Inference-Based Similarity Search in Randomized Montgomery Domains for Privacy-Preserving Biometric Identification

Abstract: Similarity search is essential to many important applications and often involves searching at scale on high-dimensional data based on their similarity to a query. In biometric applications, recent vulnerability studies have shown that adversarial machine learning can compromise biometric recognition systems by exploiting the biometric similarity information. Existing methods for biometric privacy protection are in general based on pairwise matching of secured biometric templates and have inherent limitations i… Show more

“…Zhou and Ren presented a threshold predicate encryption protocol for only revealing the matched result without exposing the biometric data [14]. Wang et al [24] also examined privacy-malicious threats related to the exposure of biometrics databases by using adversarial machine learning techniques. However, due to the storage of encrypted biometrics in repository [14], [24], the leakage concerns for the biometric data still exist with those approaches.…”

“…PUFs are designed with random disparities in Integrated Circuits (ICs) while manufactured. Each PUF is designed with unique physical signature which can neither be cloned nor rebuilt, One of the pioneer schemes supporting fingerprint-based authentication with the help of smart card and Elgamal cryptosystem Forged identity problems 2002 [22] Improved three-factor biometric authentication with the Elgamal cryptosystem Password modification and masquerading attacks 2004 [12] A three-factor biometric authentication scheme based on discrete logarithm problem Exposed to impersonation, replay, and temporary information attacks 2014 [23] A three-factor biometric authentication scheme based on modular exponentiation cryptographic operations Stolen device and Man-in-the-middle attack 2017 [24] Examined privacy threats related to the exposure of biometrics by using adversarial machine learning techniques The privacy leakage concerns still persist due to storage of encrypted biometrics. 2017 [25] PUF-based two-factor authentication scheme with the combination of biometrics De-synchronization attack, and unable to provide equivalent three-factor security 2018 [14] A secure Threshold Predicate Encryption protocol for encrypting the biometrics Costly exponentiation operations 2018 [13] Privacy preserving scheme for smart home user Unable to provide equivalent three-factor privacy to the user 2019 [26] Client-server three-factor authentication scheme employing elliptic curve cryptography operations De-synchronization attack, Anonymity, and server impersonation attack 2018 [27] Improved client-server three-factor authentication scheme employing public-key cryptography De-synchronization attack, costly crypto-primitives 2019 [7] PUF-based Wireless Sensor Network oriented scheme Denial of Service (DoS) threat due to direct use of PUF without removing its noise 2019 [20] Fuzzy extractor-based biometric symmetric authentication protocol for client server environment Man in the middle attack, DoS attack 2020 similar to human biometric features.…”

Fuzzy-in-the-Loop-Driven Low-Cost and Secure Biometric User Access to Server

“…Zhou and Ren presented a threshold predicate encryption protocol for only revealing the matched result without exposing the biometric data [14]. Wang et al [24] also examined privacy-malicious threats related to the exposure of biometrics databases by using adversarial machine learning techniques. However, due to the storage of encrypted biometrics in repository [14], [24], the leakage concerns for the biometric data still exist with those approaches.…”

“…PUFs are designed with random disparities in Integrated Circuits (ICs) while manufactured. Each PUF is designed with unique physical signature which can neither be cloned nor rebuilt, One of the pioneer schemes supporting fingerprint-based authentication with the help of smart card and Elgamal cryptosystem Forged identity problems 2002 [22] Improved three-factor biometric authentication with the Elgamal cryptosystem Password modification and masquerading attacks 2004 [12] A three-factor biometric authentication scheme based on discrete logarithm problem Exposed to impersonation, replay, and temporary information attacks 2014 [23] A three-factor biometric authentication scheme based on modular exponentiation cryptographic operations Stolen device and Man-in-the-middle attack 2017 [24] Examined privacy threats related to the exposure of biometrics by using adversarial machine learning techniques The privacy leakage concerns still persist due to storage of encrypted biometrics. 2017 [25] PUF-based two-factor authentication scheme with the combination of biometrics De-synchronization attack, and unable to provide equivalent three-factor security 2018 [14] A secure Threshold Predicate Encryption protocol for encrypting the biometrics Costly exponentiation operations 2018 [13] Privacy preserving scheme for smart home user Unable to provide equivalent three-factor privacy to the user 2019 [26] Client-server three-factor authentication scheme employing elliptic curve cryptography operations De-synchronization attack, Anonymity, and server impersonation attack 2018 [27] Improved client-server three-factor authentication scheme employing public-key cryptography De-synchronization attack, costly crypto-primitives 2019 [7] PUF-based Wireless Sensor Network oriented scheme Denial of Service (DoS) threat due to direct use of PUF without removing its noise 2019 [20] Fuzzy extractor-based biometric symmetric authentication protocol for client server environment Man in the middle attack, DoS attack 2020 similar to human biometric features.…”

Fuzzy-in-the-Loop-Driven Low-Cost and Secure Biometric User Access to Server

“…It offers important advantages over passwords and cryptographic keys [12], such as resistant to copy or being guessed, hard to be forged, and no necessity from users to remember the keys or lose them. For the same reasons, however, it is critical to keep the privacy and security of the biometrics during the authentication process [19][20][21][22][23][24]. Once the biometrics information is compromised, it is not feasible to generate a second one.…”

“…Zhou et al [23] proposed a Threshold Predicate Encryption scheme to only reveal the matched result so no biometric data can be learned. The use of adversarial machine learning has been reported in [24], where Wang et al investigated privacy-malicious attacks on the preserving vulnerability in a biometric database by using critical biometric similarity information in machine learning. As the encrypted biometric data is stored in database in [23,24], the risks of biometrics information leakage do exist with these approaches.…”

Bio-AKA: An efficient fingerprint based two factor user authentication and key agreement scheme

“…Some early proof-of-concept works and trade-off analyses have been carried out e.g. in [193][194][195].…”

Computational workload in biometric identification systems: an overview