Minutiae Matching with Privacy Protection Based on the Combination of Garbled Circuit and Homomorphic Encryption

Biometrics plays an important role in authentication applications since they are strongly linked to holders. With an increasing growth of e-commerce and e-government, one can expect that biometric-based authentication systems are possibly deployed over the open networks in the near future. However, due to its openness, the Internet poses a great challenge to the security and privacy of biometric authentication. Biometric data cannot be revoked, so it is of paramount importance that biometric data should be handled in a secure way. In this paper we present a scheme achieving privacy-preserving fingerprint authentication between two parties, in which fingerprint minutiae matching algorithm is completed in the encrypted domain. To improve the efficiency, we exploit homomorphic encryption as well as garbled circuits to design the protocol. Our goal is to provide protection for the security of template in storage and data privacy of two parties in transaction. The experimental results show that the proposed authentication protocol runs efficiently. Therefore, the protocol can run over open networks and help to alleviate the concerns on security and privacy of biometric applications over the open networks.

[1]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[2]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[3]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[4]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[5]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[6]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[7]  David Zhang,et al.  An analysis of BioHashing and its variants , 2006, Pattern Recognit..

[8]  Ahmad-Reza Sadeghi,et al.  Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima , 2009, IACR Cryptol. ePrint Arch..

[9]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[10]  Jonathan Katz,et al.  Efficient Privacy-Preserving Biometric Identification , 2011, NDSS.

[11]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[12]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[13]  Vincenzo Piuri,et al.  A privacy-compliant fingerprint recognition system based on homomorphic encryption and Fingercode templates , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[14]  Anil K. Jain,et al.  FVC2002: Second Fingerprint Verification Competition , 2002, Object recognition supported by user interaction for service robots.

[15]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System (Awarded Best Student Paper!) , 2004 .

[16]  K. Srinathan,et al.  Blind Authentication: A Secure Crypto-Biometric Verification Protocol , 2010, IEEE Transactions on Information Forensics and Security.

[17]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[18]  Ahmad-Reza Sadeghi,et al.  TASTY: tool for automating secure two-party computations , 2010, CCS '10.

[19]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[20]  Stefan Katzenbeisser,et al.  Privacy-Preserving Face Recognition , 2009, Privacy Enhancing Technologies.

[21]  Sharath Pankanti,et al.  Filterbank-based fingerprint matching , 2000, IEEE Trans. Image Process..

[22]  Qiang Tang,et al.  A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes , 2008, ISPEC.

[23]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[24]  Ahmad-Reza Sadeghi,et al.  Efficient Privacy-Preserving Face Recognition , 2009, ICISC.

[25]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[26]  Eryun Liu,et al.  Random local region descriptor (RLRD): A new method for fixed-length feature representation of fingerprint image and its application to template protection , 2012, Future Gener. Comput. Syst..

[27]  T.E. Boult,et al.  Cracking Fuzzy Vaults and Biometric Encryption , 2007, 2007 Biometrics Symposium.

[28]  Fei Su,et al.  A Robust Fingerprint Minutiae Matching Algorithm Based on the Support Model , 2004, ICBA.

[29]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[30]  Andreas Dresen An Authentication Protocol with encrypted Biometric Data , 2010 .