SHE based non interactive privacy preserving biometric authentication protocols

Being unique and immutable for each person, biometric signals are widely used in access control systems. While biometric recognition appeases concerns about password's theft or loss, at the same time it raises concerns about individual privacy. Central servers store several enrolled biometrics, hence security against theft must be provided during biometric transmission and against those who have access to the database. If a server's database is compromised, other systems using the same biometric templates could also be compromised as well. One solution is to encrypt the stored templates. Nonetheless, when using traditional cryptosystem, data must be decrypted before executing the protocol, leaving the database vulnerable. To overcame this problem and protect both the server and the client, biometrics should be processed while encrypted. This is possible by using secure two-party computation protocols, mainly based on Garbled Circuits (GC) and additive Homomorphic Encryption (HE). Both GC and HE based solutions are efficient yet interactive, meaning that the client takes part in the computation. Instead in this paper we propose a non-interactive protocol for privacy preserving biometric authentication based on a Somewhat Homomorphic Encryption (SHE) scheme, modified to handle integer values, and also suggest a blinding method to protect the system from spoofing attacks. Although our solution is not as efficient as the ones based on GC or HE, the protocol needs no interaction, moving the computation entirely on the server side and leaving only inputs encryption and outputs decryption to the client.

[1]  Mauro Barni,et al.  An efficient protocol for private iris-code matching by means of garbled circuits , 2012, 2012 19th IEEE International Conference on Image Processing.

[2]  Craig Gentry,et al.  Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[3]  John Daugman,et al.  How iris recognition works , 2002, IEEE Transactions on Circuits and Systems for Video Technology.

[4]  Jean-Sébastien Coron,et al.  Fully Homomorphic Encryption over the Integers with Shorter Public Keys , 2011, IACR Cryptol. ePrint Arch..

[5]  Ahmad-Reza Sadeghi,et al.  Efficient Privacy-Preserving Face Recognition , 2009, ICISC.

[6]  Jung Hee Cheon,et al.  Batch Fully Homomorphic Encryption over the Integers , 2013, EUROCRYPT.

[7]  Vincenzo Piuri,et al.  A privacy-compliant fingerprint recognition system based on homomorphic encryption and Fingercode templates , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[8]  Vinod Vaikuntanathan,et al.  Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages , 2011, CRYPTO.

[9]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[10]  Mauro Barni,et al.  Analysis of the security of linear blinding techniques from an information theoretical point of view , 2011, 2011 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[11]  Patrizio Campisi,et al.  Security and Privacy in Biometrics , 2013, Springer London.

[12]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[13]  Caroline Fontaine,et al.  A Survey of Homomorphic Encryption for Nonspecialists , 2007, EURASIP J. Inf. Secur..

[14]  Otto Carlos Muniz Bandeira Duarte,et al.  Somewhat homomorphic encryption scheme for arithmetic operations on large integers , 2012, 2012 Global Information Infrastructure and Networking Symposium (GIIS).

[15]  Ahmad-Reza Sadeghi,et al.  Privacy-Preserving ECG Classification With Branching Programs and Neural Networks , 2011, IEEE Transactions on Information Forensics and Security.

[16]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[17]  Jean-Sébastien Coron,et al.  Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers , 2012, EUROCRYPT.

[18]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[19]  Amit Sahai,et al.  Secure Multi-Party Computation , 2013 .

[20]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[21]  Stefan Katzenbeisser,et al.  Privacy-Preserving Face Recognition , 2009, Privacy Enhancing Technologies.

[22]  Takeshi Koshiba,et al.  Packed Homomorphic Encryption Based on Ideal Lattices and Its Application to Biometrics , 2013, CD-ARES Workshops.

[23]  Vincenzo Piuri,et al.  Privacy-preserving fingercode authentication , 2010, MM&Sec '10.

[24]  Ahmad-Reza Sadeghi,et al.  Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima , 2009, IACR Cryptol. ePrint Arch..

[25]  Fernando Pérez-González,et al.  Fully Private Noninteractive Face Verification , 2013, IEEE Transactions on Information Forensics and Security.