Abstract
This work addresses the security and privacy issues in remote biometric authentication by proposing an efficient mechanism to verify the correctness of the outsourced computation in such protocols. In particular, we propose an efficient verifiable computation of XORing encrypted messages using an XOR linear message authentication code (MAC) and we employ the proposed scheme to build a biometric authentication protocol. The proposed authentication protocol is both secure and privacy-preserving against malicious (as opposed to honest-but-curious) adversaries. Specifically, the use of the verifiable computation scheme together with an homomorphic encryption protects the privacy of biometric templates against malicious adversaries. Furthermore, in order to achieve unlinkability of authentication attempts, while keeping a low communication overhead, we show how to apply Oblivious RAM and biohashing to our protocol. We also provide a proof of security for the proposed solution. Our simulation results show that the proposed authentication protocol is efficient.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Costello, C., Fournet, C., Howell, J., Kohlweiss, M., Kreuter, B., Naehrig, M., Parno, B., Zahur, S.: Geppetto: Versatile verifiable computation. In: IEEE S&P. IEEE, pp. 253â270 (2015)
Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: outsourcing computation to untrusted workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465â482. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14623-7_25
Zhang, L.F., Safavi-Naini, R.: Batch verifiable computation of outsourced functions. In: Designs, Codes and Cryptography, pp. 1â23 (2015)
IIriTech. Inc.: Irisecureid: Cloud-based iris recognition solution (2016). http://www.iritech.com/products/solutions/cloud-based-iris-recognition-solution-0. Accessed 18 May 2016
Simoens, K., Bringer, J., Chabanne, H., Seys, S.: A framework for analyzing template security and privacy in biometric authentication systems. IEEE Trans. Inf. Forensics Secur. 7(2), 833â841 (2012)
Yasuda, M., Shimoyama, T., Kogure, J., Yokoyama, K., Koshiba, T.: Packed homomorphic encryption based on ideal lattices and its application to biometrics. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013. LNCS, vol. 8128, pp. 55â74. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40588-4_5
Yasuda, M., Shimoyama, T., Kogure, J., Yokoyama, K., Koshiba, T.: Practical packing method in somewhat homomorphic encryption. In: Garcia-Alfaro, J., Lioudakis, G., Cuppens-Boulahia, N., Foley, S., Fitzgerald, W.M. (eds.) DPM/SETOP -2013. LNCS, vol. 8247, pp. 34â50. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54568-9_3
Bringer, J., Chabanne, H., IzabachĂšne, M., Pointcheval, D., Tang, Q., Zimmer, S.: An application of the Goldwasser-Micali cryptosystem to biometric authentication. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 96â106. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73458-1_8
Abidin, A., Mitrokotsa, A.: Security aspects of privacy-preserving biometric authentication based on ideal lattices and ring-lwe. In: Proceedings of the IEEE Workshop on Information Forensics and Security, pp. 1653â1658 (2014)
Abidin, A., Pagnin, E., Mitrokotsa, A.: Attacks on privacy-preserving biometric authentication. In: Proceedings of the 19th Nordic Conference on Secure IT Systems (NordSec 2014), pp. 293â294. Tromso, Norway (2014)
Abidin, A., Matsuura, K., Mitrokotsa, A.: Security of a privacy-preserving biometric authentication protocol revisited. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 290â304. Springer, Heidelberg (2014). doi:10.1007/978-3-319-12280-9_19
Van Dijk, M., Juels, A.: On the impossibility of cryptography alone for privacy-preserving cloud computing. In: Proceedings of the 5th USENIX Conference on Hot Topics in Security, HotSec 2010, pp. 1â8. USENIX Association (2010)
Yao, A.C.C.: How to generate and exchange secrets. In: 27th Annual Symposium on Foundations of Computer Science, pp. 162â167. IEEE (1986)
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223â238. Springer, Heidelberg (1999). doi:10.1007/3-540-48910-X_16
Goldwasser, S., Micali, S.: Probabilistic encryption & how to play mental poker keeping secret all partial information. In: Proceedings of the Fourteenth Annual ACM Symposium on Theory of Computing, STOC 1982, pp. 365â377. ACM (1982)
Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM 45(6), 965â981 (1998)
Ostrovsky, R., Skeith, W.E.: A survey of single-database private information retrieval: techniques and applications. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 393â411. Springer, Heidelberg (2007). doi:10.1007/978-3-540-71677-8_26
Barbosa, M., Brouard, T., Cauchie, S., Sousa, S.M.: Secure biometric authentication with improved accuracy. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 21â36. Springer, Heidelberg (2008). doi:10.1007/978-3-540-70500-0_3
Stoianov, A.: Security issues of biometric encryption. In: Proceedings of the 2009 IEEE Toronto International Conference on Science and Technology for Humanity (TIC- STH), pp. 34â39, September 2009
DamgĂ„rd, I., Geisler, M., KrĂžigaard, M.: Efficient and secure comparison for on-line auctions. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 416â430. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73458-1_30
Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., Toft, T.: Privacy-preserving face recognitiond. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 235â253. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03168-7_14
Sadeghi, A.-R., Schneider, T., Wehrenberg, I.: Efficient privacy-preserving face recognition. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 229â244. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14423-3_16
Huang, Y., Malka, L., Evans, D., Katz, J.: Efficient privacy-preserving biometric identification. In: NDSS (2011)
Bringer, J., Chabanne, H., Patey, A.: SHADE: secure hamming distance computation from oblivious transfer. In: Financial Cryptography Workshops, pp. 164â176 (2013)
Bringer, J., Chabanne, H., Favre, M., Patey, A., Schneider, T., Zohner, M.: GSHADE: faster privacy-preserving distance computation and biometric identification. In: Proceedings of the 2nd ACM Workshop on Information Hiding and Multimedia Security, pp. 187â198. ACM (2014)
Osadchy, M., Pinkas, B., Jarrous, A., Moskovich, B.: SCiFI - a system for secure face identification. In: IEEE S&P 2010, pp. 239â254, May 2010
Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18, 143â154 (1979)
Stinson, D.R.: Universal hashing and authentication codes. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 74â85. Springer, Heidelberg (1992). doi:10.1007/3-540-46766-1_5
Abidin, A., Larsson, J.Ă .: New universal hash functions. In: Armknecht, F., Lucks, S. (eds.) WEWoRC 2011. LNCS, vol. 7242, pp. 99â108. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34159-5_7
Krawczyk, H.: LFSR-based hashing and authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129â139. Springer, Heidelberg (1994). doi:10.1007/3-540-48658-5_15
Pagnin, E., Dimitrakakis, C., Abidin, A., Mitrokotsa, A.: On the leakage of information in biometric authentication. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 265â280. Springer, Heidelberg (2014). doi:10.1007/978-3-319-13039-2_16
Nevelsteen, W., Preneel, B.: Software performance of universal hash functions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 24â41. Springer, Heidelberg (1999). doi:10.1007/3-540-48910-X_3
Walfish, M., Blumberg, A.J.: Verifying computations without reexecuting them. Commun. ACM 58(2), 74â84 (2015)
Shoup, V.: NTL: A library for doing number theory (2016). http://www.shoup.net/ntl/. Accessed 26 Feb 2016
GMP: The GNU Multiple Precision Arithmetic Library (2016). https://gmplib.org/. Accessed 26 Feb 2016
Daugman, J.: How iris recognition works. In: ICIP (1), pp. 33â36 (2002)
Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM 43(3), 431â473 (1996)
Faber, S., Jarecki, S., Kentros, S., Wei, B.: Three-party ORAM for secure computation. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 360â385. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48797-6_16
Bringer, J., Chabanne, H., Patey, A.: Practical identification with encrypted biometric data using oblivious RAM. In: ICB 2013, pp. 1â8 (2013)
Karvelas, N., Peter, A., Katzenbeisser, S., Tews, E., Hamacher, K.: Privacy-preserving whole genome sequence processing through proxy-aided ORAM. In: WPES 2014, pp. 1â10. ACM (2014)
Keller, M., Scholl, P.: Efficient, oblivious data structures for MPC. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 506â525. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45608-8_27
DamgĂ„rd, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643â662. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_38
Teoh, A.B.J., Yuang, C.T.: Cancelable biometrics realization with multispace random projections. IEEE Trans. Syst. Man Cybern. Part B (Cybern.) 37(5), 1096â1106 (2007)
Acknowledgments
This work was funded by the European Commission through the FP7 project âEKSISTENZ,â with grant number: 607049. This work was also partially supported by the FP7-STREP project âBEAT: Biometric Evaluation and Testingâ, grant number: 284989 and the VR project PRECIS.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A    Proof of Theorem 1
A    Proof of Theorem 1
Proof
Let \(\varPi \) be the PPBA-HE-MACÂ protocol. The security of \(\varPi \) against a malicious adversary \(\mathcal {A}\) (i.e., \(\mathcal {CS}\)) is defined via the following game.
where \(\textsf {MAC}.K\) is the key space for the employed MAC. The adversaryâs advantage is defined as \(\textsf {Adv}_{\varPi ,\mathcal {A}}^{\textsf {Priv}} = \big |2\Pr \{\textsf {Exp}_{\varPi ,\mathcal {A}}^\textsf {Priv}(\lambda ,\textsf {ID}_i)=1\} - 1\big |.\) If the advantage is \(\le \textsf {negl}(\lambda )\), we say that \(\varPi \) is secure (and preserves the privacy of biometric templates) against \(\mathcal {A}\).
The details of \(\textsf {Authen}\big (\textsf {ID}_i,\textsf {Enc}(b'_{i_\beta }),\textsf {Enc}(t'_{i_\beta })\big )\) are given below.
The proof is based on the following two hybrid games.
\(\mathbf{game}~0\) : This is the original game. Let \(S_0\) be the event that \(\beta '=\beta \).
\(\mathbf{game}~1\) : This is the same as \(\mathbf{game}~0\), except that now \(\mathcal {CS}\) always performs the correct computation. Let \(S_1\) be the event that \(\beta '=\beta \) in \(\mathbf{game}~1\).
Since providing a different index \(i'\) than the correct one i always results in \(\bot \) output, it does not help the adversary (i.e., the cloud) to win any of the games. So we assume that \(\mathcal {CS}\) always provides the correct index i.
Claim 1: \(|\Pr \{S_0\}-\Pr \{S_1\}|\) is negligible. This follows from the \(\epsilon \)-security of the MAC scheme. Precisely, the difference between the two games is that in game 0, \(\textsf {VRFY}(b_i\oplus b'_{i_\beta }, t_i\oplus t'_{i_\beta },\textsf {k}_i)==0\) if \(\mathcal {CS}\) does not perform the computation correctly, except for probability \(\epsilon \), while in game 1, that does not happen as it performs the computation correctly. So the difference between the winning probabilities in game 0 and game 1 is negligible.
Claim 2: The adversary has negligible advantage in \(\mathbf{game}~1\), i.e., \(\big |2\Pr \{S_1\}-1\big |\le \textsf {negl}(\lambda )\). This follows from the \(\textsf {IND-CPA}\)-security of the employed HE scheme. Since otherwise, we can use the adversary \(\mathcal {A}\) as a blackbox to construct another PPTÂ adversary \(\mathcal {A}'\) that can win the \(\textsf {IND-CPA}\) game against the HE scheme with non-negligible probability in a straightforward fashion. More precisely, the adversary \(\mathcal {A}'\) can use the challenge ciphertext in the \(\textsf {IND-CPA}\) game to simulate the \(\varPi \)Â for \(\mathcal {A}\), and use \(\mathcal {A}\)âs guess to win the \(\textsf {IND-CPA}\) game against the HE scheme. Hence, combining the two claims, we have that \(\textsf {Adv}_{\varPi ,\mathcal {A}}^{\textsf {Priv}}\) is negligible.
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Abidin, A., Aly, A., RĂșa, E.A., Mitrokotsa, A. (2016). Efficient Verifiable Computation of XOR for Biometric Authentication. In: Foresti, S., Persiano, G. (eds) Cryptology and Network Security. CANS 2016. Lecture Notes in Computer Science(), vol 10052. Springer, Cham. https://doi.org/10.1007/978-3-319-48965-0_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-48965-0_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48964-3
Online ISBN: 978-3-319-48965-0
eBook Packages: Computer ScienceComputer Science (R0)