Paper 2022/1408

BRAKE: Biometric Resilient Authenticated Key Exchange

Pia Bauspieß, Norwegian University of Science and Technology
Tjerand Silde, Norwegian University of Science and Technology
Alexandre Tullot
Anamaria Costache, Norwegian University of Science and Technology
Christian Rathgeb, Hochschule Darmstadt
Jascha Kolberg, Hochschule Darmstadt
Christoph Busch, Hochschule Darmstadt
Abstract

Biometric data are uniquely suited for connecting individuals to their digital identities. Deriving cryptographic key exchange from successful biometric authentication therefore gives an additional layer of trust compared to password-authenticated key exchange. However, biometric data differ from passwords in two crucial points: firstly, they are sensitive personal data that need to be protected on a long-term basis. Secondly, efficient feature extraction and comparison components resulting in high intra-subject tolerance and inter-subject distinguishability, documented with good biometric performance, need to be applied in order to prevent zero-effort impersonation attacks. In this work, we present a protocol for biometric resilient authenticated key exchange that fulfils the above requirements of biometric information protection compliant with ISO/IEC 24745. The protocol is based on established improved fuzzy vault schemes and validated with good recognition performance. We build our protocol from trusted primitives for password-authenticated key exchange using oblivious pseudo-random functions. Our protocol is independent of the biometric modality and can be implemented based on the security of discrete logarithms as well as lattices. We provide an open-source implementation of our protocol instantiated with elliptic curves and a state-of-the art unlinkable fingerprint fuzzy vault scheme which achieves real-time efficiency with transaction times of less than one second from the image capture to the completed key exchange.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Authenticated Key Exchange Oblivious Pseudo-Random Function Fuzzy Vault Biometric Information Protection
Contact author(s)
pia bauspiess @ ntnu no
tjerand silde @ ntnu no
alexandre tullot @ student isae-supaero fr
anamaria costache @ ntnu no
christian rathgeb @ h-da de
christoph busch @ h-da de
History
2022-12-04: revised
2022-10-17: received
See all versions
Short URL
https://ia.cr/2022/1408
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1408,
      author = {Pia Bauspieß and Tjerand Silde and Alexandre Tullot and Anamaria Costache and Christian Rathgeb and Jascha Kolberg and Christoph Busch},
      title = {BRAKE: Biometric Resilient Authenticated Key Exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1408},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1408}},
      url = {https://eprint.iacr.org/2022/1408}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.