Efficient Verifiable Computation of XOR for Biometric Authentication

  • Aysajan Abidin
  • Abdelrahaman Aly
  • Enrique Argones Rúa
  • Aikaterini Mitrokotsa
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10052)

Abstract

This work addresses the security and privacy issues in remote biometric authentication by proposing an efficient mechanism to verify the correctness of the outsourced computation in such protocols. In particular, we propose an efficient verifiable computation of XORing encrypted messages using an XOR linear message authentication code (MAC) and we employ the proposed scheme to build a biometric authentication protocol. The proposed authentication protocol is both secure and privacy-preserving against malicious (as opposed to honest-but-curious) adversaries. Specifically, the use of the verifiable computation scheme together with an homomorphic encryption protects the privacy of biometric templates against malicious adversaries. Furthermore, in order to achieve unlinkability of authentication attempts, while keeping a low communication overhead, we show how to apply Oblivious RAM and biohashing to our protocol. We also provide a proof of security for the proposed solution. Our simulation results show that the proposed authentication protocol is efficient.

Keywords

Verifiable computation Universal hash functions Homomorphic encryption Biometric authentication Template privacy and security 

References

  1. 1.
    Costello, C., Fournet, C., Howell, J., Kohlweiss, M., Kreuter, B., Naehrig, M., Parno, B., Zahur, S.: Geppetto: Versatile verifiable computation. In: IEEE S&P. IEEE, pp. 253–270 (2015)Google Scholar
  2. 2.
    Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: outsourcing computation to untrusted workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465–482. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14623-7_25 CrossRefGoogle Scholar
  3. 3.
    Zhang, L.F., Safavi-Naini, R.: Batch verifiable computation of outsourced functions. In: Designs, Codes and Cryptography, pp. 1–23 (2015)Google Scholar
  4. 4.
    IIriTech. Inc.: Irisecureid: Cloud-based iris recognition solution (2016). http://www.iritech.com/products/solutions/cloud-based-iris-recognition-solution-0. Accessed 18 May 2016
  5. 5.
    Simoens, K., Bringer, J., Chabanne, H., Seys, S.: A framework for analyzing template security and privacy in biometric authentication systems. IEEE Trans. Inf. Forensics Secur. 7(2), 833–841 (2012)CrossRefGoogle Scholar
  6. 6.
    Yasuda, M., Shimoyama, T., Kogure, J., Yokoyama, K., Koshiba, T.: Packed homomorphic encryption based on ideal lattices and its application to biometrics. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013. LNCS, vol. 8128, pp. 55–74. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40588-4_5 CrossRefGoogle Scholar
  7. 7.
    Yasuda, M., Shimoyama, T., Kogure, J., Yokoyama, K., Koshiba, T.: Practical packing method in somewhat homomorphic encryption. In: Garcia-Alfaro, J., Lioudakis, G., Cuppens-Boulahia, N., Foley, S., Fitzgerald, W.M. (eds.) DPM/SETOP -2013. LNCS, vol. 8247, pp. 34–50. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54568-9_3 CrossRefGoogle Scholar
  8. 8.
    Bringer, J., Chabanne, H., Izabachène, M., Pointcheval, D., Tang, Q., Zimmer, S.: An application of the Goldwasser-Micali cryptosystem to biometric authentication. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 96–106. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73458-1_8 CrossRefGoogle Scholar
  9. 9.
    Abidin, A., Mitrokotsa, A.: Security aspects of privacy-preserving biometric authentication based on ideal lattices and ring-lwe. In: Proceedings of the IEEE Workshop on Information Forensics and Security, pp. 1653–1658 (2014)Google Scholar
  10. 10.
    Abidin, A., Pagnin, E., Mitrokotsa, A.: Attacks on privacy-preserving biometric authentication. In: Proceedings of the 19th Nordic Conference on Secure IT Systems (NordSec 2014), pp. 293–294. Tromso, Norway (2014)Google Scholar
  11. 11.
    Abidin, A., Matsuura, K., Mitrokotsa, A.: Security of a privacy-preserving biometric authentication protocol revisited. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 290–304. Springer, Heidelberg (2014). doi:10.1007/978-3-319-12280-9_19 Google Scholar
  12. 12.
    Van Dijk, M., Juels, A.: On the impossibility of cryptography alone for privacy-preserving cloud computing. In: Proceedings of the 5th USENIX Conference on Hot Topics in Security, HotSec 2010, pp. 1–8. USENIX Association (2010)Google Scholar
  13. 13.
    Yao, A.C.C.: How to generate and exchange secrets. In: 27th Annual Symposium on Foundations of Computer Science, pp. 162–167. IEEE (1986)Google Scholar
  14. 14.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). doi:10.1007/3-540-48910-X_16 Google Scholar
  15. 15.
    Goldwasser, S., Micali, S.: Probabilistic encryption & how to play mental poker keeping secret all partial information. In: Proceedings of the Fourteenth Annual ACM Symposium on Theory of Computing, STOC 1982, pp. 365–377. ACM (1982)Google Scholar
  16. 16.
    Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM 45(6), 965–981 (1998)MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Ostrovsky, R., Skeith, W.E.: A survey of single-database private information retrieval: techniques and applications. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 393–411. Springer, Heidelberg (2007). doi:10.1007/978-3-540-71677-8_26 CrossRefGoogle Scholar
  18. 18.
    Barbosa, M., Brouard, T., Cauchie, S., Sousa, S.M.: Secure biometric authentication with improved accuracy. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 21–36. Springer, Heidelberg (2008). doi:10.1007/978-3-540-70500-0_3 CrossRefGoogle Scholar
  19. 19.
    Stoianov, A.: Security issues of biometric encryption. In: Proceedings of the 2009 IEEE Toronto International Conference on Science and Technology for Humanity (TIC- STH), pp. 34–39, September 2009Google Scholar
  20. 20.
    Damgård, I., Geisler, M., Krøigaard, M.: Efficient and secure comparison for on-line auctions. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 416–430. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73458-1_30 CrossRefGoogle Scholar
  21. 21.
    Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., Toft, T.: Privacy-preserving face recognitiond. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 235–253. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03168-7_14 CrossRefGoogle Scholar
  22. 22.
    Sadeghi, A.-R., Schneider, T., Wehrenberg, I.: Efficient privacy-preserving face recognition. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 229–244. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14423-3_16 CrossRefGoogle Scholar
  23. 23.
    Huang, Y., Malka, L., Evans, D., Katz, J.: Efficient privacy-preserving biometric identification. In: NDSS (2011)Google Scholar
  24. 24.
    Bringer, J., Chabanne, H., Patey, A.: SHADE: secure hamming distance computation from oblivious transfer. In: Financial Cryptography Workshops, pp. 164–176 (2013)Google Scholar
  25. 25.
    Bringer, J., Chabanne, H., Favre, M., Patey, A., Schneider, T., Zohner, M.: GSHADE: faster privacy-preserving distance computation and biometric identification. In: Proceedings of the 2nd ACM Workshop on Information Hiding and Multimedia Security, pp. 187–198. ACM (2014)Google Scholar
  26. 26.
    Osadchy, M., Pinkas, B., Jarrous, A., Moskovich, B.: SCiFI - a system for secure face identification. In: IEEE S&P 2010, pp. 239–254, May 2010Google Scholar
  27. 27.
    Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18, 143–154 (1979)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Stinson, D.R.: Universal hashing and authentication codes. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 74–85. Springer, Heidelberg (1992). doi:10.1007/3-540-46766-1_5 Google Scholar
  29. 29.
    Abidin, A., Larsson, J.Å.: New universal hash functions. In: Armknecht, F., Lucks, S. (eds.) WEWoRC 2011. LNCS, vol. 7242, pp. 99–108. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34159-5_7 CrossRefGoogle Scholar
  30. 30.
    Krawczyk, H.: LFSR-based hashing and authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129–139. Springer, Heidelberg (1994). doi:10.1007/3-540-48658-5_15 Google Scholar
  31. 31.
    Pagnin, E., Dimitrakakis, C., Abidin, A., Mitrokotsa, A.: On the leakage of information in biometric authentication. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 265–280. Springer, Heidelberg (2014). doi:10.1007/978-3-319-13039-2_16 Google Scholar
  32. 32.
    Nevelsteen, W., Preneel, B.: Software performance of universal hash functions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 24–41. Springer, Heidelberg (1999). doi:10.1007/3-540-48910-X_3 Google Scholar
  33. 33.
    Walfish, M., Blumberg, A.J.: Verifying computations without reexecuting them. Commun. ACM 58(2), 74–84 (2015)CrossRefGoogle Scholar
  34. 34.
    Shoup, V.: NTL: A library for doing number theory (2016). http://www.shoup.net/ntl/. Accessed 26 Feb 2016
  35. 35.
    GMP: The GNU Multiple Precision Arithmetic Library (2016). https://gmplib.org/. Accessed 26 Feb 2016
  36. 36.
    Daugman, J.: How iris recognition works. In: ICIP (1), pp. 33–36 (2002)Google Scholar
  37. 37.
    Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM 43(3), 431–473 (1996)MathSciNetCrossRefMATHGoogle Scholar
  38. 38.
    Faber, S., Jarecki, S., Kentros, S., Wei, B.: Three-party ORAM for secure computation. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 360–385. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48797-6_16 CrossRefGoogle Scholar
  39. 39.
    Bringer, J., Chabanne, H., Patey, A.: Practical identification with encrypted biometric data using oblivious RAM. In: ICB 2013, pp. 1–8 (2013)Google Scholar
  40. 40.
    Karvelas, N., Peter, A., Katzenbeisser, S., Tews, E., Hamacher, K.: Privacy-preserving whole genome sequence processing through proxy-aided ORAM. In: WPES 2014, pp. 1–10. ACM (2014)Google Scholar
  41. 41.
    Keller, M., Scholl, P.: Efficient, oblivious data structures for MPC. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 506–525. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45608-8_27 Google Scholar
  42. 42.
    Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_38 CrossRefGoogle Scholar
  43. 43.
    Teoh, A.B.J., Yuang, C.T.: Cancelable biometrics realization with multispace random projections. IEEE Trans. Syst. Man Cybern. Part B (Cybern.) 37(5), 1096–1106 (2007)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Aysajan Abidin
    • 1
  • Abdelrahaman Aly
    • 1
  • Enrique Argones Rúa
    • 1
  • Aikaterini Mitrokotsa
    • 2
  1. 1.ESAT/COSIC, KU Leuven and iMindsLeuvenBelgium
  2. 2.Chalmers University of TechnologyGothenburgSweden

Personalised recommendations