research-article

Uncoupling Biometrics from Templates for Secure and Privacy-Preserving Authentication

Authors:

Aysajan Abidin,

Enrique Argones Rúa,

Roel PeetersAuthors Info & Claims

SACMAT '17 Abstracts: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies

Pages 21 - 29

https://doi.org/10.1145/3078861.3078863

Published: 07 June 2017 Publication History

Abstract

Biometrics are widely used for authentication in several domains, services and applications. However, only very few systems succeed in effectively combining highly secure user authentication with an adequate privacy protection of the biometric templates, due to the difficulty associated with jointly providing good authentication performance, unlinkability and irreversibility to biometric templates. This thwarts the use of biometrics in remote authentication scenarios, despite the advantages that this kind of architectures provides. We propose a user-specific approach for decoupling the biometrics from their binary representation before using biometric protection schemes based on fuzzy extractors. This allows for more reliable, flexible, irreversible and unlinkable protected biometric templates. With the proposed biometrics decoupling procedures, biometric metadata, that does not allow to recover the original biometric template, is generated. However, different biometric metadata that are generated starting from the same biometric template remain statistically linkable, therefore we propose to additionally protect these using a second authentication factor (e.g., knowledge or possession based). We demonstrate the potential of this approach within a two-factor authentication protocol for remote biometric authentication in mobile scenarios.

References

[1]

Aysajan Abidin. 2017. On Privacy-Preserving Biometric Authentication. Springer International Publishing, Cham, 169--186.

[2]

Aysajan Abidin, Abdelrahaman Aly, Enrique Argones Rùa, and Aikaterini Mitrokotsa. 2016. Efficient Verifiable Computation of XOR for Biometric Authentication. Springer International Publishing, Cham, 284--298.

[3]

Aysajan Abidin, Kanta Matsuura, and Aiketerini Mitrokotsa. 2014. Security of a Privacy-Preserving Biometric Authentication Protocol Revisited. In International Conference on Cryptology & Network Security (LNCS), Vol. 8813. Springer, 291--304.

Digital Library

[4]

Aysajan Abidin, Enrique Argones Rùa, and Bart Preneel. 2016. An Efficient Entity Authentication Protocol with Enhanced Security and Privacy Properties. Springer International Publishing, Cham, 335--349.

[5]

Apple. 2015. KeychainTouchID: Using Touch ID with Keychain and LocalAuthentication. https://developer.apple.com/library/ios/samplecode/KeychainTouchID/Introduction/Intro.html

[6]

E. Argones Rùa, E. Maiorana, J. L. Alba Castro, and P. Campisi. 2012. Biometric Template Protection Using Universal Background Models: An Application to Online Signature. IEEE Transactions on Information Forensics and Security 7, 1 (Feb 2012), 269--282.

Digital Library

[7]

S. Billeb, C. Rathgeb, H. Reininger, K. Kasper, and C. Busch. 2015. Biometric template protection for speaker recognition based on universal background models. IET Biometrics 4, 2 (2015), 116--126.

[8]

J. Bolling. 2000. A window to your health. Jacksonville Medicine, Special Issue: Retinal Diseases 51 (2000).

[9]

Julien Bringer and Hervé Chabanne. 2008. An Authentication Protocol with Encrypted Biometric Data. In AFRICACRYPT '08 (LNCS), Vol. 8813. Springer, 109--124.

Digital Library

[10]

John Daugman. 1998. Recognizing people by their iris patterns. Inf. Sec. Techn. Report 3, 1 (1998), 33--39.

[11]

Najim Dehak, Réda Dehak, Patrick Kenny, Niko Brümmer, Pierre Ouellet, and Pierre Dumouchel. 2009. Support vector machines versus fast scoring in the low-dimensional total variability space for speaker verification. In INTERSPEECH'09. 1559--1562.

[12]

Yevgeniy Dodis, Rafail Ostrovsky, Leonid Reyzin, and Adam Smith. 2008. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. SIAM J. Comput. 38, 1 (2008), 97--139.

Digital Library

[13]

Chun-I Fan and Yi-Hui Lin. 2009. Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE Transactions on Information Forensics and Security 4, 4 (2009), 933--945.

Digital Library

[14]

Hu Han, Charles Otto, and Anil K. Jain. 2013. Age estimation from face images: Human vs. machine performance. In International Conference on Biometrics - ICB 2013. IEEE, 1--8.

[15]

M. T. Ibrahim, M. Kyan, and L. Guan. 2009. On-line signature verification using global features. In Electrical and Computer Engineering, 2009. CCECE '09. Canadian Conference on. 682--685.

[16]

ISO/IEC 24745:2011. 2011. Information technology -- Security techniques -- Biometric information protection. (2011).

[17]

Andrew Teoh Beng Jin, Alwyn Goh, and David Ngo Chek Ling. 2006. Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs. IEEE Trans. Pattern Anal. Mach. Intell. 28, 12 (2006), 1892--1901.

Digital Library

[18]

Ari Juels and Martin Wattenberg. 1999. A Fuzzy Commitment Scheme. In ACM CCS'99. ACM Press, 28--36.

Digital Library

[19]

Tom A. M. Kevenaar, Geert Jan Schrijen, Michiel van der Veen, Anton H. M. Akkermans, and Fei Zuo. 2005. Face Recognition with Renewable and Privacy Preserving Binary Templates. In AutoID. IEEE Computer Society, 21--26.

Digital Library

[20]

Mohammed S. Khalil, Dzulkifli Muhammad, and Qais AL-Nuzaili. 2009. Fingerprint Verification Using the Texture of Fingerprint Image. Machine Vision, International Conference on 0 (2009), 27--31.

Digital Library

[21]

Hugo Krawczyk. 2010. Cryptographic extraction and key derivation: The HKDF scheme. In Advances in Cryptology-CRYPTO 2010, LNCS, Vol. 6223, Springer, 631--648.

Digital Library

[22]

L. S. Penrose. 1965. Dermatoglyphic Topology. Nature 205 (February 1965), 544--546.

[23]

V.S. Meenakshi and Dr.G. Padmavathi. 2010. Security analysis of password hardened multimodal biometric fuzzy vault with combined feature points extracted from fingerprint, iris and retina for high security applications. Procedia Computer Science 2 (2010), 195--206.

[24]

Fabian Monrose, Michael K. Reiter, and Susanne Wetzel. 1999. Password Hardening Based on Keystroke Dynamics. In ACM CCS '99. ACM, 73--82.

Digital Library

[25]

Elena Pagnin, Christos Dimitrakakis, Aysajan Abidin, and Aikaterini Mitrokotsa. 2014. On the Leakage of Information in Biometric Authentication. In INDOCRYPT 2014 (LNCS), Vol. 8885. Springer, 265--280.

[26]

Samsung. 2016. Pass Programming Guide. http://developer.samsung.com/resources/pass

[27]

Koen Simoens, Pim Tuyls, and Bart Preneel. 2009. Privacy Weaknesses in Biometric Sketches. In IEEE Symposium on Security and Privacy 2009. 188--203.

Digital Library

[28]

Yagiz Sutcu, Qiming Li, and Nasir Memon. 2009. Design and analysis of fuzzy extractors for faces. Proc. of SPIE 7306 (2009), 73061X-73061X-12.

[29]

Ewa Syta, Michael J. Fischer, and Abraham Silberschatz. 2012. Strong theft-Proof Privacy-Preserving Biometric Authentication. Technical Report. Yale/DCS/TR-1455.

[30]

Shuo Wang and Jing Liu. 2011. Biometrics on mobile phone. In Recent Application on Biometrics. InTech.

[31]

Fan Wua, Lili Xu, Saru Kumari, and Xiong Li. 2015. A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Computers and Electrical Engineering 45 (2015), 274--285.

Digital Library

[32]

Jian De Zheng. 2011. A Framework for Token and Biometrics Based Authentication in Computer Systems. JCP 6, 6 (2011), 1206--1212.

[33]

Hongfeng Zhu. 2015. One-time identity-password authenticated key agreement scheme based on biometrics. Security and Communication Networks 8, 13 (2015), 2350--2360.

Digital Library

Cited By

Zhang MMarin EOswald DSingelée D(2022)FuzzyKey: Comparing Fuzzy Cryptographic Primitives on Resource-Constrained DevicesSmart Card Research and Advanced Applications10.1007/978-3-030-97348-3_16(289-309)Online publication date: 9-Mar-2022
https://doi.org/10.1007/978-3-030-97348-3_16
Abidin AAly AMustafa M(2020)Collaborative Authentication Using Threshold CryptographyEmerging Technologies for Authorization and Authentication10.1007/978-3-030-39749-4_8(122-137)Online publication date: 25-Jan-2020
https://doi.org/10.1007/978-3-030-39749-4_8
Marin EArgones Rúa ESingelée DPreneel BKerschbaum FMashatan ANiu JLee A(2019)On the Difficulty of Using Patient's Physiological Signals in Cryptographic ProtocolsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3325099(113-122)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3325099

Index Terms

Uncoupling Biometrics from Templates for Secure and Privacy-Preserving Authentication
1. Security and privacy
  1. Cryptography
  2. Security services
    1. Authentication
      1. Biometrics
      2. Multi-factor authentication
    2. Privacy-preserving protocols

Recommendations

Unlinkable and irreversible biometric template protection based on bloom filters

New framework for the analysis of the unlinkability of protected templates.New unlinkable and irreversible biometric template protection scheme.Biometric Template Protection scheme robust to cross-matching attacks.Thorough eval of compliance with ISO/...
Multi-biometric template protection based on Homomorphic Encryption

New framework for multi-biometric template protection based on Homomorphic Encryption.Thorough eval of compliance with ISO/IEC IS 24745 on biometric information protection.Detailed complexity overhead analysis. In spite of the advantages of biometrics ...
Privacy preserving multi-factor authentication with biometrics
DIM '06: Proceedings of the second ACM workshop on Digital identity management

An emerging approach to the problem of reducing the identity theft is represented by the adoption of biometric authentication systems. Such systems however present however several challenges, related to privacy, reliability, security of the biometric ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '17 Abstracts: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies

June 2017

276 pages

ISBN:9781450347020

DOI:10.1145/3078861

General Chair:
Elisa Bertino
Purdue University, USA
,
Program Chairs:
Ravi Sandhu
University of Texas at San Antonio, USA
,
Edgar Weippl
SBA Research, Austria

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

imec through ICON Diskman
The European Commission FP7 project EKSISTENZ
Research Council KU Leuven

Conference

SACMAT'17

Sponsor:

SIGSAC

SACMAT'17: The 22nd ACM Symposium on Access Control Models and Technologies

June 21 - 23, 2017

Indiana, Indianapolis, USA

Acceptance Rates

SACMAT '17 Abstracts Paper Acceptance Rate 14 of 50 submissions, 28%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
179
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhang MMarin EOswald DSingelée D(2022)FuzzyKey: Comparing Fuzzy Cryptographic Primitives on Resource-Constrained DevicesSmart Card Research and Advanced Applications10.1007/978-3-030-97348-3_16(289-309)Online publication date: 9-Mar-2022
https://doi.org/10.1007/978-3-030-97348-3_16
Abidin AAly AMustafa M(2020)Collaborative Authentication Using Threshold CryptographyEmerging Technologies for Authorization and Authentication10.1007/978-3-030-39749-4_8(122-137)Online publication date: 25-Jan-2020
https://doi.org/10.1007/978-3-030-39749-4_8
Marin EArgones Rúa ESingelée DPreneel BKerschbaum FMashatan ANiu JLee A(2019)On the Difficulty of Using Patient's Physiological Signals in Cryptographic ProtocolsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3325099(113-122)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3325099

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents