Abstract
In this paper, we describe a new biometric-based remote authentication (BRA) system by combining distributed biometric authentication and cancelable biometrics. The motivation of this construction is based on our new attacks against the BRA schemes designed according to the security model of Bringer et al. Specifically, we prove that identity privacy cannot be achieved for the schemes in this model, if biometrics is assumed as public data and a publicly stored sketch is employed for improved accuracy. Besides, a statistical attack is shown that is effective even if the sketch is stored as encrypted. To prevent statistical attacks, we propose a weaker notion of identity privacy, where the adversary has limited power. Next, we design a BRA protocol in cancelable biometric setting, which is also applicable for biometrics represented as a set of features. For this setting, we define a stronger security notion, which is guaranteed for the BRA schemes that are vulnerable to our attacks if they are implemented in cancelable biometric setting.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Barbosa, M., Brouard, T., Cauchie, S., de Sousa, S.M.: Secure Biometric Authentication with Improved Accuracy. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 21–36. Springer, Heidelberg (2008)
Bringer, J., Chabanne, H.: An Authentication Protocol with Encrypted Biometric Data. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 109–124. Springer, Heidelberg (2008)
Bringer, J., Chabanne, H., Izabachène, M., Pointcheval, D., Tang, Q., Zimmer, S.: An Application of the Goldwasser-micali Cryptosystem to Biometric Authentication. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 96–106. Springer, Heidelberg (2007)
Bringer, J., Chabanne, H., Pointcheval, D., Tang, Q.: Extended Private Information Retrieval and its Application in Biometrics Authentications. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds.) CANS 2007. LNCS, vol. 4856, pp. 175–193. Springer, Heidelberg (2007)
Cambier, J., von Seelen, U.C., Moore, R., Scott, I., Braithwaite, M., Daugman, J.: Application specific biometric templates. In: IEEE Workshop on Automatic Identification Advanced Technologies, pp. 167–171. IEEE (2002)
Dodis, Y., Smith, A.: Correcting errors without leaking partial information. In: STOC 2005, pp. 654–663. ACM (2005)
El Gamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)
Hirata, S., Takahashi, K.: Cancelable Biometrics with Perfect Secrecy for Correlation-Based Matching. In: Tistarelli, M., Nixon, M.S. (eds.) ICB 2009. LNCS, vol. 5558, pp. 868–878. Springer, Heidelberg (2009)
Li, Q., Sutcu, Y., Memon, N.D.: Secure Sketch for Biometric Templates. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 99–113. Springer, Heidelberg (2006)
Sakashita, T., Shibata, Y., Yamamoto, T., Takahashi, K., Ogata, W., Kikuchi, H., Nishigaki, M.: A Proposal of Efficient Remote Biometric Authentication Protocol. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 212–227. Springer, Heidelberg (2009)
Sarier, N.D.: A New Approach for Biometric Template Storage and Remote Authentication. In: Tistarelli, M., Nixon, M.S. (eds.) ICB 2009. LNCS, vol. 5558, pp. 909–918. Springer, Heidelberg (2009)
Sarier, N.D.: A survey of distributed biometric authentication systems. In: BIOSIG 2009. LNI, vol. 155, pp. 43–55. GI (2009)
Sarier, N.D.: Improving the accuracy and storage cost in biometric remote authentication schemes. J. Network and Computer Applications 33(3), 268–274 (2010)
Sarier, N.D.: Practical Multi-factor Biometric Remote Authentication. In: BTAS 2010, pp. 1–6. IEEE (2010)
Simoens, K., Bringer, J., Chabanne, H., Seys, S.: Analysis of biometric authentication protocols in the blackbox model. CoRR, abs/1101.2569 (2011)
Tang, Q., Bringer, J., Chabanne, H., Pointcheval, D.: A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 56–70. Springer, Heidelberg (2008)
Yang, G., Tan, C.H., Huang, Q., Wong, D.S.: Probabilistic Public Key Encryption with Equality Test. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 119–131. Springer, Heidelberg (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sarier, N.D. (2012). Security Notions of Biometric Remote Authentication Revisited. In: Meadows, C., Fernandez-Gago, C. (eds) Security and Trust Management. STM 2011. Lecture Notes in Computer Science, vol 7170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29963-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-29963-6_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29962-9
Online ISBN: 978-3-642-29963-6
eBook Packages: Computer ScienceComputer Science (R0)