TY - GEN
T1 - Privacy Preserving Biometric Authentication for Fingerprints and Beyond
AU - Blanton, Marina
AU - Murphy, Dennis
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s).
PY - 2024/6/19
Y1 - 2024/6/19
N2 - Biometric authentication eliminates the need for users to remember secrets and serves as a convenient mechanism for user authentication. Traditional implementations of biometric-based authentication store sensitive user biometry on the server and the server becomes an attractive target of attack and a source of large-scale unintended disclosure of biometric data. To mitigate the problem, we can resort to privacy-preserving computation and store only protected biometrics on the server. While a variety of secure computation techniques is available, our analysis of privacy-preserving biometric authentication constructions revealed that available solutions fall short of addressing the challenges of privacy-preserving biometric authentication. Thus, in this work we put forward new constructions to address the challenges. Our solutions employ a helper server and use strong threat models, where a client is always assumed to be malicious, while the helper server can be semi-honest or malicious. We also determined that standard secure multi-party computation definitions are insufficient to properly demonstrate security in the two-phase (enrollment and authentication) entity authentication application. We thus extend the model and formally show security in the multi-phase setting, where information can flow from one phase to another and the set of participants can change between the phases. We implement our constructions and show that they exhibit practical performance for authentication in real time.
AB - Biometric authentication eliminates the need for users to remember secrets and serves as a convenient mechanism for user authentication. Traditional implementations of biometric-based authentication store sensitive user biometry on the server and the server becomes an attractive target of attack and a source of large-scale unintended disclosure of biometric data. To mitigate the problem, we can resort to privacy-preserving computation and store only protected biometrics on the server. While a variety of secure computation techniques is available, our analysis of privacy-preserving biometric authentication constructions revealed that available solutions fall short of addressing the challenges of privacy-preserving biometric authentication. Thus, in this work we put forward new constructions to address the challenges. Our solutions employ a helper server and use strong threat models, where a client is always assumed to be malicious, while the helper server can be semi-honest or malicious. We also determined that standard secure multi-party computation definitions are insufficient to properly demonstrate security in the two-phase (enrollment and authentication) entity authentication application. We thus extend the model and formally show security in the multi-phase setting, where information can flow from one phase to another and the set of participants can change between the phases. We implement our constructions and show that they exhibit practical performance for authentication in real time.
KW - biometric authentication
KW - garbled circuit evaluation
KW - multi-phase secure execution
KW - oblivious transfer
KW - secure computation
UR - https://www.scopus.com/pages/publications/85199029699
U2 - 10.1145/3626232.3653269
DO - 10.1145/3626232.3653269
M3 - Conference contribution
AN - SCOPUS:85199029699
T3 - CODASPY 2024 - Proceedings of the 14th ACM Conference on Data and Application Security and Privacy
SP - 367
EP - 378
BT - CODASPY 2024 - Proceedings of the 14th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery, Inc
T2 - 14th ACM Conference on Data and Application Security and Privacy, CODASPY 2024
Y2 - 19 June 2024 through 21 June 2024
ER -