verifiable delegation of computation on outsourced data , 2013, CCS.

[17]  Takeshi Koshiba,et al.  Practical Packing Method in Somewhat Homomorphic Encryption , 2013, DPM/SETOP.

[18]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[19]  Rosario Gennaro,et al.  Efficiently Verifiable Computation on Encrypted Data , 2014, CCS.

[20]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[21]  Manuel Barbosa,et al.  Secure Biometric Authentication with Improved Accuracy , 2008, ACISP.

[22]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[23]  Ahmad-Reza Sadeghi,et al.  Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima , 2009, IACR Cryptol. ePrint Arch..

[24]  Julien Bringer,et al.  Privacy-Preserving Biometric Identification Using Secure Multiparty Computation: An Overview and Recent Trends , 2013, IEEE Signal Processing Magazine.