Cryptographically-Secure and Efficient Remote Cancelable Biometrics Based on Public-Key Homomorphic Encryption

  • Takato Hirano
  • Mitsuhiro Hattori
  • Takashi Ito
  • Nori Matsuda
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8231)


Cancelable biometrics is known as a template protection approach, and concrete protocols with high accuracy and efficiency have been proposed. Nevertheless, most known protocols, including the Hattori et al. protocol (Journal of Information Processing, 2012), pay little attention to security against the replay attack, which leads to severe authenticity violation in the remote authentication setting. In this paper, we revisit the Hattori et al. protocol based on the Boneh-Goh-Nissim encryption scheme, and propose a secure variant while keeping user-friendliness of the original protocol. Our protocol uses the revocation method of the original protocol in a proactive manner, i.e., in our protocol, the public key assigned to a user is randomly re-generated in every authentication process. We define a general and formal security game that covers the replay attack and considers fuzziness of biometric feature extraction, and show that our protocol is secure in that model. The computation and communication costs of our protocol are more efficient than those of similar protocols.


Cancelable biometrics remote authentication replay security game for biometrics homomorphic encryption 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Blanton, M., Gasti, P.: Secure and efficient protocols for iris and fingerprint identification. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 190–209. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Bringer, J., Chabanne, H.: An authentication protocol with encrypted biometric data. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 109–124. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.2. RFC 5246 (2008)Google Scholar
  6. 6.
    Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., Toft, T.: Privacy-preserving face recognition. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 235–253. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Hattori, M., Shibata, Y., Ito, T., Matsuda, N., Takashima, K., Yoneda, T.: Provably-secure cancelable biometrics using 2-DNF evaluation. Journal of Information Processing 20(2), 496–507 (2012)CrossRefGoogle Scholar
  8. 8.
    Hirano, T., Hattori, M., Ito, T., Matsuda, N., Mori, T.: Homomorphic encryption based cancelable biometrics secure against replay and its related attack. In: ISITA 2012, pp. 421–425 (2012)Google Scholar
  9. 9.
    Jain, A.K., Nandakumar, K., Nagar, A.: Biometric template security. EURASIP Journal on Advances in Signal Processing 2008, 1–17 (2008)CrossRefGoogle Scholar
  10. 10.
    Juels, A., Sudan, M.: A fuzzy vault scheme. Designs, Codes and Cryptography 38(2), 237–257 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: ACM CCS 1999, pp. 28–36 (1999)Google Scholar
  12. 12.
    Kikuchi, H., Nagai, K., Ogata, W., Nishigaki, M.: Privacy-preserving similarity evaluation and application to remote biometrics authentication. Soft Computing 14(5), 529–536 (2010)CrossRefGoogle Scholar
  13. 13.
    Nishigaki, M., Watanabe, Y., Oda, M., Yoneyama, Y., Yamamoto, T., Takahashi, K., Ogata, W., Kikuchi, H.: Template-protecting biometrics authentication using oblivious evaluation of feature value function with fuzzy polynomial. IPSJ Journal 53(9), 2254–2266 (2012) (in Japanese)Google Scholar
  14. 14.
    Okamoto, T., Takashima, K.: Homomorphic encryption and signatures from vector decomposition. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 57–74. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Ratha, N.K., Connell, J.H., Bolle, R.M.: Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 40(3), 614–634 (2001)CrossRefGoogle Scholar
  16. 16.
    Sakashita, T., Shibata, Y., Yamamoto, T., Takahashi, K., Ogata, W., Kikuchi, H., Nishigaki, M.: A proposal of efficient remote biometric authentication protocol. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 212–227. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Takahashi, K., Hirata, S.: Cancelable biometrics with provable security and its application to fingerprint verification. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E94-A(1), 233–244 (2011)CrossRefGoogle Scholar
  18. 18.
    Takahashi, K., Naganuma, K.: Unconditionally provably secure cancellable biometrics based on a quotient polynomial ring. IET Biometrics 1(1), 63–71 (2012)CrossRefGoogle Scholar
  19. 19.
    Upmanyu, M., Namboodiri, A.M., Srinathan, K., Jawahar, C.V.: Blind authentication: A secure crypto-biometric verification protocol. IEEE Transactions on Information Forensics and Security 5(2), 255–268 (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Takato Hirano
    • 1
  • Mitsuhiro Hattori
    • 1
  • Takashi Ito
    • 1
  • Nori Matsuda
    • 1
  1. 1.Information Technology R&D CenterMitsubishi Electric CorporationJapan

Personalised recommendations