Strong Theft-Proof Privacy-Preserving Biometric Authentication

نویسندگان

  • Ewa Syta
  • Michael J. Fischer
  • Abraham Silberschatz
  • Gina Gallegos
  • Bryan Ford
  • Gina Gallegos García
چکیده

Biometric authentication offers many benefits ranging from strong security guarantees to user convenience, however, remote authentication poses unique challenges which are not fully addressed by biometrics alone. We propose a new remote authentication protocol that combines possessionbased authentication and biometrics in a way that conquers the main weaknesses of both authentication methods. Our protocol offers strong protection to biometric data. It is theft-proof, guarding against attacks based on stolen or lost tokens. It is also privacy-preserving with respect to the users’ biometric identities as well as actions performed using those identities. In contrast to knowledge-based authentication, where passwords or PIN numbers may be updated freely, biometric data cannot be changed and therefore attacks on biometric templates are severe in consequences. To address this issue, our protocol handles biometric templates in a novel way they are never directly stored, transmitted or made available to the verifying party. Identity verification is based on the difference between the biometric template provided in the enrollment phase and the one provided during verification. A user is authenticated only if the difference is sufficiently close to 0. Authentication information is stored on a token, for instance a smart card, and is protected by biometric techniques to ensure that the token can only be used by its legitimate owner. User’s identity is created with respect to a special blinding factor used to create a blinded biometric template, not the biometric data itself. Such approach offers two major benefits: biometric data protection and unlinkability of user’s actions.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Practical View of Privacy Preserving Biometric Authentication

Recently, biometric market is growing rapidly and biometric applications can be found in diverse areas such as border control, banking, ID-documents, access control, etc. However, usage of personal biometric information can harm privacy of users and raise problems of cross matching and identity theft. Privacy preserving techniques like template protection are an important supplement to biometri...

متن کامل

Privacy Preserving Biometrics-Based and User Centric Authentication Protocol

We propose a privacy preserving biometrics-based authentication protocol by which users can authenticate to different service providers from their own devices without involving identity providers in the transactions. Authentication is performed through a zero-knowledge proof of knowledge protocol which is based on a cryptographic identity token created using the unique, repeatable and revocable...

متن کامل

On Privacy-Preserving Biometric Authentication

Biometric authentication is becoming increasingly popular as a convenient authentication method. However, the privacy and security issues associated with biometric authentication are very serious. Privacy-preserving biometric authentication addresses privacy concerns associated with the use of biometrics and offers a secure solution for user authentication. Given the tremendous expansion of wir...

متن کامل

Privacy-Preserving Biometric Authentication: Challenges and Directions

An emerging direction for authenticating people is the adoption of biometric authentication systems. Biometric credentials are becoming increasingly popular as a mean of authenticating people due to the wide rage of advantages that they provide with respect to classical authentication methods (e.g., password-based authentication). The most characteristic feature of this authentication method is...

متن کامل

Biometric Authentication of Fingerprint for Banking Users, Using Stream Cipher Algorithm

Providing banking services, especially online banking and electronic payment systems, has always been associated with high concerns about security risks. In this paper, customer authentication for their transactions in electronic banking has been discussed, and a more appropriate way of using biometric fingerprint data, as well as encrypting those data in a different way, has been suggest...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012