A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes

  • Qiang Tang
  • Julien Bringer
  • Hervé Chabanne
  • David Pointcheval
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4991)


With their increasing popularity in cryptosystems, biometrics have attracted more and more attention from the information security community. However, how to handle the relevant privacy concerns remains to be troublesome. In this paper, we propose a novel security model to formalize the privacy concerns in biometric-based remote authentication schemes. Our security model covers a number of practical privacy concerns such as identity privacy and transaction anonymity, which have not been formally considered in the literature. In addition, we propose a general biometric-based remote authentication scheme and prove its security in our security model.


Service Provider Authentication Scheme Privacy Concern Human User Security Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Atallah, M.J., Frikken, K.B., Goodrich, M.T., Tamassia, R.: Secure biometric authentication for weak computational devices. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 357–371. Springer, Heidelberg (2005)Google Scholar
  2. 2.
    Bolle, R.M., Connell, J.H., Ratha, N.K.: Biometric perils and patches. Pattern Recognition 35(12), 2727–2738 (2002)MATHCrossRefGoogle Scholar
  3. 3.
    Boyen, X.: Reusable cryptographic fuzzy extractors. In: Atluri, V., Pfitzmann, B., McDaniel, P.D. (eds.) CCS 2004: Proceedings of the 11th ACM conference on Computer and communications security, pp. 82–91. ACM Press, New York (2004)CrossRefGoogle Scholar
  4. 4.
    Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Bringer, J., Chabanne, H., Izabachène, M., Pointcheval, D., Tang, Q., Zimmer, S.: An application of the Goldwasser-Micali cryptosystem to biometric authentication. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 96–106. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Bringer, J., Chabanne, H., Pointcheval, D., Tang, Q.: Extended private information retrieval and its application in biometrics authentications. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds.) CANS 2007. LNCS, vol. 4856, Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM 45(6), 965–981 (1998)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Crescenzo, G.D., Graveman, R., Ge, R., Arce, G.: Approximate message authentication and biometric entity authentication. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 240–254. Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Crescenzo, G.D., Malkin, T., Ostrovsky, R.: Single database private information retrieval implies oblivious transfer. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 122–138. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Dodis, Y., Katz, J., Reyzin, L., Smith, A.: Robust fuzzy extractors and authenticated key agreement from close secrets. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 232–250. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Du, W., Atallah, M.J.: Secure multi-party computation problems and their applications: a review and open problems. In: NSPW 2001: Proceedings of the 2001 workshop on New security paradigms, pp. 13–22. ACM Press, New York (2001)CrossRefGoogle Scholar
  13. 13.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  14. 14.
    Gentry, C., Ramzan, Z.: Single-database private information retrieval with constant communication rate. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 803–815. Springer, Heidelberg (2005)Google Scholar
  15. 15.
    Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. In: Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing, pp. 151–160 (1998)Google Scholar
  16. 16.
    Hao, F., Anderson, R., Daugman, J.: Combining crypto with biometrics effectively. IEEE Transactions on Computers 55(9), 1081–1088 (2006)CrossRefGoogle Scholar
  17. 17.
    Woodward Jr., J.D., Orlans, N.M., Higgins, P.T.: Biometrics (Paperback). McGraw-Hill/OsborneMedia (2002)Google Scholar
  18. 18.
    Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Cryptography 38(2), 237–257 (2006)CrossRefMathSciNetMATHGoogle Scholar
  19. 19.
    Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: ACM Conference on Computer and Communications Security, pp. 28–36 (1999)Google Scholar
  20. 20.
    Linnartz, J.M.G., Tuyls, P.: New shielding functions to enhance privacy and prevent misuse of biometric templates. In: Kittler, J., Nixon, M.S. (eds.) AVBPA 2003. LNCS, vol. 2688, pp. 393–402. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Maltoni, D., Maio, D., Jain, A.K., Prabhakar, S.: Handbook of Fingerprint Recognition. Springer, Heidelberg (2003)MATHGoogle Scholar
  22. 22.
    Pashalidis, A., Mitchell, C.J.: A taxonomy of single sign-on systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 249–264. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Ratha, N., Connell, J., Bolle, R.M., Chikkerur, S.: Cancelable biometrics: A case study in fingerprints. In: ICPR 2006: Proceedings of the 18th International Conference on Pattern Recognition, pp. 370–373. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  24. 24.
    Ratha, N.K., Connell, J.H., Bolle, R.M.: Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 40(3), 614–634 (2001)CrossRefGoogle Scholar
  25. 25.
    Safavi-Naini, R., Tonien, D.: Fuzzy universal hashing and approximate authentication. Cryptology ePrint Archive: Report 2005/256 (2005)Google Scholar
  26. 26.
    Schneier, B.: Inside risks: the uses and abuses of biometrics. Commun. ACM 42(8), 136 (1999)CrossRefGoogle Scholar
  27. 27.
    Schoenmakers, B., Tuyls, P.: Efficient binary conversion for paillier encrypted values. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 522–537. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  28. 28.
    Tuyls, P., Akkermans, A.H.M., Kevenaar, T.A.M., Schrijen, G.J., Bazen, A.M., Veldhuis, R.N.J.: Practical biometric authentication with template protection. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 436–446. Springer, Heidelberg (2005)Google Scholar
  29. 29.
    Tuyls, P., Goseling, J.: Capacity and examples of template-protecting biometric authentication systems. In: ECCV Workshop BioAW, pp. 158–170 (2004)Google Scholar
  30. 30.
    Tuyls, P., Skoric, B., Kevenaar, T.: Security with Noisy Data. Springer, London (2008)MATHGoogle Scholar
  31. 31.
    Tuyls, P., Verbitskiy, E., Goseling, J., Denteneer, D.: Privacy protecting biometric authentication systems: an overview. In: EUSIPCO 2004 (2004)Google Scholar
  32. 32.
    Uludag, U., Pankanti, S., Prabhakar, S., Jain, A.K.: Biometric cryptosystems: Issues and challenges. In: Proceedings of the IEEE, vol. 92(6), pp. 948–960 (2004)Google Scholar
  33. 33.
    Verbitskiy, E., Tuyls, P., Denteneer, D., Linnartz, J.P.: Reliable biometric authentication with privacy protection. In: SPIE Biometric Technology for Human Identification Conf. (2004)Google Scholar
  34. 34.
    Atallah, M.J., Du., W.: Protocols for secure remote database access with approximate matching. Technical report, CERIAS, Purdue University. CERIAS TR 2000-15 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Qiang Tang
    • 1
  • Julien Bringer
    • 2
  • Hervé Chabanne
    • 2
  • David Pointcheval
    • 3
  1. 1.DIES, EWIUniversity of Twentethe Netherlands
  2. 2.Sagem Sécurité 
  3. 3.Departement d’Informatique, École Normale SupérieureParis Cedex 05France

Personalised recommendations