Security of a Privacy-Preserving Biometric Authentication Protocol Revisited

  • Aysajan Abidin
  • Kanta Matsuura
  • Aikaterini Mitrokotsa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8813)


Biometric authentication establishes the identity of an individual based on biometric templates (e.g. fingerprints, retina scans etc.). Although biometric authentication has important advantages and many applications, it also raises serious security and privacy concerns. Here, we investigate a biometric authentication protocol that has been proposed by Bringer et al. and adopts a distributed architecture (i.e. multiple entities are involved in the authentication process). This protocol was proven to be secure and privacy-preserving in the honest-but-curious (or passive) attack model. We present an attack algorithm that can be employed to mount a number of attacks on the protocol under investigation. We then propose an improved version of the Bringer et al. protocol that is secure in the malicious (or active) insider attack model and has forward security.


Biometrics privacy-preserving biometric authentication homomorphic encryption active attack forward security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bringer, J., Chabanne, H., Izabachène, M., Pointcheval, D., Tang, Q., Zimmer, S.: An application of the Goldwasser-Micali cryptosystem to biometric authentication. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 96–106. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Ouafi, K., Vaudenay, S.: Strong Privacy for RFID Systems from Plaintext-Aware Encryption. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 247–262. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  3. 3.
    Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Hermans, J., Pashalidis, A., Vercauteren, F., Preneel, B.: A new RFID privacy model. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 568–587. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Gilbert, H., Robshaw, M.J.B., Sibert, H.: Active attack against HB+: a provably secure lightweight authentication protocol. Electronic Letters 41, 1169–1170 (2005)CrossRefGoogle Scholar
  7. 7.
    Penrose, L.: Dermatoglyphic topology. Nature 205, 544–546 (1965)CrossRefGoogle Scholar
  8. 8.
    Bolling, J.: A window to your health. Jacksonville Medicine, Special Issue: Retinal Diseases 51 (2000)Google Scholar
  9. 9.
    Rivest, R.L., Adleman, L., Dertouzos, M.L.: On data banks and privacy homomorphisms. In: Foundations of Secure Computation, pp. 165–179. Academic Press (1978)Google Scholar
  10. 10.
    Rabin, M.O.: How to exchange secrets with oblivious transfer. Technical Report TR-81, Aiken Computation Lab, Harvard University (1981)Google Scholar
  11. 11.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Goldwasser, S., Micali, S.: Probabilistic encryption & how to play mental poker keeping secret all partial information. In: Proceedings of ACM Symposium on Theory of Computing, STOC 1982, pp. 365–377 (1982)Google Scholar
  13. 13.
    Barbosa, M., Brouard, T., Cauchie, S., de Sousa, S.M.: Secure Biometric Authentication with Improved Accuracy. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 21–36. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Simoens, K., Bringer, J., Chabanne, H., Seys, S.: A framework for analyzing template security and privacy in biometric authentication systems. IEEE Transactions on Information Forensics and Security 7(2), 833–841 (2012)CrossRefGoogle Scholar
  15. 15.
    Bringer, J., Chabanne, H.: An authentication protocol with encrypted biometric data. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 109–124. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Lipmaa, H.: An oblivious transfer protocol with log-squared communication. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 314–328. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Stoianov, A.: Cryptographically secure biometrics. In: SPIE 7667, Biometric Technology for Human Identification VII 76670C, pp. 76670C–76670C–12 (2010)Google Scholar
  18. 18.
    Blum, M., Goldwasser, S.: An probabilistic public key encryption scheme which hides all partial information. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 289–299. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  19. 19.
    Menezes, A., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1996)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Aysajan Abidin
    • 1
  • Kanta Matsuura
    • 2
  • Aikaterini Mitrokotsa
    • 1
  1. 1.Chalmers University of TechnologyGothenburgSweden
  2. 2.University of TokyoJapan

Personalised recommendations