A Framework for Analyzing Template Security and Privacy in Biometric Authentication Systems

Simoens, Koen; Bringer, Julien; Chabanne, Hervé; Seys, Stefaan

doi:10.1109/tifs.2012.2184092

Cited by 94 publications

(64 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For a detailed description of the adversarial model, we refer the reader to, for example, [15][16][17]. Below, we list the four main threats that afflict privacy-preserving biometric authentication systems [18].…”

Section: Main Threats Against Privacy-preserving Biometric Authenticamentioning

confidence: 99%

Privacy-Preserving Biometric Authentication: Challenges and Directions

Pagnin

Mitrokotsa

2017

Security and Communication Networks

View full text Add to dashboard Cite

An emerging direction for authenticating people is the adoption of biometric authentication systems. Biometric credentials are becoming increasingly popular as a means of authenticating people due to the wide range of advantages that they provide with respect to classical authentication methods (e.g., password-based authentication). The most characteristic feature of this authentication method is the naturally strong bond between a user and her biometric credentials. This very same advantageous property, however, raises serious security and privacy concerns in case the biometric trait gets compromised. In this article, we present the most challenging issues that need to be taken into consideration when designing secure and privacypreserving biometric authentication protocols. More precisely, we describe the main threats against privacy-preserving biometric authentication systems and give directions on possible countermeasures in order to design secure and privacy-preserving biometric authentication protocols.

show abstract

Section: Main Threats Against Privacy-preserving Biometric Authenticamentioning

confidence: 99%

Privacy-Preserving Biometric Authentication: Challenges and Directions

Pagnin

Mitrokotsa

2017

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…As an example CS could compute gpEncpb i q, Encpvqq, where v is a chosen vector by CS, and subsequently send the result to SP, which outputs Out SP . By mounting a variant of the hill climbing attack [5], performing multiple repeated attempts, each time carefully choosing v, the stored template b i can be retrieved. Such attacks against several protocols proposed in [6][7][8] are presented in [9][10][11].…”

Section: Introductionmentioning

confidence: 99%

“…Bringer et al [8] proposed a distributed biometric authentication protocol using the Goldwasser-Micali cryptosystem [15] to protect the privacy of the biometric templates against honest-but-curious (or passive) adversaries. Nevertheless, some attacks on this protocol were reported in [5,11,18]. In [11], the authors have also improved upon the Bringer et al protocol to achieve security against malicious but non-colluding adversaries.…”

Section: Introductionmentioning

confidence: 99%

“…In [11], the authors have also improved upon the Bringer et al protocol to achieve security against malicious but non-colluding adversaries. Simoens et al [5] also presented a framework for analysing the security and privacy-preserving properties of biometric authentication protocols. In particular, they showed how biometric authentication protocols designed to be secure against honest-but-curious adversaries can be broken in the presence of malicious insider adversaries.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Efficient Verifiable Computation of XOR for Biometric Authentication

Abidin

Aly

Rúa

et al. 2016

Cryptology and Network Security

View full text Add to dashboard Cite

Abstract. This work addresses the security and privacy issues in remote biometric authentication by proposing an efficient mechanism to verify the correctness of the outsourced computation in such protocols. In particular, we propose an efficient verifiable computation of XORing encrypted messages using an XOR linear message authentication code (MAC) and we employ the proposed scheme to build a biometric authentication protocol. The proposed authentication protocol is both secure and privacy-preserving against malicious (as opposed to honestbut-curious) adversaries. Specifically, the use of the verifiable computation scheme together with an homomorphic encryption protects the privacy of biometric templates against malicious adversaries. Furthermore, in order to achieve unlinkability of authentication attempts, while keeping a low communication overhead, we show how to apply Oblivious RAM and biohashing to our protocol. We also provide a proof of security for the proposed solution. Our simulation results show that the proposed authentication protocol is efficient.

show abstract

“…In addition to this, there are a number of studies pointing out the privacy leakage of biometric applications [37,38] as well as biometric template protection methods [14,15,39]. In the literature, Zhou et al propose a framework for security and privacy assessment of the biometric template protection methods [14].…”

Section: Introductionmentioning

confidence: 99%

THRIVE: threshold homomorphic encryption based secure and privacy preserving biometric verification system

Karabat

Kiraz

Erdoğan

et al. 2015

EURASIP J. Adv. Signal Process.

View full text Add to dashboard Cite

In this paper, we introduce a new biometric verification and template protection system which we call THRIVE. The system includes novel enrollment and authentication protocols based on threshold homomorphic encryption where a private key is shared between a user and a verifier. In the THRIVE system, only encrypted binary biometric templates are stored in a database and verification is performed via homomorphically randomized templates, thus, original templates are never revealed during authentication. Due to the underlying threshold homomorphic encryption scheme, a malicious database owner cannot perform full decryption on encrypted templates of the users in the database. In addition, security of the THRIVE system is enhanced using a two-factor authentication scheme involving user's private key and biometric data. Using simulation-based techniques, the proposed system is proven secure in the malicious model. The proposed system is suitable for applications where the user does not want to reveal her biometrics to the verifier in plain form, but needs to prove her identity by using biometrics. The system can be used with any biometric modality where a feature extraction method yields a fixed size binary template and a query template is verified when its Hamming distance to the database template is less than a threshold. The overall connection time for the proposed THRIVE system is estimated to be 336 ms on average for 256-bit biometric templates on a desktop PC running with quad core 3.2 GHz CPUs at 10 Mbit/s up/down link connection speed. Consequently, the proposed system can be efficiently used in real-life applications.

show abstract

A Framework for Analyzing Template Security and Privacy in Biometric Authentication Systems

Cited by 94 publications

References 27 publications

Privacy-Preserving Biometric Authentication: Challenges and Directions

Privacy-Preserving Biometric Authentication: Challenges and Directions

Efficient Verifiable Computation of XOR for Biometric Authentication

THRIVE: threshold homomorphic encryption based secure and privacy preserving biometric verification system

Contact Info

Product

Resources

About