Skip to main content
Springer Nature Link
Log in

An Authentication Protocol with Encrypted Biometric Data

  • Conference paper
Progress in Cryptology – AFRICACRYPT 2008 (AFRICACRYPT 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5023))

Included in the following conference series:

  • 2679 Accesses

Abstract

At ACISP’07, Bringer et al. introduced a new protocol for achieving biometric authentication with a Private Information Retrieval (PIR) scheme. Their proposal is made to enforce the privacy of biometric data of users. We improve their work in several aspects. Firstly, we show how to replace the basic PIR scheme they used with Lipmaa’s which has ones of the best known communication complexity. Secondly, we combine it with Secure Sketches to enable a strict separation between on one hand biometric data which remain the same all along a lifetime and stay encrypted during the protocol execution, and on the other hand temporary data generated for the need of the authentication to a service provider. Our proposition exploits homomorphic properties of Goldwasser-Micali and Paillier cryptosystems.

Work partially supported by french ANR RNRT project BACH.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Anderson, R., Bond, M., Clulow, J., Skorobogatov, S.: Cryptographic processors-a survey. Proceedings of the IEEE 94(2), 357–369 (2006)

    Article  Google Scholar 

  2. Atallah, M.J., Frikken, K.B., Goodrich, M.l.T., Tamassia, R.: Secure biometric authentication for weak computational devices. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 357–371. Springer, Heidelberg (2005)

    Google Scholar 

  3. Boyen, X.: Reusable cryptographic fuzzy extractors. In: Atluri, V., Pfitzmann, B., McDaniel, P.D. (eds.) CCS 2004: Proceedings of the 11th ACM conference on Computer and communications security, pp. 82–91. ACM Press, New York (2004)

    Chapter  Google Scholar 

  4. Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)

    Google Scholar 

  5. Bringer, J., Chabanne, H., Cohen, G., Kindarji, B., Zémor, G.: Optimal iris fuzzy sketches. In: IEEE First International Conference on Biometrics: Theory, Applications and Systems, BTAS 2007 (2007)

    Google Scholar 

  6. Bringer, J., Chabanne, H., Izabachène, M., Pointcheval, D., Tang, Q., Zimmer, S.: An application of the Goldwasser-Micali cryptosystem to biometric authentication. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 96–106. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Bringer, J., Chabanne, H., Kindarji, B.: The best of both worlds: Applying secure sketches to cancelable biometrics. Science of Computer Programming (to appear, Presented at WISSec 2007)

    Google Scholar 

  8. Bringer, J., Chabanne, H., Pointcheval, D., Tang, Q.: Extended private information retrieval and its application in biometrics authentications. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds.) CANS 2007. LNCS, vol. 4856, pp. 175–193. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Bringer, J., Chabanne, H., Tang, Q.: An application of the Naccache-Stern knapsack cryptosystem to biometric authentication. In: AutoID, pp. 180–185. IEEE, Los Alamitos (2007)

    Google Scholar 

  10. Chang, Y.-C.: Single database private information retrieval with logarithmic communication. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 50–61. Springer, Heidelberg (2004)

    Google Scholar 

  11. Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: FOCS, pp. 41–50 (1995)

    Google Scholar 

  12. Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM 45(6), 965–981 (1998)

    Article  MATH  MathSciNet  Google Scholar 

  13. Crescenzo, G.D., Graveman, R., Ge, R., Arce, G.: Approximate message authentication and biometric entity authentication. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 240–254. Springer, Heidelberg (2005)

    Google Scholar 

  14. Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  15. Damgård, I., Jurik, M.: A length-flexible threshold cryptosystem with applications. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 350–364. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. Dodis, Y., Katz, J., Reyzin, L., Smith, A.: Robust fuzzy extractors and authenticated key agreement from close secrets. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 232–250. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)

    Google Scholar 

  18. Du, W., Atallah, M.J.: Secure multi-party computation problems and their applications: a review and open problems. In: NSPW 2001: Proceedings of the 2001 workshop on New security paradigms, pp. 13–22. ACM Press, New York (2001)

    Chapter  Google Scholar 

  19. Feigenbaum, J., Ishai, Y., Malkin, T., Nissim, K., Strauss, M.J., Wright, R.N.: Secure multiparty computation of approximations. ACM Transactions on Algorithms 2(3), 435–472 (2006)

    Article  MathSciNet  Google Scholar 

  20. Gasarch, W.: A survey on private information retrieval, http://www.cs.umd.edu/gasarch/pir/pir.html

  21. Gentry, C., Ramzan, Z.: Single-database private information retrieval with constant communication rate. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 803–815. Springer, Heidelberg (2005)

    Google Scholar 

  22. Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. In: STOC, pp. 151–160 (1998)

    Google Scholar 

  23. Goldwasser, S., Micali, S.: Probabilistic encryption and how to play mental poker keeping secret all partial information. In: Proceedings of the Fourteenth Annual ACM Symposium on Theory of Computing, San Francisco, California, USA, May 5-7, 1982, pp. 365–377. ACM, New York (1982)

    Chapter  Google Scholar 

  24. Hao, F., Anderson, R., Daugman, J.: Combining crypto with biometrics effectively. IEEE Transactions on Computers 55(9), 1081–1088 (2006)

    Article  Google Scholar 

  25. Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Cryptography 38(2), 237–257 (2006)

    Article  MathSciNet  Google Scholar 

  26. Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: ACM Conference on Computer and Communications Security, pp. 28–36 (1999)

    Google Scholar 

  27. Kevenaar, T.A.M., Schrijen, G.J., van der Veen, M., Akkermans, A.H.M., Zuo, F.: Face recognition with renewable and privacy preserving binary templates. In: AUTOID 2005: Proceedings of the Fourth IEEE Workshop on Automatic Identification Advanced Technologies, pp. 21–26. IEEE Computer Society, Washington (2005)

    Chapter  Google Scholar 

  28. Linnartz, J.-P.M.G., Tuyls, P.: New shielding functions to enhance privacy and prevent misuse of biometric templates. In: Kittler, J., Nixon, M.S. (eds.) AVBPA 2003. LNCS, vol. 2688, pp. 393–402. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  29. Lipmaa, H.: An oblivious transfer protocol with log-squared communication. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 314–328. Springer, Heidelberg (2005)

    Google Scholar 

  30. Ostrovsky, R., Skeith III., W.E.: A survey of single database PIR: Techniques and applications. Cryptology ePrint Archive: Report 2007/059 (2007)

    Google Scholar 

  31. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)

    Google Scholar 

  32. Schoenmakers, B., Tuyls, P.: Efficient binary conversion for Paillier encrypted values. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 522–537. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  33. Sion, R., Carbunar, B.: On the computational practicality of private information retrieval. In: Network and Distributed System Security Symposium NDSS (2007)

    Google Scholar 

  34. Tuyls, P., Akkermans, A.H.M., Kevenaar, T.A.M., Schrijen, G.J., Bazen, A.M., Veldhuis, R.N.J.: Practical biometric authentication with template protection. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 436–446. Springer, Heidelberg (2005)

    Google Scholar 

  35. Tuyls, P., Goseling, J.: Capacity and examples of template-protecting biometric authentication systems. In: Maltoni, D., Jain, A.K. (eds.) BioAW 2004. LNCS, vol. 3087, pp. 158–170. Springer, Heidelberg (2004)

    Google Scholar 

  36. Tuyls, P., Verbitskiy, E., Goseling, J., Denteneer, D.: Privacy protecting biometric authentication systems: an overview. In: EUSIPCO 2004 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Sagem Sécurité,  

    Julien Bringer & Hervé Chabanne

Authors
  1. Julien Bringer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hervé Chabanne
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Serge Vaudenay

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bringer, J., Chabanne, H. (2008). An Authentication Protocol with Encrypted Biometric Data. In: Vaudenay, S. (eds) Progress in Cryptology – AFRICACRYPT 2008. AFRICACRYPT 2008. Lecture Notes in Computer Science, vol 5023. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68164-9_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-68164-9_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68159-5

  • Online ISBN: 978-3-540-68164-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics