Outsourceable Two-party Privacy-preserving Biometric Authentication

Author

Hu Chun
Yousef Elmehdwi
Feng Li
Prabir Bhattacharya
Wei Jiang, Missouri University of Science and TechnologyFollow

Abstract

Biometric authentication, a key component for many secure protocols and applications, is a process of authenticating a user by matching her biometric data against a biometric database stored at a server managed by an entity. If there is a match, the user can log into her account or obtain the services provided by the entity. Privacy-preserving biometric authentication (PPBA) considers a situation where the biometric data are kept private during the authentication process. That is the user's biometric data record is never disclosed to the entity, and the data stored in the entity's biometric database are never disclosed to the user. Due to the reduction in operational costs and high computing power, it is beneficial for an entity to outsource not only its data but also computations such as biometric authentication process to a cloud. However, due to well-documented security risks faced by a cloud, sensitive data like biometrics should be encrypted first and then outsourced to the cloud. When the biometric data are encrypted and cannot be decrypted by the cloud, the existing PPBA protocols are not applicable. Therefore, in this paper, we propose a two-party PPBA protocol when the biometric data in consideration are fully encrypted and outsourced to a cloud. In the proposed protocol, the security of the biometric data is completely protected since the encrypted biometric data are never decrypted during the authentication process. In addition, we formally analyze the security of the proposed protocol and provide extensive empirical results to show its runtime complexit.

Recommended Citation

H. Chun et al., "Outsourceable Two-party Privacy-preserving Biometric Authentication," ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 401 - 412, Association for Computing Machinery (ACM), Jun 2014.

The definitive version is available at https://doi.org/10.1145/2590296.2590343

Department(s)

Computer Science

Comments

National Sleep Foundation, Grant N000141110256

Keywords and Phrases

Biometric authentication; Cloud computing; Security

International Standard Book Number (ISBN)

978-145032800-5

Document Type

Article - Conference proceedings

Document Version

Citation

File Type

text

Language(s)

English

Rights

© 2024 Association for Computing Machinery, All rights reserved.

Publication Date

04 Jun 2014