Skip to main content
SpringerLink
Log in

Privacy-Preserving Biometric-Based Remote User Authentication with Leakage Resilience

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2018)

  • 1398 Accesses

Abstract

Biometric-based remote user authentication is a useful primitive that allows an authorized user to authenticate to a remote server using his biometrics. Leakage attacks, such as side-channel attacks, allow an attacker to learn partial knowledge of secrets (e.g., biometrics) stored on any physical medium. Leakage attacks can be potentially launched to any existing biometric-based remote user authentication systems. Furthermore, applying plain biometrics is an efficient and straightforward approach when designing remote user authentication schemes. However, this approach jeopardises user’s biometrics privacy. To address these issues, we propose a novel leakage-resilient and privacy-preserving biometric-based remote user authentication framework, such that registered users securely and privately authenticate to an honest-but-curious remote server in the cloud. In particular, the proposed generic framework provides optimal efficiency using lightweight symmetric-key cryptography, and it remains secure under leakage attacks. We formalize several new security models, including leakage-resilient user authenticity and leakage-resilient biometrics privacy, for biometric-based remote user authentication, and prove the security of proposed framework under standard assumptions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Reference biometrics can be interpreted as either encrypted biometrics [9] or plain biometrics.

  2. 2.

    The secret key is used to protect biometrics, such as \(\mathcal{C}_{i} \leftarrow F(\mathtt{sk}_i,\mathcal{B}_{i})\), where F denotes a one-way function.

  3. 3.

    It can detect the modification of helper data \(P_i\) over public channel (secure in the random oracle model), please refer to [6, 13, 23] for detailed generic construction of robust secure sketch.

References

  1. Fido alliance (2017). https://fidoalliance.org

  2. Atallah, M.J., Frikken, K.B., Goodrich, M.T., Tamassia, R.: Secure biometric authentication for weak computational devices. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 357–371. Springer, Heidelberg (2005). https://doi.org/10.1007/11507840_32

    Chapter  Google Scholar 

  3. Barni, M., et al.: Privacy-preserving fingercode authentication. In: Proceedings of the 12th ACM Workshop on Multimedia and Security, pp. 231–240 (2010)

    Google Scholar 

  4. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21

    Chapter  Google Scholar 

  5. Boyen, X.: Reusable cryptographic fuzzy extractors. In: ACM CCS, pp. 82–91 (2004)

    Google Scholar 

  6. Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_9

    Chapter  Google Scholar 

  7. Bringer, J., Chabanne, H., Izabachène, M., Pointcheval, D., Tang, Q., Zimmer, S.: An application of the goldwasser-micali cryptosystem to biometric authentication. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 96–106. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73458-1_8

    Chapter  Google Scholar 

  8. Canetti, R., Fuller, B., Paneth, O., Reyzin, L., Smith, A.: Reusable fuzzy extractors for low-entropy distributions. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 117–146. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_5

    Chapter  Google Scholar 

  9. Castiglione, A., Choo, K.-K.R., Nappi, M., Narducci, F.: Biometrics in the cloud: challenges and research opportunities. IEEE Cloud Comput. 4(4), 12–17 (2017)

    Article  Google Scholar 

  10. Chen, R., Mu, Y., Yang, G., Susilo, W., Guo, F.: Strongly leakage-resilient authenticated key exchange. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 19–36. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_2

    Chapter  Google Scholar 

  11. Daugman, J.: How iris recognition works. In: The Essential Guide to Image Processing, pp. 715–739 (2009)

    Chapter  Google Scholar 

  12. Dodis, Y., Kalai, Y.T., Lovett, S.: On cryptography with auxiliary input. In: STOC, pp. 621–630 (2009)

    Google Scholar 

  13. Dodis, Y., Kanukurthi, B., Katz, J., Reyzin, L., Smith, A.: Robust fuzzy extractors and authenticated key agreement from close secrets. IEEE Trans. Inf. Theory 58(9), 6207–6222 (2012)

    Article  MathSciNet  Google Scholar 

  14. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.D.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)

    Article  MathSciNet  Google Scholar 

  15. Fan, C., Lin, Y.: Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE Trans. Inf. Forensics Secur. 4(4), 933–945 (2009)

    Article  Google Scholar 

  16. Huang, X., Xiang, Y., Bertino, E., Zhou, J., Xu, L.: Robust multi-factor authentication for fragile communications. IEEE Trans. Dependable Secur. Comput. 11(6), 568–581 (2014)

    Article  Google Scholar 

  17. Huang, X., Xiang, Y., Chonka, A., Zhou, J., Deng, R.H.: A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans. Parallel Distrib. Syst. 22(8), 1390–1397 (2011)

    Article  Google Scholar 

  18. Huang, Y., Malka, L., Evans, D., Katz, J.: Efficient privacy-preserving biometric identification. In: NDSS (2011)

    Google Scholar 

  19. Jain, A.K., Prabhakar, S., Hong, L., Pankanti, S.: Fingercode: a filterbank for fingerprint representation and matching. In: 1999 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, vol. 2, pp. 187–193 (1999)

    Google Scholar 

  20. Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Cryptogr. 38(2), 237–257 (2006)

    Article  MathSciNet  Google Scholar 

  21. Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: ACM CCS, pp. 28–36 (1999)

    Google Scholar 

  22. Kanade, S.G., Petrovska-Delacrétaz, D., Dorizzi, B.: Enhancing Information Security and Privacy by Combining Biometrics with Cryptography. Synthesis Lectures on Information Security, Privacy, and Trust. Morgan & Claypool Publishers, San Rafael (2012)

    Book  Google Scholar 

  23. Li, N., Guo, F., Mu, Y., Susilo, W., Nepal, S.: Fuzzy extractors for biometric identification. In: ICDCS, pp. 667–677 (2017)

    Google Scholar 

  24. Li, Y., Li, Y., Yan, Q., Kong, H., Deng, R.H.: Seeing your face is not enough: an inertial sensor-based liveness detection for face authentication. In: ACM CCS, pp. 1558–1569 (2015)

    Google Scholar 

  25. Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_16

    Chapter  MATH  Google Scholar 

  26. Naor, M., Segev, G.: Public-key cryptosystems resilient to key leakage. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 18–35. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_2

    Chapter  Google Scholar 

  27. Schoenmakers, B., Tuyls, P.: Efficient binary conversion for paillier encrypted values. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 522–537. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_31

    Chapter  Google Scholar 

  28. Tang, Q., Bringer, J., Chabanne, H., Pointcheval, D.: A formal study of the privacy concerns in biometric-based remote authentication schemes. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 56–70. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79104-1_5

    Chapter  Google Scholar 

  29. Wang, Q., Hu, S., Ren, K., He, M., Du, M., Wang, Z.: CloudBI: practical privacy-preserving outsourcing of biometric identification in the cloud. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 186–205. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24177-7_10

    Chapter  Google Scholar 

  30. Yang, G., Mu, Y., Susilo, W., Wong, D.S.: Leakage resilient authenticated key exchange secure in the auxiliary input model. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 204–217. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38033-4_15

    Chapter  Google Scholar 

  31. Yuen, T.H., Zhang, Y., Yiu, S.M., Liu, J.K.: Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 130–147. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_8

    Chapter  Google Scholar 

  32. Zhang, L., Tan, S., Yang, J., Chen, Y.: Voicelive: a phoneme localization based liveness detection for voice authentication on smartphones. In: ACM CCS, pp. 1080–1091 (2016)

    Google Scholar 

  33. Zhao, W., Chellappa, R., Phillips, P.J., Rosenfeld, A.: Face recognition: a literature survey. ACM Comput. Surv. (CSUR) 35(4), 399–458 (2003)

    Article  Google Scholar 

Download references

Acknowledgements

This work is supported by the Singapore National Research Foundation under NCR Award Number NRF2014NCR-NCR001-012, the National Natural Science Foundation of China (Grant No. 61702541,61702105), the Young Elite Scientists Sponsorship Program by CAST (Grant No. 2017QNRC001) and the Science Research Plan Program by NUDT (Grant No. ZK17-03-46).

Author information

Authors and Affiliations

  1. School of Information Systems, Singapore Management University, Singapore, Singapore

    Yangguang Tian, Yingjiu Li, Ximeng Liu, Bing Chang & Xingjie Yu

  2. College of Computer, National University of Defense Technology, Changsha, China

    Rongmao Chen

  3. School of Electrical Engineering and Computing, University of Newcastle, Callaghan, Australia

    Nan Li

Authors
  1. Yangguang Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yingjiu Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rongmao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ximeng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Bing Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Xingjie Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yangguang Tian .

Editor information

Editors and Affiliations

  1. Klaus Advanced Computing Building, Georgia Institute of Technology, Atlanta, GA, USA

    Raheem Beyah

  2. Singapore Management University, Singapore, Singapore

    Bing Chang

  3. School of Information Systems, Singapore Management University, Singapore, Singapore

    Yingjiu Li

  4. Pennsylvania State University, University Park, PA, USA

    Sencun Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tian, Y. et al. (2018). Privacy-Preserving Biometric-Based Remote User Authentication with Leakage Resilience. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 254. Springer, Cham. https://doi.org/10.1007/978-3-030-01701-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01701-9_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01700-2

  • Online ISBN: 978-3-030-01701-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation