Abstract
Biometric authentication systems are widely used for authenticating users, especially in the areas like law enforcement, healthcare, airport security etc. Two major concerns arise in any biometric authentication system: (i) Privacy of user’s biometrics, which do not change much over time (ii) Trust assumption between user and server. To address the former issue privacy enabled biometric authentication schemes are designed, wherein as part of the authentication, encrypted biometrics are sent to the server and server then computes the authentication result on encrypted biometrics. The latter issue is addressed by using trusted third party or trusted execution environment (TEE), which is not secure. To overcome this, we propose a novel method, where server can authenticate the user in a privacy preserving manner without the need for any trusted party or TEE. We propose 3 novel proof of decryption based techniques: (i) HMAC (Hash based MAC) of the authentication result on encrypted data (ii) VC (Verifiable Computing) based approach and (iii) Blinding techniques. Using these approaches we eliminate the need for trust assumptions between user and server in semi-honest setting i.e. they execute the protocol correctly but are trying to learn more about data (server) or tamper with the authentication (user). The proposed protocol is agnostic to any authentication method used by server, hence our contribution is two-fold. We analyze security, complexity and practicality of each of these approaches and compare with the state-of-the-art.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We use user and client interchangeably throughout this paper.
References
Pepper (2014). https://github.com/pepper-project/pepper
Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable, transparent, and post-quantum secure computational integrity. IACR Cryptol. ePrint Arch. 2018, 46 (2018)
Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von neumann architecture. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 781–796. USENIX Association, USA (2014)
Bhattasali, T., Saeed, K., Chaki, N., Chaki, R.: A survey of security and privacy issues for biometrics based remote authentication in cloud. In: Saeed, K., Snášel, V. (eds.) CISIM 2014. LNCS, vol. 8838, pp. 112–121. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45237-0_12
Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 315–334 (2018)
Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 409–437. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_15
Das, A.K., Wazid, M., Kumar, N., Vasilakos, A.V., Rodrigues, J.J.P.C.: Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment. IEEE Internet of Things J. 5(6), 4900–4913 (2018)
Doröz, Y., Shahverdi, A., Eisenbarth, T., Sunar, B.: Toward practical homomorphic evaluation of block ciphers using prince. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 208–220. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44774-1_17
Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptol. ePrint Arch. 2012, 144 (2012)
Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850–867. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_49
Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: IACR (2015)
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868
Shaik, I., Kumar Singh, A., Narumanchi, H., Emmadi, N., Bhattachar, R.M.A.: A recommender system for efficient implementation of privacy preserving machine learning primitives based on FHE. In: Dolev, S., Kolesnikov, V., Lodha, S., Weiss, G. (eds.) CSCML 2020. LNCS, vol. 12161, pp. 193–218. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-49785-9_13
Jindal, A.K., Shaik, I., Vasudha, V., Chalamala, S.R., Ma, R., Lodha, S.: Secure and privacy preserving method for biometric template protection using fully homomorphic encryption. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1127–1134 (2020)
Kolberg, J., Drozdowski, P., Gomez-Barrero, M., Rathgeb, C. Busch, C.: Efficiency analysis of post-quantum-secure face template protection schemes based on homomorphic encryption. In: 2020 International Conference of the Biometrics Special Interest Group (BIOSIG), pp. 1–4 (2020)
Kumar, N., et al.: Cancelable biometrics: a comprehensive survey. Artif. Intell. 53, 3403–3446 (2019)
Nguyen, T.A.T., Dang, T.K., Nguyen, D.T.: A new biometric template protection using random orthonormal projection and fuzzy commitment. In: Lee, S., Ismail, R., Choo, H. (eds.) IMCOM 2019. AISC, vol. 935, pp. 723–733. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-19063-7_58
Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy, pp. 238–252 (2013)
Bost, R., Popa, R.A., Tu, S., Goldwasser, S.: Machine learning classification over encrypted data. In: 2015 Network and Distributed System Security Symposium (NDSS), pp. 1–14 (2015)
Riscure. Security pitfalls in tee (2020). https://www.riscure.com/publication/security-pitfalls-in-tee-development
Eloi Sanfelix. Tee exploitation-exploiting trusted apps on samsung’s tee (2019). https://labs.bluefrostsecurity.de/files/tee.pdf
Song, X., Chen, Z., Sun, D.: Iris ciphertext authentication system based on fully homomorphic encryption. J. Inf. Process. Syst. 16(3), 599–611 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Syed, H., Shaik, I., Emmadi, N., Narumanchi, H., Thakur, M.S.D., Bhattachar, R.M.A. (2021). WiP: Privacy Enabled Biometric Authentication Based on Proof of Decryption Techniques. In: Tripathy, S., Shyamasundar, R.K., Ranjan, R. (eds) Information Systems Security. ICISS 2021. Lecture Notes in Computer Science(), vol 13146. Springer, Cham. https://doi.org/10.1007/978-3-030-92571-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-92571-0_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92570-3
Online ISBN: 978-3-030-92571-0
eBook Packages: Computer ScienceComputer Science (R0)