Paper 2024/525

Privacy Preserving Biometric Authentication for Fingerprints and Beyond

Marina Blanton, University at Buffalo
Dennis Murphy, University at Buffalo
Abstract

Biometric authentication eliminates the need for users to remember secrets and serves as a convenient mechanism for user authentication. Traditional implementations of biometric-based authentication store sensitive user biometry on the server and the server becomes an attractive target of attack and a source of large-scale unintended disclosure of biometric data. To mitigate the problem, we can resort to privacy-preserving computation and store only protected biometrics on the server. While a variety of secure computation techniques is available, our analysis of privacy-preserving biometric computation and biometric authentication constructions revealed that available solutions fall short of addressing the challenges of privacy-preserving biometric authentication. Thus, in this work we put forward new constructions to address the challenges. Our solutions employ a helper server and use strong threat models, where a client is always assumed to be malicious, while the helper server can be semi-honest or malicious. We also determined that standard secure multi-party computation security definitions are insufficient to properly demonstrate security in the two-phase (enrollment and authentication) entity authentication application. We thus extend the model and formally show security in the multi-phase setting, where information can flow from one phase to another and the set of participants can change between the phases. We implement our constructions and show that they exhibit practical performance for authentication in real time.

Note: Full version of the paper.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. CODASPY 2024
Keywords
secure computationbiometric authenticationmulti-phase secure execution
Contact author(s)
mblanton @ buffalo edu
dpm29 @ buffalo edu
History
2024-08-03: revised
2024-04-04: received
See all versions
Short URL
https://ia.cr/2024/525
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX

@misc{cryptoeprint:2024/525,
      author = {Marina Blanton and Dennis Murphy},
      title = {Privacy Preserving Biometric Authentication for Fingerprints and Beyond},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/525},
      year = {2024},
      url = {https://eprint.iacr.org/2024/525}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.