Abstract
Biometric Authentication Protocols (\(\mathsf {BAP}\)s) have increasingly been employed to guarantee reliable access control to places and services. However, it is well-known that biometric traits contain sensitive information of individuals and if compromised could lead to serious security and privacy breaches. Yasuda et al. [23] proposed a distributed privacy-preserving \(\mathsf {BAP}\) which Abidin et al. [1] have shown to be vulnerable to biometric template recovery attacks under the presence of a malicious computational server. In this paper, we fix the weaknesses of Yasuda et al.’s \(\mathsf {BAP}\) and present a detailed instantiation of a distributed privacy-preserving \(\mathsf {BAP}\) which is resilient against the attack presented in [1]. Our solution employs Backes et al.’s [4] verifiable computation scheme to limit the possible misbehaviours of a malicious computational server.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The same leakage of information could happen if a \(\mathsf {SHE}\) scheme is used.
References
Abidin, A., Mitrokotsa, A.: Security aspects of privacy-preserving biometric authentication based on ideal lattices and ring-LWE. In: Proceedings of the IEEE Workshop on Information Forensics and Security 2014 (WIFS 2014) (2014)
Babai, L.: Trading group theory for randomness. In: Proceedings of STOC 1985, pp. 421–429. ACM, New York (1985)
Backes, M., Barbosa, M., Fiore, D., Reischuk, R.M.: ADSNARK: nearly practical and privacy-preserving proofs on authenticated data. In: Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland) (2015)
Backes, M., Fiore, D., Reischuk, R.M.: Verifiable delegation of computation on outsourced data. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 863–874. ACM (2013)
Barbosa, M., Brouard, T., Cauchie, S., de Sousa, S.M.: Secure biometric authentication with improved accuracy. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 21–36. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70500-0_3
Bringer, J., Chabanne, H., Kraïem, F., Lescuyer, R., Soria-Vázquez, E.: Some applications of verifiable computation to biometric verification. In: 2015 IEEE International Workshop on Information Forensics and Security (WIFS), pp. 1–6. IEEE (2015)
Bringer, J., Chabanne, H., Patey, A.: Privacy-preserving biometric identification using secure multiparty computation: an overview and recent trends. IEEE Sig. Process. Mag. 30(2), 42–52 (2013)
Bringer, J., Chabanne, H., Patey, A.: SHADE: Secure HAmming DistancE computation from oblivious transfer. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 164–176. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_11
Costello, C., et al.: Geppetto: versatile verifiable computation. In: 2015 IEEE Symposium on Security and Privacy, pp. 253–270. IEEE (2015)
Fiore, D., Gennaro, R., Pastro, V.: Efficiently verifiable computation on encrypted data. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 844–855. ACM (2014)
Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: outsourcing computation to untrusted workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465–482. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_25
Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)
Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: Improved garbled circuit building blocks and applications to auctions and computing minima. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 1–20. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10433-6_1
Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, pp. 113–124. ACM (2011)
Pagnin, E.: Authentication under Constraints. Licentiate dissertation, Chalmers University of Technology (2016)
Pagnin, E., Dimitrakakis, C., Abidin, A., Mitrokotsa, A.: On the leakage of information in biometric authentication. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 265–280. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13039-2_16
Pagnin, E., Mitrokotsa, A.: Privacy-preserving biometric authentication: challenges and directions. IACR Cryptology ePrint Archive 2017:450 (2017)
Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, pages 238–252. IEEE Computer Society, Washington (2013)
Simoens, K., Bringer, J., Chabanne, H., Seys, S.: A framework for analyzing template security and privacy in biometric authentication systems. IEEE Trans. Inf. Forensics Secur. 7(2), 833–841 (2012)
Simoens, K.: A framework for analyzing template security and privacy in biometric authentication systems. IEEE Trans. Inf. Forensics Secur. 7(2), 833–841 (2012)
Stoianov, A.: Cryptographically secure biometrics. In: SPIE 7667, Biometric Technology for Human Identification VII, p. 76670C–12 (2010)
Yasuda, M., Shimoyama, T., Kogure, J., Yokoyama, K., Koshiba, T.: Practical packing method in somewhat homomorphic encryption. In: Garcia-Alfaro, J., Lioudakis, G., Cuppens-Boulahia, N., Foley, S., Fitzgerald, W.M. (eds.) DPM/SETOP -2013. LNCS, vol. 8247, pp. 34–50. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54568-9_3
Acknowledgements
This work was partially supported by the People Programme (Marie Curie Actions) of the European Union’s Seventh Framework Programme (FP7/2007-2013) under REA grant agreement no 608743; the VR grant PRECIS no 621-2014-4845 and the STINT grant “Secure, Private & Efficient Healthcare with wearable computing” no IB2015-6001.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Details in the Correctness Analysis
A Details in the Correctness Analysis
In this section, we show the intermediate steps of the calculation.
The derived tags are:
The homomorphic bilinear map calculation results are:
To prove that \(W = {\mathbf {GroupEval}}(f,R_{\alpha }, R_{\beta })\) satisfies Eq. (4), we start by analysing the three factors that made up the righthand of the equation, namely: \(e(g, g)^{y_{0}^{{\mathsf {HD}}}}\cdot e(Y_{1}^{{\mathsf {HD}}}, g)^{\theta }\cdot (\hat{Y}_{2}^{({\mathsf {HD}})})^{\theta ^{2}}\).We in turn expand each one of the factors and finally compute the product of the results, evaluating it against W.
The first factor can be expanded as:
The second factor is expanded as:
The third factor is expanded as:
Here we need to prove the right hand side is equal to W. We use a temporary variable \(P = e(g, g)^{y_{0}^{{\mathsf {HD}}}}\cdot e(Y_{1}^{{\mathsf {HD}}}, g)^{\theta }\cdot (\hat{Y}_{2}^{({\mathsf {HD}})})^{\theta ^{2}}\) to denote the expansion result of the righthand-side. The expression below proves the correctness of the second verification Eq. (4).
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Pagnin, E., Liu, J., Mitrokotsa, A. (2018). Revisiting Yasuda et al.’s Biometric Authentication Protocol: Are You Private Enough?. In: Capkun, S., Chow, S. (eds) Cryptology and Network Security. CANS 2017. Lecture Notes in Computer Science(), vol 11261. Springer, Cham. https://doi.org/10.1007/978-3-030-02641-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-02641-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02640-0
Online ISBN: 978-3-030-02641-7
eBook Packages: Computer ScienceComputer Science (R0)