Abstract
This work explores the problem of using biometric data to achieve non-transferability of anonymous credentials; that is, sharing of anonymous credentials, which allow one to anonymously authenticate, can be severely limited if their use requires possession of the credential owner’s biometric. We target to provide strong security guarantees using minimal trust assumptions, namely that a fresh reading of a biometric is enforced on each use of the credentials. Furthermore, no biometric or other information is compromised if an adversary obtains full access to all credential-related data. Our solution relies on constructions for fuzzy extractors that allow one to extract and reproduce a random string from noisy biometric images. We first examine security requirements of biometric key generators, and then show how they can be integrated with anonymous credentials to achieve a high degree of non-transferability and security.
Portions of this work were sponsored by grant AFOSR-FA9550-09-1-0223. This work was performed while the second author was at the University of Notre Dame.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Arakala, A., Jeffers, J., Horadam, K.: Fuzzy extractors for minutiae-based fingerprint authentication. In: Lee, S.-W., Li, S.Z. (eds.) ICB 2007. LNCS, vol. 4642, pp. 760–769. Springer, Heidelberg (2007)
Bakhtiari, A., Shirazi, A., Zamanlooy, B.: An efficient biocryptosystem based on the iris biometrics. In: Mery, D., Rueda, L. (eds.) PSIVT 2007. LNCS, vol. 4872, pp. 334–345. Springer, Heidelberg (2007)
Ballard, L., Kamara, S., Reiter, M.: The practical subtleties of biometric key generation. In: USENIX Security Symposium, pp. 61–74 (2008)
Blanton, M., Aliasgari, M.: Secure computation of biometric matching. Technical Report 2009–03, Department of Computer Science & Engineering, University of Notre Dame (2009)
Bleumer, G.: Biometric yet privacy protecting person authentication. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 99–110. Springer, Heidelberg (1998)
Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)
Boyen, X.: Reusable cryptographic fuzzy extractors. In: ACM Conference on Computer and Communications Security (CCS 2004), pp. 82–91 (2004)
Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)
Bresson, E., Stern, J.: Proofs of knowledge for non-monotone discrete-log formulae and applications. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 272–288. Springer, Heidelberg (2002)
Bringer, J., Chabanne, H., Cohen, G., Kindarji, B., Zemor, G.: Optimal iris fuzzy sketches. In: IEEE BTAS, pp. 1–6 (2007)
Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)
Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)
Camenisch, J., Michels, M.: Proving in zero-knowledge that a number is the product of two safe primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999)
Camenisch, J., Stadler, M.: Proof systems for general statements about discrete logarithms. Technical Report No. 260, ETH Zurich (1997)
Chaum, D., Evertse, J.-H., van de Graaf, J.: An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 127–141. Springer, Heidelberg (1988)
Clancy, T., Kiyavash, N., Lin, D.: Secure smartcard-based fingerprint authentication. In: ACM SIGMM Workshop on Biometrics Methods and Applications, pp. 45–52 (2003)
Daugman, J.: How iris recognition works. IEEE Transactions on Circuits and Systems for Video Technology 14(1), 21–30 (2004)
Davida, G., Frankel, Y., Matt, B.: On enabling secure applications through off-line biometric identification. In: IEEE Symposium on Security and Privacy, pp. 148–157 (1998)
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM Journal of Computing 38(1), 97–139 (2008)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)
Dodis, Y., Yampolskiy, A.: A verifiable random function with short proofs and keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005)
Hao, F., Anderson, R., Daugman, J.: Combining crypto with biometrics effectively. IEEE Transactions on Computers 55(9), 1081–1088 (2006)
Impagliazzo, R., Miner More, S.: Anonymous credentials with biometrically-enforced non-transferability. In: ACM Workshop in Privacy in the Electronic Society (WPES 2003), pp. 60–71 (2003)
Juels, A., Sudan, M.: A fuzzy vault scheme. In: International Symposium on Information Theory (2002)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: ACM Conference on Computer and Communications Security, pp. 28–36 (1999)
Lee, S., Moon, D., Jung, S., Chung, Y.: Protecting secret keys with fuzzy fingerprint vault based on a 3d geometric hash table. In: Beliczynski, B., Dzielinski, A., Iwanowski, M., Ribeiro, B. (eds.) ICANNGA 2007. LNCS, vol. 4432, pp. 432–439. Springer, Heidelberg (2007)
Lee, Y.J., Bae, K., Lee, S.J., Park, K.R., Kim, J.: Biometric key binding: Fuzzy vault based on iris images. In: Lee, S.-W., Li, S.Z. (eds.) ICB 2007. LNCS, vol. 4642, pp. 800–808. Springer, Heidelberg (2007)
Nagar, A., Chaudhury, S.: Biometrics based asymmetric cryptosystem design using modified fuzzy vault scheme. In: International Conference on Pattern Recognition (ICPR 2006), pp. 537–540 (2006)
Nandakumar, K., Jain, A., Pankanti, S.: Fingerprint-based fuzzy vault: Implementation and performance. IEEE Transactions on Information Forensics and Security 2(4), 744–757 (2007)
Nisan, N., Ta-Shma, A.: Extracting randomness: A survey and new constructions. Journal of Computer and System Sciences 58, 148–173 (1999)
Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)
Simoens, K., Tuyls, P., Preneel, B.: Privacy weaknesses of biometric sketches. In: IEEE Symposium on Security and Privacy (2009)
Uludag, U., Pankanti, S., Jain, A.K.: Fuzzy vault for fingerprints. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 310–319. Springer, Heidelberg (2005)
Uludag, U., Pankanti, S., Prabhakar, S., Jain, A.: Biometric cryptosystems: Issues and challenges. Proceedings of the IEEE 92(6), 948–960 (2004)
Yang, S.: Secure fuzzy vault based fingerprint verification system. In: Asilomar Conference on Signals, Systems, and Computers, vol. 1, pp. 577–581 (2004)
Yang, S., Verbauwhede, I.: Automatic secure fingerprint verification system based on fuzzy vault scheme. In: ICASSP, pp. 609–612 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Blanton, M., Hudelson, W.M.P. (2009). Biometric-Based Non-transferable Anonymous Credentials. In: Qing, S., Mitchell, C.J., Wang, G. (eds) Information and Communications Security. ICICS 2009. Lecture Notes in Computer Science, vol 5927. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11145-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-11145-7_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11144-0
Online ISBN: 978-3-642-11145-7
eBook Packages: Computer ScienceComputer Science (R0)