04-05-2011, 10:23 AM
Abstract—
Concerns on widespread use of biometric authentication
systems are primarily centered around template security, revocability,
and privacy. The use of cryptographic primitives to bolster
the authentication process can alleviate some of these concerns
as shown by biometric cryptosystems. In this paper, we propose a
provably secure and blind biometric authentication protocol, which
addresses the concerns of user’s privacy, template protection, and
trust issues. The protocol is blind in the sense that it reveals only the
identity, and no additional information about the user or the biometric
to the authenticating server or vice-versa. As the protocol is
based on asymmetric encryption of the biometric data, it captures
the advantages of biometric authentication as well as the security
of public key cryptography. The authentication protocol can run
over public networks and provide nonrepudiable identity verification.
The encryption also provides template protection, the ability
to revoke enrolled templates, and alleviates the concerns on privacy
in widespread use of biometrics. The proposed approach makes no
restrictive assumptions on the biometric data and is hence applicable
to multiple biometrics. Such a protocol has significant advantages
over existing biometric cryptosystems, which use a biometric
to secure a secret key, which in turn is used for authentication.We
analyze the security of the protocol under various attack scenarios.
Experimental results on four biometric datasets (face, iris, hand geometry,
and fingerprint) show that carrying out the authentication
in the encrypted domain does not affect the accuracy, while the encryption
key acts as an additional layer of security.
Index Terms—Artificial neural networks, biometrics, cryptosystems,
privacy, public key cryptography, security, support vector
machines (SVMs).
I. INTRODUCTION
BIOMETRIC authentication systems are gaining
wide-spread popularity in recent years due to the
advances in sensor technologies as well as improvements in the
matching algorithms [1] that make the systems both secure and
cost-effective. They are ideally suited for both high security
and remote authentication applications due to the nonrepudiable
nature and user convenience. Most biometric systems
assume that the template in the system is secure due to human
supervision (e.g., immigration checks and criminal database
search) or physical protection (e.g., laptop locks and door
locks). However, a variety of applications of authentication need to work over a partially secure or insecure networks such
as ATM networks or the Internet. Authentication over insecure
public networks or with untrusted servers raises more concerns
in privacy and security. The primary concern is related to the
security of the plain biometric templates, which cannot be
replaced, once they are compromised [2]. The privacy concerns
arise from the fact that the biometric samples reveal more information
about its owner (medical, food habits, etc.) in addition
to the identity. Widespread use of biometric authentication also raises concerns of tracking a person, as every activity
that requires authentication can be uniquely assigned to an individual (see Table I).
To clarify our problem, let us consider the following usage scenario:
Alice wants to create an account in Bobmail, that requires
biometrics based authentication. However, she neither
trusts Bob to handle her biometric data securely, nor
trusts the network to send her plain biometric.
The primary problem here is that, for Alice, Bob could either
be incompetent to secure her biometric or even curious to try
and gain access to her biometric data, while the authentication
is going on. So Alice does not want to give her biometric data in
plain to Bob. On the other hand, Bob does not trust the client as
she could be an impostor. She could also repudiate her access
to the service at a later time. For both parties, the network is insecure.
A biometric system that can work securely and reliably
under such circumstances can have a multitude of applications
varying from accessing remote servers to e-shopping over the
Internet. Table I summarizes the primary concerns that need to
be addressed for widespread adoption of biometrics. For civilian
applications, these concerns are often more serious than the accuracy
of the biometric
Download full report
http://web.iiit.ac.in/~upmanyu/papers/Ma...TIFS10.pdf
Concerns on widespread use of biometric authentication
systems are primarily centered around template security, revocability,
and privacy. The use of cryptographic primitives to bolster
the authentication process can alleviate some of these concerns
as shown by biometric cryptosystems. In this paper, we propose a
provably secure and blind biometric authentication protocol, which
addresses the concerns of user’s privacy, template protection, and
trust issues. The protocol is blind in the sense that it reveals only the
identity, and no additional information about the user or the biometric
to the authenticating server or vice-versa. As the protocol is
based on asymmetric encryption of the biometric data, it captures
the advantages of biometric authentication as well as the security
of public key cryptography. The authentication protocol can run
over public networks and provide nonrepudiable identity verification.
The encryption also provides template protection, the ability
to revoke enrolled templates, and alleviates the concerns on privacy
in widespread use of biometrics. The proposed approach makes no
restrictive assumptions on the biometric data and is hence applicable
to multiple biometrics. Such a protocol has significant advantages
over existing biometric cryptosystems, which use a biometric
to secure a secret key, which in turn is used for authentication.We
analyze the security of the protocol under various attack scenarios.
Experimental results on four biometric datasets (face, iris, hand geometry,
and fingerprint) show that carrying out the authentication
in the encrypted domain does not affect the accuracy, while the encryption
key acts as an additional layer of security.
Index Terms—Artificial neural networks, biometrics, cryptosystems,
privacy, public key cryptography, security, support vector
machines (SVMs).
I. INTRODUCTION
BIOMETRIC authentication systems are gaining
wide-spread popularity in recent years due to the
advances in sensor technologies as well as improvements in the
matching algorithms [1] that make the systems both secure and
cost-effective. They are ideally suited for both high security
and remote authentication applications due to the nonrepudiable
nature and user convenience. Most biometric systems
assume that the template in the system is secure due to human
supervision (e.g., immigration checks and criminal database
search) or physical protection (e.g., laptop locks and door
locks). However, a variety of applications of authentication need to work over a partially secure or insecure networks such
as ATM networks or the Internet. Authentication over insecure
public networks or with untrusted servers raises more concerns
in privacy and security. The primary concern is related to the
security of the plain biometric templates, which cannot be
replaced, once they are compromised [2]. The privacy concerns
arise from the fact that the biometric samples reveal more information
about its owner (medical, food habits, etc.) in addition
to the identity. Widespread use of biometric authentication also raises concerns of tracking a person, as every activity
that requires authentication can be uniquely assigned to an individual (see Table I).
To clarify our problem, let us consider the following usage scenario:
Alice wants to create an account in Bobmail, that requires
biometrics based authentication. However, she neither
trusts Bob to handle her biometric data securely, nor
trusts the network to send her plain biometric.
The primary problem here is that, for Alice, Bob could either
be incompetent to secure her biometric or even curious to try
and gain access to her biometric data, while the authentication
is going on. So Alice does not want to give her biometric data in
plain to Bob. On the other hand, Bob does not trust the client as
she could be an impostor. She could also repudiate her access
to the service at a later time. For both parties, the network is insecure.
A biometric system that can work securely and reliably
under such circumstances can have a multitude of applications
varying from accessing remote servers to e-shopping over the
Internet. Table I summarizes the primary concerns that need to
be addressed for widespread adoption of biometrics. For civilian
applications, these concerns are often more serious than the accuracy
of the biometric
Download full report
http://web.iiit.ac.in/~upmanyu/papers/Ma...TIFS10.pdf
hashidharms99[at]gmail.com[/font]