PEBASI: A Privacy preserving, Efficient Biometric Authentication Scheme based on Irises
Article No.: 25, Pages 1 - 31
Abstract
We introduce a novel privacy-preserving biometric authentication scheme based on irises that allows a user to enroll once at a trusted biometric certification authority (BCA) and authenticate to online service providers (SPs) multiple times without involving the BCA during the authentication. Our scheme preserves the user’s biometric privacy from the SPs and transactional privacy from the BCA, while providing security against a malicious user. During the enrollment, the BCA issues a signed token that encrypts the user’s biometrics. We introduce techniques enabling the SP and the user to perform secure computation of biometric matching between such encrypted biometrics and the user’s biometrics captured at the authentication time. We provide a prototype implementation, a performance evaluation, and a security analysis of the protocol.
References
[1]
Transport Security Administration. 2023. Does TSA Accept Mobile Driver’s Licenses? Retrieved from https://www.tsa.gov/travel/frequently-asked-questions/does-tsa-accept-mobile-drivers-licensesAccessed: 28-May-2023.
[2]
Apple. 2015. About Face ID Advanced Technology. Retrieved from https://support.apple.com/en-us/HT208108. Accessed: 22-Aug-2019.
[3]
G. Asharov, Y. Lindell, T. Schneider, and M. Zohner. 2017. More efficient oblivious transfer extensions. In Journal of Cryptology, Vol. 30. Issue 3.
[4]
D. Beaver. 1991. Efficient multiparty protocols using circuit randomization. In Proceedings of the CRYPTO’91.
[5]
M. Blanton and M. Aliasgari. 2013. Analysis of reusability of secure sketches and fuzzy extractors. In Proceedings of the IEEE TIFS.
[6]
M. Blanton and P. Gasti.2011. Secure and efficient protocols for iris and fingerprint identification. In Proceedings of the ESORICS.
[7]
T. Chou and C. Orlandi. 2015. The simplest protocol for oblivious transfer. In Proceedings of the LATINCRYPT.
[8]
CNET. 2023. You Can Put Your Driver’s License on Your iPhone. Here’s How. Retrieved from https://www.cnet.com/tech/mobile/you-can-put-your-drivers-license-on-your-iphone-heres-how/.Accessed: 28-May-2023.
[9]
R. Cramer, I. Damgård, D. Escudero, P. Scholl, and C. Xing. 2018. SPDZ2k: Efficient MPC mod \(2^{k}\) for Dishonest Majority. Retrieved from https://eprint.iacr.org/2018/482. Accessed: 16-Aug-2023.
[10]
Tech Crunch. 2018. Sydney Airport Launches Face Scan Check-in Trials. Retrieved from https://techcrunch.com/2018/07/05/sydney-airport-launches-face-scan-check-in-trials/Accessed: 28-May-2023.
[11]
J. Daugman.2004. How iris recognition works. In IEEE Transactions on Circuits and Systems for Video Technology.
[12]
A. R. Block et al.2018. Secure computation with constant communication overhead using multiplication embeddings. In Proceedings of the INDOCRYPT.
[13]
A. Sadeghi et al.2009. Efficient privacy-preserving face recognition. In Proceedings of the ICISC.
[14]
D. Demmler et al.2015. ABY—A framework for efficient mixed-protocol secure two-party computation. In Proceedings of the NDSS.
[15]
G. Asharov et al.2013. More efficient oblivious transfer and extensions for faster secure computation. In Proceedings of the CCS. ACM.
[16]
G. Droandi et al.2018. SEMBA: SEcure multi-biometric authentication. Retrieved from https://arxiv.org/abs/1803.10758
[17]
G. Itkis et al.2015. Iris biometric security challenges and possible solutions. In IEEE Signal Processing Magazine.
[18]
H. Chun et al.2014. Outsourceable two-party privacy-preserving biometric authentication. In Proceedings of the ASIA CCS. ACM.
[19]
Hui Zhang, Xuejun Li, Syh-Yuan Tan, Ming Jie Lee, and Zhe Jin. 2023. Privacy-preserving biometric authentication: Cryptanalysis and countermeasures. IEEE Transactions on Dependable and Secure Computing 20, 6 (2023), 5056–5069. DOI:
[20]
I. Damgard et al.2012. Multiparty computation from somewhat homomorphic encryption. In Proceedings of the CRYPTO.
[21]
J. Bringer et al.2014. GSHADE: Faster privacy-preserving distance computation and biometric identification. In Proceedings of the IH&MMSec.
[22]
M. Barni et al.2010. Privacy-preserving fingercode authentication. In Proceedings of the 12th Workshop on Multimedia and Security. ACM.
[23]
M. Bellare et al.2012. Foundations of Garbled Circuits. Retrieved from https://tinyurl.com/8hna2ad2. Accessed: 16-Aug-2019.
[24]
M. Bellare et al.2013. Efficient garbling from a fixed-key blockcipher. In Proceedings of the 34th IEEE S&P.
[25]
M. A. P. Chamikara et al.2020. Privacy-preserving face recognition utilizing differential privacy. Computers & Security 97 (2020).
[26]
M. Osadchy et al.2010. SCiFI: A system for secure face identification. In Proceedings of the IEEE Symposium on Security and Privacy.
[27]
M. Riley et al.2014. Missed Alarms and 40 Million Stolen Credit Card Numbers. Retrieved from https://buswk.co/2RC5Zh3. Accessed: 16-Aug-2019.
[28]
Nico Döttling et al.2017. TinyOLE: Efficient actively secure two-party computation from oblivious linear function evaluation. In Proceedings of the CCS.
[29]
R. Cramer et al.2018. SPDZ2k: Efficient MPC mod \(2^{k}\) for dishonest majority. In Proceedings of the Crypto.
[30]
T. Bernard et al.2017. Equifax Says Cyberattack May Have Affected 143 Million in the U.S. Retrieved from https://nyti.ms/2E5F6KfAccessed: 16-Aug-2019.
[31]
T. Veugen et al.2015. A framework for secure computations with two non-colluding servers and multiple clients, applied to recommendations. In Proceedings of the IEEE TIFS, Vol. 10. Issue 3.
[32]
T. Wang et al.2021. FinPrivacy: A privacy-preserving mechanism for fingerprint identification. In ACM Transactions on Internet Technology, Vol. 21. Issue 3.
[33]
Y. Dodis et al.2015. Fuzzy Extractors: How to generate strong keys from biometrics and other noisy data. In Proceedings of the Eurocrypt.
[34]
Y. Huang et al.2011. Efficient privacy-preserving biometric identification. In Proceedings of the NDSS.
[35]
Y. Huang et al.2011. Faster secure two-party computation using garbled circuits. In Proceedings of the 20th USENIX Security Symposium.
[36]
Y. Ishai et al.2003. Extending oblivious transfers efficiently. In Proceedings of the CRYPTO.
[37]
Y. Luo et al.2012. An efficient protocol for private iris-code matching by means of garbled circuits. In IEEE ICIP.
[38]
Yongdong Wu, Jian Weng, Zhengxia Wang, Kaimin Wei, Jinming Wen, Junzuo Lai, and Xin Li. 2023. Attacks and countermeasures on privacy-preserving biometric authentication schemes. IEEE Transactions on Dependable and Secure Computing 20, 2 (2023), 1744–1755. DOI:
[39]
Z. Erkin et al.2009. Privacy-preserving face recognition. In Proceedings of the PETS.
[40]
Oded Goldreich. 2004. Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press.
[41]
A. Greenberg. 2015. OPM Now Admits 5.6m Feds’ Fingerprints Were Stolen By Hackers. Retrieved from https://bit.ly/2P8O0wUAccessed: 10-Aug-2019.
[42]
Google Wallet Help. 2023. Add your US Driver’s License or State ID. Retrieved from https://support.google.com/wallet/answer/12436402?hl=enAccessed: 28-May-2023.
[43]
Y. Huang. 2011. FastGC. Retrieved from https://bit.ly/34golHa. Accessed: 16-Aug-2019.
[44]
Y. Huang, J. Katz, and D. Evans. 2013. Efficient secure two-party computation using symmetric cut-and-choose. In Proceedings of the CRYPTO’13.
[45]
Jong-Hyuk Im, Seong-Yun Jeon, and Mun-Kyu Lee. 2020. Practical privacy-preserving face authentication for smartphones secure against malicious clients. IEEE Transactions on Information Forensics and Security 15 (2020), 2386–2401. DOI:
[46]
Security Info Watch. 2022. Methods for Improving Airport Security and Travel Experience with iris Recognition. Retrieved from https://www.securityinfowatch.com/critical-infrastructure/article/21281973/methods-for-improving-airport-security-and-travel-experience-with-iris-recognitionAccessed: 28-May-2023.
[47]
J. Katz and Coursera. 2019. The Pseudo One-Time Pad. Retrieved from https://bit.ly/2E7D1xw. Accessed: 01-Dec-2019.
[48]
S. Kelly. 2014. EBay’s Massive Security Breach: What It Means for You. Retrieved from https://tinyurl.com/27cyeeau. Accessed: 16-Aug-2019.
[49]
Y. Lindell. 2013. Fast cut-and-choose based protocols for malicious and covert adversaries. In Proceedings of the CRYPTO’13.
[50]
Y. Lindell and B. Pinkas. 2007. An efficient protocol for secure two-party computation in the presence of malicious adversaries. In Proceedings of the EUROCRYPT.
[51]
M. Murad. 2021. Iris Patterns: One of the Most Stable Biometrics. Retrieved from https://www.irisid.com/iris-patterns-one-of-the-most-stable-biometrics/Accessed: 15-July-2023.
[52]
T. Nishide and K.Ohta. 2007. Multiparty computation for interval, equality, and comparison without bit-decomposition protocol. In Proceedings of the PKC.
[53]
OAuth. 2017. OAuth 2.0. Retrieved from https://oauth.net/2/. Accessed: 22-Aug-2019.
[54]
OpenID. 2017. Welcome to OpenID Connect. Retrieved from http://openid.net/connect/. Accessed: 22-Aug-2019.
[55]
A. Perala. 2017. Iris ID Tech Helps Streamline Passenger Screening at Qatar Airport. Retrieved from https://bit.ly/2E5Nae3. Accessed: 16-Aug-2019.
[56]
Android Open Source Project. 2022. Hardware-backed Keystore. Retrieved from https://source.android.com/docs/security/features/keystore. Accessed: 16-July-2023.
[57]
C. Rathgeb and A. Uhi. 2011. A survey on biometric cryptosystems and cacelable biometrics. In Proceedings of the EURASIP.
[58]
G. Edward Suh and S. Devadas. 2007. Physical unclonable functions for device authentication and secret key generation. In Proceedings of the DAC’07. ACM/IEEE.
[59]
Apple Support. 2023. Add your Driver’s License or State ID to Apple Wallet. Retrieved from https://support.apple.com/en-us/HT212940Accessed: 28-May-2023.
[60]
X. Wang, S. Ranellucci, and J. Katz. 2017. Authenticated garbling and efficient maliciously secure two-party computation. In Proceedings of the CCS’17.
[61]
Stefan Wolf and Jurg Wullschleger. 2006. Oblivious transfer is symmetric. In Proceedings of the EUROCRYPT.
[62]
Lamont Wood. 2016. How it Works: Iris Scanning Improves Smartphone Security. Retrieevd from https://bit.ly/38swz24. Accessed: 16-Aug-2019.
[63]
A. C. Yao. 1982. Protocols for secure computation. In Proceedings of the IEEE FOCS.
[64]
S. Zahur and D. Evans. 2015. Obliv-C: A language for extensible data-oblivious computation. In Cryptology ePrint Archive: Report 2015:1153.
Index Terms
- PEBASI: A Privacy preserving, Efficient Biometric Authentication Scheme based on Irises
Recommendations
A Novel Biometric-Based Authentication Scheme with Privacy Protection
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 02Since biometric data are unique and permanent characteristics of individuals, the privacy protection of biometric authentication schemes has become a common concern of the public. Recently, Tang et al. proposed a biometric-based authentication scheme in ...
Privacy-Preserving Biometric System for Secure Fingerprint Authentication
HISB '12: Proceedings of the 2012 IEEE Second International Conference on Healthcare Informatics, Imaging and Systems BiologyPrivacy is an important concern when biometrics are used in authentication systems for accessing Electronic Health Records (EHR) or other biomedical research data repositories involving human subjects. Biometrics of individuals deserve careful ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
August 2024
193 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 August 2024
Online AM: 11 July 2024
Accepted: 08 April 2024
Revised: 28 July 2023
Received: 13 July 2022
Published in TOPS Volume 27, Issue 3
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Bisland Dissertation Fellowship (2019)
- Emil Stefanov Memorial Partial Fellowship (2019)
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 249Total Downloads
- Downloads (Last 12 months)249
- Downloads (Last 6 weeks)27
Reflects downloads up to 07 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in