Privacy Preserving Biometrics-Based and User Centric Authentication Protocol

  • Hasini Gunasinghe
  • Elisa Bertino
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8792)


We propose a privacy preserving biometrics-based authentication protocol by which users can authenticate to different service providers from their own devices without involving identity providers in the transactions. Authentication is performed through a zero-knowledge proof of knowledge protocol which is based on a cryptographic identity token created using the unique, repeatable and revocable biometric identifier of the user and a secret provided by the user which enables two-factor authentication as well. Our approach for generating biometric identifiers from the user’s biometric image is based on the support vector machine classification technique in conjunction with a mechanism for feature extraction from the biometric image. The paper includes experimental results on a dataset of iris images and a security and privacy analysis of the protocol.


Privacy Security Biometrics Authentication 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    IdentityX | World-Class Mobile Biometric Authentication,
  2. 2.
  3. 3.
    Bhargav-Spantzel, A., Squicciarini, A.C., Bertino, E., Kong, X., Zhang, W.: Biometrics-based identifiers for digital identity management. In: IDtrust 2010 Conference Proceedings. ACM (April 2010)Google Scholar
  4. 4.
    California State University, East Bay: Coding theory - hadamard codes,
  5. 5.
    Chang, C.C., Lin, C.J.: LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology 2, 27:1–27:27 (2011), software available at
  6. 6.
    Kande, S., Dorizzi, B.: Cancelable iris biometrics and using error correcting codes to reduce variability in biometric data. In: Computer Vision and Pattern Recognition. IEEE (April 2009)Google Scholar
  7. 7.
    Klinger, E., Starkweather, D.: Home of pHash, the open source perceptual hash library (2008-2010),
  8. 8.
    Kostiainen, K., Ekberg, J., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: Proceedings of ASIACCS 2009 (2009)Google Scholar
  9. 9.
    Paci, F., Bertino, E., Kerr, S., Lint, A., Squicciarini, A.C., Woo, J.: VeryIDX - A digital identity management system for pervasive computing environments. In: Brinkschulte, U., Givargis, T., Russo, S. (eds.) SEUS 2008. LNCS, vol. 5287, pp. 268–279. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  11. 11.
    Proença, H.: The UBIRIS.v2: A database of visible wavelength images captured on-the-move and at-a-distance. IEEE Trans. PAMI 32(8), 1529–1535 (2010)CrossRefGoogle Scholar
  12. 12.
    Proença, H., Alexandre, L.A.: UBIRIS: A noisy iris image database. In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 970–977. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edn. Wiley (1996)Google Scholar
  14. 14.
    Zauner, C.: Implementation and Benchmarking of Perceptual Image Hash Functions. Master’s thesis, Upper Austria University of Applied Sciences, Hagenberg Campus (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Hasini Gunasinghe
    • 1
  • Elisa Bertino
    • 1
  1. 1.Purdue UniversityWest LafayetteUSA

Personalised recommendations