Abstract
Biometric data offer a potential source of high-entropy, secret information that can be used in cryptographic protocols provided two issues are addressed: (1) biometric data are not uniformly distributed; and (2) they are not exactly reproducible. Recent work, most notably that of Dodis, Reyzin, and Smith, has shown how these obstacles may be overcome by allowing some auxiliary public information to be reliably sent from a server to the human user. Subsequent work of Boyen has shown how to extend these techniques, in the random oracle model, to enable unidirectional authentication from the user to the server without the assumption of a reliable communication channel.
We show two efficient techniques enabling the use of biometric data to achieve mutual authentication or authenticated key exchange over a completely insecure (i.e., adversarially controlled) channel. In addition to achieving stronger security guarantees than the work of Boyen, we improve upon his solution in a number of other respects: we tolerate a broader class of errors and, in one case, improve upon the parameters of his solution and give a proof of security in the standard model.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: ACM CCS 1993. ACM Press, New York (1993)
Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1993)
Bellovin, S., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: IEEE Symposium on Research in Security and Privacy, pp. 72–84. IEEE, Los Alamitos (1992)
Boyen, X.: Reusable Cryptographic Fuzzy Extractors. In: ACM CCS 2004, pp. 82–91. ACM Press, New York (2004)
Boyko, V., MacKenzie, P., Patel, S.: Provably-Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally Composable Password-Based Key Exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005)
Davida, G., Frankel, Y., Matt, B.: On Enabling Secure Applications Through Off-Line Biometric Identification. In: IEEE Security and Privacy 1998 (1998)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)
Frykholm, N., Juels, A.: Error-Tolerant Password Recovery. In: ACM CCS (2001)
Gennaro, R., Lindell, Y.: A Framework for Password-Based Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003)
Goldreich, O., Lindell, Y.: Session-Key Generation Using Human Passwords Only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)
Juels, A.: Fuzzy Commitment. Slides from a presentation at DIMACS (2004), Available at http://dimacs.rutgers.edu/Workshops/Practice/slides/juels.ppt
Juels, A., Sudan, M.: A Fuzzy Vault Scheme. In: IEEE Intl. Symp. on Info. Theory (2002)
Juels, A., Wattenberg, M.: A Fuzzy Commitment Scheme. In: ACM CCS 1999. ACM Press, New York (1999)
Katz, J., MacKenzie, P., Taban, G., Gligor, V.: Two-Server Password-Only Authenticated Key Exchange (January 2005) (Manuscript)
Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)
Katz, J., Ostrovsky, R., Yung, M.: Forward Secrecy in Password-Only Key-Exchange Protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 29–44. Springer, Heidelberg (2002)
Monrose, F., Reiter, M., Wetzel, S.: Password Hardening Based on Keystroke Dynamics. In: ACM CCS 1999. ACM Press, New York (1999)
Nisan, N., Ta-Shma, A.: Extracting Randomness: A Survey and New Constructions. J. Computer and System Sciences 58(1), 148–173 (1999)
Tuyls, P., Goseling, J.: Capacity and Examples of Template-Protecting Biometric Authentication Systems. In: Biometric Authentication Workshop (2004)
Verbitskiy, E., Tuyls, P., Denteneer, D., Linnartz, J.-P.: Reliable Biometric Authentication with Privacy Protection. In: 24th Benelux Symp. on Info. Theory (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A. (2005). Secure Remote Authentication Using Biometric Data. In: Cramer, R. (eds) Advances in Cryptology – EUROCRYPT 2005. EUROCRYPT 2005. Lecture Notes in Computer Science, vol 3494. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11426639_9
Download citation
DOI: https://doi.org/10.1007/11426639_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25910-7
Online ISBN: 978-3-540-32055-5
eBook Packages: Computer ScienceComputer Science (R0)