Authors:
Ewa Syta
1
;
Michael J. Fischer
1
;
David Wolinsky
1
;
Abraham Silberschatz
1
;
Gina Gallegos-Garcia
2
and
Bryan Ford
1
Affiliations:
1
Yale University, United States
;
2
National Polytechnic Institute of Mexico, United States
Keyword(s):
Authentication, Biometrics, Privacy, Security.
Related
Ontology
Subjects/Areas/Topics:
Applied Cryptography
;
Biometrics Security and Privacy
;
Cryptographic Techniques and Key Management
;
Data Engineering
;
Databases and Data Security
;
Identification, Authentication and Non-Repudiation
;
Information and Systems Security
;
Privacy Enhancing Technologies
Abstract:
We propose an efficient remote biometric authentication protocol that gives strong protection to the user’s
biometric data in case of two common kinds of security breaches: (1) loss or theft of the user’s token (smart
card, handheld device, etc.), giving the attacker full access to any secrets embedded within it; (2) total penetration
of the server. Only if both client and server are simultaneously compromised is the user’s biometric data
vulnerable to exposure. The protocol works by encrypting the user’s biometric template in a way that allows
it to be used for authentication without being decrypted by either token or server. Further, the encrypted template
never leaves the token, and only the server has the information that would enable it to be decrypted. We
have implemented our protocol using two iris recognition libraries and evaluated its performance. The overall
efficiency and recognition performance is essentially the same compared to an unprotected biometric system.