BioID: A Privacy-Friendly Identity Document

  • Fatih BalliEmail author
  • F. Betül Durak
  • Serge Vaudenay
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11738)


We design a suite of protocols so that a small tamper-resistant device can be used as a biometric identity document which can be scanned by authorized terminals. We target both strongly secure identification and strong privacy. Unlike biometric passports, our protocols leak no digital evidence and are essentially deniable. Besides, getting the identity information from the device requires going through access control. Access control can follow either a strong PKI-based path or a weak password-based path which offer different functionalities. We implemented our protocols on JavaCard using finger-vein recognition as a proof of concept.


Privacy Deniability ID document Smart card 


  1. 1.
    Balli, F., Betül Durak, F., Vaudenay, S.: BioID: a Privacy-Friendly Identity Document. Cryptology ePrint Archive, Report 2019/894 (2019).
  2. 2.
    ICAO. Machine Readable Travel Documents Part 11 (Doc. 9303). International Civil Aviation Organization (2015)Google Scholar
  3. 3.
    BSI. Advanced Security Mechanisms for Machine Readable Travel Documents. TR-03110 Technical Guideline. in der Informationstechnik (2016)Google Scholar
  4. 4.
    Dagdelen, Ö., Fischlin, M.: Security analysis of the extended access control protocol for machine readable travel documents. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 54–68. Springer, Heidelberg (2011). Scholar
  5. 5.
    LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007). Scholar
  6. 6.
    Monnerat, J., Vaudenay, S., Vuagnoux, M.: About machine-readable travel documents. RFID Security 2007 (2007)Google Scholar
  7. 7.
    Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java card. In: Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, 9–13 November 2009, pp. 600–610 (2009)Google Scholar
  8. 8.
    Mateus, P., Vaudenay, S.: On tamper-resistance from a theoretical viewpoint. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 411–428. Springer, Heidelberg (2009). Scholar
  9. 9.
    National Institute of Standards and Technology. FIPS PUB 180–2: Secure Hash Standard (2004)Google Scholar
  10. 10.
    Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-hashing for message authentication. RFC 2104, February 1997Google Scholar
  11. 11.
    Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 98–107. ACM (2002)Google Scholar
  12. 12.
    Dworkin, M.J.: SP 800–38D. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. Technical report, Gaithersburg, MD, United States (2007)Google Scholar
  13. 13.
    Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). Scholar
  14. 14.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). Scholar
  15. 15.
    Monnerat, J., Pasini, S., Vaudenay, S.: Efficient deniable authentication for signatures. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 272–291. Springer, Heidelberg (2009). Scholar
  16. 16.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment, 1st edn. Springer, Heidelberg (2010)zbMATHGoogle Scholar
  17. 17.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). Scholar
  18. 18.
    SPAKE2, a PAKE, draft-irtf-cfrg-spake2-04 (2017). Accessed 18 Jan 2018
  19. 19.
    NXP JCOP J2E145 v2.4.2 R3 Java Card 144K (2018). Accessed 01 Oct 2018
  20. 20.
    JCMathLib (2017). Accessed 01 Oct 2018
  21. 21.
    Miura, N., Nagasaka, A., Miyatake, T.: Feature extraction of finger-vein patterns based on repeated line tracking and its application to personal identification. Mach. Vis. Appl. 15(4), 194–203 (2004)CrossRefGoogle Scholar
  22. 22.
    IDIAP finger-vein matching (2016). Accessed 01 Oct 2018Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Fatih Balli
    • 1
    Email author
  • F. Betül Durak
    • 1
    • 2
  • Serge Vaudenay
    • 1
  1. 1.Ecole Polytechnique Fédérale de Lausanne (EPFL)LausanneSwitzerland
  2. 2.Robert Bosch LLC – Research and Technology CenterPittsburghUSA

Personalised recommendations