Strong Theft-Proof Privacy-Preserving Biometric Authentication
نویسندگان
چکیده
Biometric authentication offers many benefits ranging from strong security guarantees to user convenience, however, remote authentication poses unique challenges which are not fully addressed by biometrics alone. We propose a new remote authentication protocol that combines possessionbased authentication and biometrics in a way that conquers the main weaknesses of both authentication methods. Our protocol offers strong protection to biometric data. It is theft-proof, guarding against attacks based on stolen or lost tokens. It is also privacy-preserving with respect to the users’ biometric identities as well as actions performed using those identities. In contrast to knowledge-based authentication, where passwords or PIN numbers may be updated freely, biometric data cannot be changed and therefore attacks on biometric templates are severe in consequences. To address this issue, our protocol handles biometric templates in a novel way they are never directly stored, transmitted or made available to the verifying party. Identity verification is based on the difference between the biometric template provided in the enrollment phase and the one provided during verification. A user is authenticated only if the difference is sufficiently close to 0. Authentication information is stored on a token, for instance a smart card, and is protected by biometric techniques to ensure that the token can only be used by its legitimate owner. User’s identity is created with respect to a special blinding factor used to create a blinded biometric template, not the biometric data itself. Such approach offers two major benefits: biometric data protection and unlinkability of user’s actions.
منابع مشابه
A Practical View of Privacy Preserving Biometric Authentication
Recently, biometric market is growing rapidly and biometric applications can be found in diverse areas such as border control, banking, ID-documents, access control, etc. However, usage of personal biometric information can harm privacy of users and raise problems of cross matching and identity theft. Privacy preserving techniques like template protection are an important supplement to biometri...
متن کاملPrivacy Preserving Biometrics-Based and User Centric Authentication Protocol
We propose a privacy preserving biometrics-based authentication protocol by which users can authenticate to different service providers from their own devices without involving identity providers in the transactions. Authentication is performed through a zero-knowledge proof of knowledge protocol which is based on a cryptographic identity token created using the unique, repeatable and revocable...
متن کاملOn Privacy-Preserving Biometric Authentication
Biometric authentication is becoming increasingly popular as a convenient authentication method. However, the privacy and security issues associated with biometric authentication are very serious. Privacy-preserving biometric authentication addresses privacy concerns associated with the use of biometrics and offers a secure solution for user authentication. Given the tremendous expansion of wir...
متن کاملPrivacy-Preserving Biometric Authentication: Challenges and Directions
An emerging direction for authenticating people is the adoption of biometric authentication systems. Biometric credentials are becoming increasingly popular as a mean of authenticating people due to the wide rage of advantages that they provide with respect to classical authentication methods (e.g., password-based authentication). The most characteristic feature of this authentication method is...
متن کاملBiometric Authentication of Fingerprint for Banking Users, Using Stream Cipher Algorithm
Providing banking services, especially online banking and electronic payment systems, has always been associated with high concerns about security risks. In this paper, customer authentication for their transactions in electronic banking has been discussed, and a more appropriate way of using biometric fingerprint data, as well as encrypting those data in a different way, has been suggest...
متن کامل