Abstract
In this paper, we describe the first privacy preserving multimodal biometric authentication protocol resistant to hill climbing attacks. Due to the encrypted storage and processing in the encrypted domain, the biometric database can be outsourced to the cloud. Our scheme is based on the combination of two different cryptographic primitives operating on encrypted biometric templates generated either from a single trait such as fingerprint or multimodal biometrics. For the former, the scheme employs multiple matchers working on set overlap and euclidean distance resulting in two different matching scores. In both cases, quantized scores are combined privately, to prevent any party accessing the final fused matching score. This way, hill climbing attacks are prevented that are applicable even if the templates are stored as encrypted. Finally, the scheme benefits from the advantages of multimodal biometrics and the efficiency of the underlying primitives with linear computation and communication overhead.
Dr. N. Deniz Sarier is an external researcher in Bonn-Aachen International Center for Information Technology (B-IT), Computer Security Group (cosec).
References
Abdalla, M., Bourse, F., Caro, A., Pointcheval, D.: Simple functional encryption schemes for inner products. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 733–751. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46447-2_33
Adler, A.: Vulnerabilities in biometric encryption systems. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 1100–1109. Springer, Heidelberg (2005). doi:10.1007/11527923_114
Blanton, M., Gasti, P.: Secure and efficient protocols for iris and fingerprint identification. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 190–209. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23822-2_11
Bringer, J., Chabanne, H., Izabachène, M., Pointcheval, D., Tang, Q., Zimmer, S.: An application of the Goldwasser-Micali cryptosystem to biometric authentication. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 96–106. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73458-1_8
Chun, H., Elmehdwi, Y., Li, F., Bhattacharya, P., Jiang, W.: Outsourcable two-party privacy preserving biometric authentication. In: ACM ASIACCS 2014, pp. 401–412 (2014)
Cristofaro, E., Gasti, P., Tsudik, G.: Fast and private computation of cardinality of set intersection and union. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 218–231. Springer, Heidelberg (2012). doi:10.1007/978-3-642-35404-5_17
Goldreich, O.: Foundations of Cryptography. Basic Applications, vol. 2. Cambridge University Press, Cambridge (2004)
Higo, H., Isshiki, T., Mori, K., Obana, S.: Privacy-preserving fingerprint authentication resistant to hill-climbing attacks. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 44–64. Springer, Cham (2016). doi:10.1007/978-3-319-31301-6_3
Huberman, B.A., Franklin, M., Hogg, T.: Enhancing privacy and trust in electronic communities. In: ACM EC 1999, pp. 78–86. ACM (1999)
Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Crypt. 38(2), 237–257 (2006)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: ACM CCS, pp. 28–36 (1999)
Li, Q., Sutcu, Y., Memon, N.: Secure sketch for biometric templates. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 99–113. Springer, Heidelberg (2006). doi:10.1007/11935230_7
Maiorana, E., Hine, G.E., Campisi, P.: Hill-climbing attacks on multi-biometrics recognition systems. IEEE TIFS 10(5), 900–915 (2015)
Mihăilescu, P., Munk, A., Tams, B.: Security considerations in minutiae-based fuzzy vaults. IEEE TIFS 10(5), 985–998 (2015)
Pinkas, B., Schneider, T., Zohner, M.: Faster private set intersection based on ot extension. In: USENIX 2014, pp. 797–812. USENIX Association (2014)
Ross, A., Jain, A.K.: Multimodal biometrics: an overview. In: EUSIPCO 2004, pp. 1221–1224. IEEE (2004)
Sarier, N.D., Cryptosystems, B.: Authentication, encryption and signature for biometric identities. Ph.D. thesis, Bonn University, Germany (2013)
Sarier, N.D.: Private minutia-based fingerprint matching. In: Akram, R.N., Jajodia, S. (eds.) WISTP 2015. LNCS, vol. 9311, pp. 52–67. Springer, Cham (2015). doi:10.1007/978-3-319-24018-3_4
Sarier, N.D.: Efficient biometric-based encryption for fingerprints. In: ICITST 2016, pp. 127–132. IEEE (2016)
Shahandashti, S.F., Safavi-Naini, R., Ogunbona, P.: Private fingerprint matching. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 426–433. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31448-3_32
Simoens, K., Bringer, J., Chabanne, H., Seys, S.: A framework for analyzing template security and privacy in biometric authentication systems. IEEE TIFS 7(2), 833–841 (2012)
Acknowledgement
The author is grateful to Prof. Dr. Joachim von zur Gathen for his valuable support, encouragement and guidance.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Sarier, N.D. (2017). Privacy Preserving Multimodal Biometric Authentication in the Cloud. In: Au, M., Castiglione, A., Choo, KK., Palmieri, F., Li, KC. (eds) Green, Pervasive, and Cloud Computing. GPC 2017. Lecture Notes in Computer Science(), vol 10232. Springer, Cham. https://doi.org/10.1007/978-3-319-57186-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-57186-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-57185-0
Online ISBN: 978-3-319-57186-7
eBook Packages: Computer ScienceComputer Science (R0)