A New Approach for Biometric Template Storage and Remote Authentication

  • Neyire Deniz Sarier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5558)


In this paper, we propose a new remote biometric based authentication scheme, which is designed for distributed systems with a central database for the storage of the biometric data. For our scheme, we consider the recently introduced security notions of Identity and Transaction privacy and present a different storage mechanism for biometrics resulting in a reduced database storage cost. Besides, the components of the system do not need to store any biometric template in cleartext or in encrypted form, which affects the social acceptance of the system positively. Finally, we compare our results with existing schemes satisfying the current security notions and achieve improved computational complexity.


Remote authentication Biometric template security Identity privacy Distributed systems 


  1. 1.
    Bringer, J., Chabanne, H., Izabachène, M., Pointcheval, D., Tang, Q., Zimmer, S.: An application of the goldwasser-micali cryptosystem to biometric authentication. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 96–106. Springer, Heidelberg (2007)Google Scholar
  2. 2.
    Bringer, J., Chabanne, H., Pointcheval, D., Tang, Q.: Extended private information retrieval and its application in biometrics authentications. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds.) CANS 2007. LNCS, vol. 4856, pp. 175–193. Springer, Heidelberg (2007)Google Scholar
  3. 3.
    Bringer, J., Chabanne, H.: An authentication protocol with encrypted biometric data. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 109–124. Springer, Heidelberg (2008)Google Scholar
  4. 4.
    Tang, Q., Bringer, J., Chabanne, H., Pointcheval, D.: A formal study of the privacy concerns in biometric-based remote authentication schemes. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 56–70. Springer, Heidelberg (2008)Google Scholar
  5. 5.
    Barbosa, M., Brouard, T., Cauchie, S., de Sousa, S.M.: Secure biometric authentication with improved accuracy. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 21–36. Springer, Heidelberg (2008)Google Scholar
  6. 6.
    Schoenmakers, B., Tuyls, P.: Efficient binary conversion for paillier encrypted values. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 522–537. Springer, Heidelberg (2006)Google Scholar
  7. 7.
    Atallah, M.J., Frikken, K.B., Goodrich, M.T., Tamassia, R.: Secure biometric authentication for weak computational devices. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 357–371. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Yoon, E.J., Yoo, K.Y.: A secure chaotic hash-based biometric remote user authentication scheme using mobile devices. In: Chang, K.C.-C., Wang, W., Chen, L., Ellis, C.A., Hsu, C.-H., Tsoi, A.C., Wang, H. (eds.) APWeb/WAIM 2007. LNCS, vol. 4537, pp. 612–623. Springer, Heidelberg (2007)Google Scholar
  9. 9.
    Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)Google Scholar
  10. 10.
    Crescenzo, G.D., Graveman, R.F., Ge, R., Arce, G.R.: Approximate message authentication and biometric entity authentication. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 240–254. Springer, Heidelberg (2005)Google Scholar
  11. 11.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Cryptography 38(2), 237–257 (2006)Google Scholar
  13. 13.
    Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: ACM Conference on Computer and Communications Security, pp. 28–36. ACM, New York (1999)Google Scholar
  14. 14.
    Tuyls, P., Goseling, J.: Capacity and examples of template-protecting biometric authentication systems. In: Maltoni, D., Jain, A.K. (eds.) BioAW 2004. LNCS, vol. 3087, pp. 158–170. Springer, Heidelberg (2004)Google Scholar
  15. 15.
    Uludag, U., Pankanti, S., Jain, A.K.: Fuzzy vault for fingerprints. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 310–319. Springer, Heidelberg (2005)Google Scholar
  16. 16.
    Uludag, U., Jain, A.: Securing fingerprint template: Fuzzy vault with helper data. In: Computer Vision and Pattern Recognition Workshop. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  17. 17.
    Mihailescu, P.: The fuzzy vault for fingerprints is vulnerable to brute force attack. CoRR abs/0708.2974 (2007)Google Scholar
  18. 18.
    Itakura, Y., Tsujii, S.: Proposal on a multifactor biometric authentication method based on cryptosystem keys containing biometric signatures. Int. J. Inf. Sec. 4(4), 288–296 (2005)Google Scholar
  19. 19.
    Salaiwarakul, A., Ryan, M.D.: Verification of integrity and secrecy properties of a biometric authentication protocol. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 1–13. Springer, Heidelberg (2008)Google Scholar
  20. 20.
    Park, B., Moon, D., Chung, Y., Park, J.W.: Impact of embedding scenarios on the smart card-based fingerprint verification. In: Lee, J.K., Yi, O., Yung, M. (eds.) WISA 2006. LNCS, vol. 4298, pp. 110–120. Springer, Heidelberg (2007)Google Scholar
  21. 21.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)Google Scholar
  22. 22.
    Boneh, D., Gentry, C., Hamburg, M.: Space-efficient identity based encryptionwithout pairings. In: FOCS 2007: Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science, pp. 647–657. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  23. 23.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)Google Scholar
  24. 24.
    Baek, J., Susilo, W., Zhou, J.: New constructions of fuzzy identity-based encryption. In: ASIACCS 2007, pp. 368–370. ACM, New York (2007)Google Scholar
  25. 25.
    Gentry, C., Ramzan, Z.: Single-database private information retrieval with constant communication rate. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 803–815. Springer, Heidelberg (2005)Google Scholar
  26. 26.
    Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 268–286. Springer, Heidelberg (2004)Google Scholar
  27. 27.
    Pan, J., Cai, L., Shen, X.: Promoting Identity-Based Key Management in Wireless Ad Hoc Networks. In: Xiao, Y., Shen, X., Du, D. (eds.) Wireless/Mobile Network Security - Signals and Communication Technology, pp. 83–102. Springer, Heidelberg (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Neyire Deniz Sarier
    • 1
  1. 1.Bonn-Aachen International Center for Information TechnologyComputer Security GroupBonnGermany

Personalised recommendations