Blind Authentication: A Secure Crypto- Biometric Verification Protocol
Concerns about the widespread use of biometric authentication systems are primarily centered around template security, revocability, and privacy. The use of cryptographic primitives to bolster the authentication process can alleviate some of these concerns as shown by biometric cryptosystems. In this paper, we propose a provably secure and blind biometric authentication protocol, which addresses the concerns of user’s privacy, template protection, and trust issues. The protocol is blind in the sense that it reveals only the identity and no additional information about the user or the biometric to the authenticating server or vice-versa. As the protocol is based on asymmetric encryption of the biometric data, it captures the advantages of biometric authentication as well as the security of public key cryptography. The authentication protocol can run over public networks and provide nonrepudiable identity verification. The encryption also provides template protection, the ability to revoke enrolled templates, and alleviates the concerns on privacy in the widespread use of biometrics. The proposed approach makes no restrictive assumptions on the biometric data and is hence applicable to multiple biometrics. Such a protocol has significant advantages over existing biometric cryptosystems, which use a biometric to secure a secret key, which in turn is used for authentication. We analyze the security of the protocol under various attack scenarios. Experimental results on four biometric datasets (face, iris, hand geometry, and fingerprint) show that carrying out the authentication in the encrypted domain does not affect the accuracy, while the encryption key acts as an additional layer of security
The hardware used for the development of the project is:
PROCESSOR: PENTIUM III 766 MHz
RAM: 128 MD SD RAM
MONITOR: 15” COLOR
HARD DISK: 20 GB
FLOPPY DRIVE: 1.44 MB
CD DRIVE: LG 52X
KEYBOARD: STANDARD 102 KEYS
MOUSE : 3 BUTTONS
The software used for the development of the project is:
OPERATING SYSTEM: Windows XP Professional
ENVIRONMENT: Visual Studio .NET 2008
.NET FRAMEWORK: Version 3.5
BACK END: SQL SERVER 2005
The previous work in the area of encryption-based security of biometric templates tends to model the problem as that of building a classification system that separates the genuine and impostor samples in the encrypted domain. However, a strong encryption mechanism destroys any pattern in the data, which adversely affects the accuracy of verification. Hence, any such matching mechanism necessarily makes a compromise between template security (strong encryption) and accuracy (retaining patterns in the data). The primary difference in our approach is that we are able to design the classifier in the plain feature space, which allows us to maintain the performance of the biometric itself while carrying out the authentication on data with strong encryption, which provides high security/ privacy. Over the years a number of attempts have been made to address the problem of template protection and privacy concerns and despite all efforts, puts it, “a template protection scheme with provable security and acceptable recognition performance has thus far remained elusive”. In this section, we will look at the existing work in light of this security-accuracy dilemma, and understand how this can be overcome by communication between the authenticating server and the client. Detailed reviews of the work on template protection can be found.
A disadvantage of the existing system:
1. The first class of feature transformation approaches known as Salting offers security using a transformation function seeded by a user-specific key. The strength of the approach lies in the strength of the key. A classifier is then designed in the encrypted feature space. Although the standard cryptographic encryption such as AES or RSA offers secure transformation functions.
2. The second category of approaches identified as noninvertible transform applies a trait specific noninvertible function on the biometric template so as to secure it. The parameters of the transformation function are defined by a key which must be available at the time of authentication to transform the query feature set.
3. The third and fourth classes are both variations of Biometric cryptosystems. They try to integrate the advantages of both biometrics and cryptography to enhance the overall security and privacy of an authentication system. Such systems are primarily aimed at using the biometric as a protection for a secret key (keybinding approach or use the biometric data to directly generate a secret key (key generation approach. The authentication is done using the key, which is unlocked/generated by the biometric.
Blind authentication is able to achieve both strong encryption-based security as well as the accuracy of a powerful classifier such as support vector machines (SVMs) and neural networks. While the proposed approach has similarities to the blind vision scheme for image retrieval, it is far more efficient for the verification task. Blind Authentication addresses all the concerns mentioned
1) The ability to use strong encryption addresses template protection issues as well as privacy concerns.
2) Non-repudiable authentication can be carried out even between trusting client and server using a trusted third party solution.
3) It provides provable protection against replay and client-side attacks even if the keys of the user are compromised.
4) As the enrolled templates are encrypted using a key, one can replace any compromised template, providing revocability, while allaying concerns of being tracked.
The framework is generic in the sense that it can classify any feature vector, making it applicable to multiple biometrics. Moreover, as the authentication process requires someone to send an encrypted version of the biometric, the nonrefundable nature of the authentication is fully preserved, assuming that spoof attacks are prevented. The proposed approach does not fall into any of the categories. This work opens a new direction of research to look at privacy preserving biometric authentication.
Download: Blind Authentication