Cryptology ePrint Archive: Report 2016/484

Ghostshell: Secure Biometric Authentication using Integrity-based Homomorphic Evaluations

Jung Hee Cheon and HeeWon Chung and Myungsun Kim and Kang-Won Lee

Abstract: Biometric authentication methods are gaining popularity due to their convenience. For an authentication without relying on trusted hardwares, biometrics or their hashed values should be stored in the server. Storing biometrics in the clear or in an encrypted form, however, raises a grave concern about biometric theft through hacking or man-in-the middle attack. Unlike ID and password, once lost biometrics cannot practically be replaced. Encryption can be a tool for protecting them from theft, but encrypted biometrics should be recovered for comparison.

In this work, we propose a secure biometric authentication scheme, named Ghostshell, in which an encrypted template is stored in the server and then compared with an encrypted attempt \emph{without} decryption. The decryption key is stored only in a user's device and so biometrics can be kept secret even against a compromised server. Our solution relies on a somewhat homomorphic encryption (SHE) and a message authentication code (MAC). Because known techniques for SHE is computationally expensive, we develop a more practical scheme by devising a significantly efficient matching function exploiting SIMD operations and a one-time MAC chosen for efficient homomorphic evaluations (of multiplication depth 2). When applied to Hamming distance matching on 2400-bit irises, our implementation shows that the computation time is approximately 0.47 and 0.1 seconds for the server and the user, respectively.

Category / Keywords: cryptographic protocols / Biometric authentication, Homomorphic encryption, MAC

Date: received 19 May 2016

Contact author: msunkim at suwon ac kr

Available format(s): PDF | BibTeX Citation

Version: 20160520:122122 (All versions of this report)

Short URL: ia.cr/2016/484

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]