A Lattice-Based Approach to Privacy-Preserving Biometric Authentication Without Relying on Trusted Third Parties

We propose a two-factor authentication protocol that uses a cryptographic authentication factor (secret key) to add biometric template privacy security against server exposure attack, to any given (non-private, one-factor) biometric authentication scheme based on Hamming-Distance (HD) comparison of stored and queried binary biometric templates. Our protocol provides provable privacy under the hardness of a standard cryptographic lattice problem (Ring-LWE), and provable two-factor impersonation security under malicious client model.

[1]  Takeshi Koshiba,et al.  Practical Packing Method in Somewhat Homomorphic Encryption , 2013, DPM/SETOP.

[2]  Arun Ross,et al.  Handbook of Biometrics , 2007 .

[3]  Ron Steinfeld,et al.  GGHLite: More Efficient Multilinear Maps from Ideal Lattices , 2014, IACR Cryptol. ePrint Arch..

[4]  Aart Blokhuis,et al.  Note on the size of binary Armstrong codes , 2014, Des. Codes Cryptogr..

[5]  Stefan Katzenbeisser,et al.  Privacy-Preserving Face Recognition , 2009, Privacy Enhancing Technologies.

[6]  Craig Gentry,et al.  i-Hop Homomorphic Encryption and Rerandomizable Yao Circuits , 2010, IACR Cryptol. ePrint Arch..

[7]  Davide Maltoni,et al.  Minutia Cylinder-Code: A New Representation and Matching Technique for Fingerprint Recognition , 2010, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[8]  Ron Steinfeld,et al.  Efficient Public Key Encryption Based on Ideal Lattices , 2009, ASIACRYPT.

[9]  Daniele Micciancio,et al.  Statistical Zero-Knowledge Proofs with Efficient Provers: Lattice Problems and More , 2003, CRYPTO.

[10]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, EUROCRYPT.

[11]  Masaya Yasuda,et al.  Comprehensive and Improved Secure Biometric System Using Homomorphic Encryption , 2015, DPM/QASA@ESORICS.

[12]  Keisuke Tanaka,et al.  Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems , 2008, ASIACRYPT.

[13]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.

[14]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[15]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[16]  Satoshi Obana,et al.  Privacy-Preserving Fingerprint Authentication Resistant to Hill-Climbing Attacks , 2015, SAC.

[17]  Erdem Alkim,et al.  Post-quantum Key Exchange - A New Hope , 2016, USENIX Security Symposium.

[18]  Takato Hirano,et al.  Cryptographically-Secure and Efficient Remote Cancelable Biometrics Based on Public-Key Homomorphic Encryption , 2013, IWSEC.

[19]  Vadim Lyubashevsky,et al.  Lattice-Based Identification Schemes Secure Under Active Attacks , 2008, Public Key Cryptography.

[20]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[21]  Anat Paskin-Cherniavsky,et al.  Evaluating Branching Programs on Encrypted Data , 2007, TCC.

[22]  Qiang Tang,et al.  An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication , 2007, ACISP.

[23]  Christophe Rosenberger,et al.  An Overview on Privacy Preserving Biometrics , 2011 .

[24]  Frederik Vercauteren,et al.  Fully homomorphic SIMD operations , 2012, Designs, Codes and Cryptography.

[25]  Anat Paskin-Cherniavsky,et al.  Maliciously Circuit-Private FHE , 2014, CRYPTO.

[26]  Anil K. Jain,et al.  A hybrid biometric cryptosystem for securing fingerprint minutiae templates , 2010, Pattern Recognit. Lett..

[27]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[28]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[29]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[30]  Andrew Beng Jin Teoh,et al.  Cancellable biometrics and annotations on BioHash , 2008, Pattern Recognit..

[31]  Marina Blanton,et al.  Secure and Efficient Protocols for Iris and Fingerprint Identification , 2011, ESORICS.

[32]  Philip Ogunbona,et al.  Private Fingerprint Matching , 2012, ACISP.

[33]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[34]  Ron Steinfeld,et al.  Faster Fully Homomorphic Encryption , 2010, ASIACRYPT.

[35]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[36]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[37]  Moti Yung,et al.  Non-interactive cryptocomputing for NC/sup 1/ , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[38]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[39]  Benny Pinkas,et al.  SCiFI - A System for Secure Face Identification , 2010, 2010 IEEE Symposium on Security and Privacy.

[40]  Damien Stehlé,et al.  Improved Zero-Knowledge Proofs of Knowledge for the ISIS Problem, and Applications , 2013, Public Key Cryptography.

[41]  Arun Ross,et al.  50 years of biometric research: Accomplishments, challenges, and opportunities , 2016, Pattern Recognit. Lett..

[42]  Vinod Vaikuntanathan,et al.  Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages , 2011, CRYPTO.

[43]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[44]  John Daugman,et al.  The importance of being random: statistical principles of iris recognition , 2003, Pattern Recognit..

[45]  Ivan Damgård,et al.  Homomorphic encryption and secure comparison , 2008, Int. J. Appl. Cryptogr..

[46]  Pim Tuyls,et al.  Efficient Binary Conversion for Paillier Encrypted Values , 2006, EUROCRYPT.

[47]  Ron Steinfeld,et al.  Improved Security Proofs in Lattice-Based Cryptography: Using the Rényi Divergence Rather Than the Statistical Distance , 2015, ASIACRYPT.

[48]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[49]  Kiran S. Balagani,et al.  Secure Outsourced Biometric Authentication With Performance Evaluation on Smartphones , 2015, IEEE Transactions on Information Forensics and Security.