Skip to main content
Springer Nature Link
Log in

Secure Non-interactive User Re-enrollment in Biometrics-Based Identification and Authentication Systems

  • Conference paper
  • First Online:
Cyber Security Cryptography and Machine Learning (CSCML 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10879))

  • 1238 Accesses

Abstract

Recent years have witnessed an increase in demand for biometrics based identification, authentication and access control (BIA) systems, which offer convenience, ease of use, and (in some cases) improved security. In contrast to other methods, such as passwords or pins, BIA systems face new unique challenges; chiefly among them is ensuring long-term confidentiality of biometric data stored in backends, as such data has to be secured for the lifetime of an individual. Cryptographic approaches such as Fuzzy Extractors (FE) and Fuzzy Vaults (FV) have been developed to address this challenge. FE/FV do not require storing any biometric data in backends, and instead generate and store helper data that enables BIA when a new biometric reading is supplied. Security of FE/FV ensures that an adversary obtaining such helper data cannot (efficiently) learn the biometric. Relying on such cryptographic approaches raises the following question: what happens when helper data is lost or destroyed (e.g., due to a failure, or malicious activity), or when new helper data has to be generated (e.g., in response to a breach or to update the system)? Requiring a large number of users to physically re-enroll is impractical, and the literature falls short of addressing this problem. In this paper we develop SNUSE, a secure computation based approach for non-interactive re-enrollment of a large number of users in BIA systems. We prototype SNUSE to illustrate its feasibility, and evaluate its performance and accuracy on two biometric modalities, fingerprints and iris scans. Our results show that thousands of users can be securely re-enrolled in seconds without affecting the accuracy of the system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    We omit explicitly mentioning access control, we assume it implicitly when authenticating an individual and then granting access based on the authenticated identity.

  2. 2.

    We use the term “encode” very loosely here as helper data may not actually encode the secret, it may only enable constructing it when the biometric is also present.

  3. 3.

    Available at: http://sprout.ics.uci.edu/people/ivan/pubs/2018_snuse.pdf.

  4. 4.

    In our notation the first row/column of a matrix is indexed by 1 and not 0.

References

  1. Jain, A.K., Bolle, R.M., Pankanti, S.: Biometrics: Personal Identification in Networked Society, vol. 479. Springer, New York (2006). https://doi.org/10.1007/978-0-387-32659-7

    Book  Google Scholar 

  2. Ratha, N.K., Connell, J.H., Bolle, R.M.: Enhancing security and privacy in biometrics-based authentication systems. IBM Syst. J. 40(3), 614–634 (2001)

    Article  Google Scholar 

  3. Wikipedia: Office of Personnel Management data breach. https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach. Accessed 5 Dec 2017

  4. Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Cryptogr. 38(2), 237–257 (2006). https://doi.org/10.1007/s10623-005-6343-z

    Article  MathSciNet  MATH  Google Scholar 

  5. Fuller, B., Meng, X., Reyzin, L.: Computational fuzzy extractors. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 174–193. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_10

    Chapter  Google Scholar 

  6. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)

    Google Scholar 

  7. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  8. Yao, A.C.: Protocols for secure computations. In: 23rd Annual Symposium on Foundations of Computer Science, SFCS ’08, pp. 160–164. IEEE (1982)

    Google Scholar 

  9. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM (1987)

    Google Scholar 

  10. Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_38

    Chapter  Google Scholar 

  11. Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority. In: Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing, pp. 73–85. ACM (1989)

    Google Scholar 

  12. Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 420–432. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_34

    Chapter  Google Scholar 

  13. Cramer, R., Damgård, I., Maurer, U.: General secure multi-party computation from any linear secret-sharing scheme. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 316–334. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_22

    Chapter  Google Scholar 

  14. Kiayias, A., Yung, M.: Cryptographic hardness based on the decoding of Reed-Solomon codes. In: Widmayer, P., Eidenbenz, S., Triguero, F., Morales, R., Conejo, R., Hennessy, M. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 232–243. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45465-9_21

    Chapter  Google Scholar 

  15. Itkis, G., Chandar, V., Fuller, B.W., Campbell, J.P., Cunningham, R.K.: Iris biometric security challenges and possible solutions: for your eyes only? Using the iris as a key. IEEE Sig. Process. Mag. 32(5), 42–53 (2015)

    Article  Google Scholar 

  16. Nandakumar, K., Jain, A.K., Pankanti, S.: Fingerprint-based fuzzy vault: implementation and performance. IEEE Trans. Inf. Forensics Secur. 2(4), 744–757 (2007)

    Article  Google Scholar 

  17. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_31

    Chapter  Google Scholar 

  18. Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_9

    Chapter  Google Scholar 

  19. Yao, A.C.-C.: How to generate and exchange secrets. In: Proceedings of the 27th Annual Symposium on Foundations of Computer Science. SFCS 1986, pp. 162–167. IEEE Computer Society, Washington, DC (1986). https://doi.org/10.1109/SFCS.1986.25

  20. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: STOC 1988. ACM (1988)

    Google Scholar 

  21. Damgård, I., Keller, M., Larraia, E., Pastro, V., Scholl, P., Smart, N.P.: Practical covertly secure MPC for dishonest majority – or: breaking the SPDZ limits. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 1–18. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_1

    Chapter  Google Scholar 

  22. Archer, D.W., Bogdanov, D., Pinkas, B., Pullonen, P.: Maturity and performance of programmable secure computation. In: IEEE S & P (2016)

    Article  Google Scholar 

  23. Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. J. Cryptol. 23(2), 281–343 (2010). https://doi.org/10.1007/s00145-009-9040-7

    Article  MathSciNet  MATH  Google Scholar 

  24. Huang, Y., Katz, J., Evans, D.: Quid-Pro-Quo-tocols: strengthening semi-honest protocols with dual execution. In: IEEE S & P 2012. IEEE Computer Society (2012)

    Google Scholar 

  25. Hazay, C., Lindell, Y.: Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 155–175. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_10

    Chapter  Google Scholar 

  26. Baron, J., El Defrawy, K., Minkovich, K., Ostrovsky, R., Tressler, E.: 5PM: secure pattern matching. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 222–240. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32928-9_13

    Chapter  Google Scholar 

Download references

Acknowledgement

This work was funded by the US Department of Homeland Security (DHS) Science and Technology (S&T) Directorate under contract no. HSHQDC-16-C-00034. The views and conclusions contained herein are the authors’ and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DHS or the US government.

Author information

Authors and Affiliations

  1. SRI International, Menlo Park, USA

    Ivan De Oliveira Nunes, Karim Eldefrawy & Tancrède Lepoint

  2. University of California Irvine, Irvine, USA

    Ivan De Oliveira Nunes

Authors
  1. Ivan De Oliveira Nunes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karim Eldefrawy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tancrède Lepoint
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ivan De Oliveira Nunes .

Editor information

Editors and Affiliations

  1. Ben-Gurion University of the Negev, Beer Sheva, Israel

    Itai Dinur

  2. Ben-Gurion University of the Negev, Beer Sheva, Israel

    Shlomi Dolev

  3. Tata Consultancy Services (India), Chennai, Tamil Nadu, India

    Sachin Lodha

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

De Oliveira Nunes, I., Eldefrawy, K., Lepoint, T. (2018). Secure Non-interactive User Re-enrollment in Biometrics-Based Identification and Authentication Systems. In: Dinur, I., Dolev, S., Lodha, S. (eds) Cyber Security Cryptography and Machine Learning. CSCML 2018. Lecture Notes in Computer Science(), vol 10879. Springer, Cham. https://doi.org/10.1007/978-3-319-94147-9_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-94147-9_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-94146-2

  • Online ISBN: 978-3-319-94147-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics