On the Leakage of Information in Biometric Authentication

Pagnin, Elena; Dimitrakakis, Christos; Abidin, Aysajan; Mitrokotsa, Aikaterini

doi:10.1007/978-3-319-13039-2_16

Cited by 24 publications

(23 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The only alternative to these practical techniques is to estimate a valid biometric sample using bruteforce strategies. Below, we list the possible brute-force strategies that could be adopted in recovering a valid biometric template [19]. Luckily, all the approaches run in exponential time and thus most of the current biometric authentication systems are secure.…”

Section: Biometric Sample Recovery Attacksmentioning

confidence: 99%

“…This reference recovery attack is very efficient as it only requires a number of authentication attempts that are linear in the length of the biometric template [19]. Moreover, it can be mounted against many biometric authentication systems (privacy-preserving or not) and even systems that employ secure multiparty computation techniques including somewhat homomorphic encryption [23].…”

Section: A Biometric Reference Recovery Attackmentioning

confidence: 99%

“…For instance, [19] suggests to combat centre search attacks by using weighted distances to compare the fresh template with the stored one and to keep the weights secret and different for each user. This procedure is adopted by the biometric authentication protocols that employ the normalised Hamming distance [40] or the weighted Euclidean distance [41].…”

Section: Other Noncryptographic Approachesmentioning

confidence: 99%

See 2 more Smart Citations

Privacy-Preserving Biometric Authentication: Challenges and Directions

Pagnin

Mitrokotsa

2017

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

An emerging direction for authenticating people is the adoption of biometric authentication systems. Biometric credentials are becoming increasingly popular as a means of authenticating people due to the wide range of advantages that they provide with respect to classical authentication methods (e.g., password-based authentication). The most characteristic feature of this authentication method is the naturally strong bond between a user and her biometric credentials. This very same advantageous property, however, raises serious security and privacy concerns in case the biometric trait gets compromised. In this article, we present the most challenging issues that need to be taken into consideration when designing secure and privacypreserving biometric authentication protocols. More precisely, we describe the main threats against privacy-preserving biometric authentication systems and give directions on possible countermeasures in order to design secure and privacy-preserving biometric authentication protocols.

show abstract

Section: Biometric Sample Recovery Attacksmentioning

confidence: 99%

Section: A Biometric Reference Recovery Attackmentioning

confidence: 99%

Section: Other Noncryptographic Approachesmentioning

confidence: 99%

See 1 more Smart Citation

Privacy-Preserving Biometric Authentication: Challenges and Directions

Pagnin

Mitrokotsa

2017

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…This assumption does not rule out the case where an adversary is using several clients C i , in collusion with the cloud server, to impersonate a user that is not the owner of compromised clients. However, we do note that if a client C i is compromised, say, infected by malware, then the reference biometric template of the owner U i can be recovered using the fresh biometric template provided by U i by hill climbing attacks [31].…”

Section: Adversary Modelmentioning

confidence: 99%

Efficient Verifiable Computation of XOR for Biometric Authentication

Abidin

Aly

Rúa

et al. 2016

Cryptology and Network Security

Self Cite

View full text Add to dashboard Cite

Abstract. This work addresses the security and privacy issues in remote biometric authentication by proposing an efficient mechanism to verify the correctness of the outsourced computation in such protocols. In particular, we propose an efficient verifiable computation of XORing encrypted messages using an XOR linear message authentication code (MAC) and we employ the proposed scheme to build a biometric authentication protocol. The proposed authentication protocol is both secure and privacy-preserving against malicious (as opposed to honestbut-curious) adversaries. Specifically, the use of the verifiable computation scheme together with an homomorphic encryption protects the privacy of biometric templates against malicious adversaries. Furthermore, in order to achieve unlinkability of authentication attempts, while keeping a low communication overhead, we show how to apply Oblivious RAM and biohashing to our protocol. We also provide a proof of security for the proposed solution. Our simulation results show that the proposed authentication protocol is efficient.

show abstract

“…Hamming distance, Euclidean distance) are susceptible to leakage of information that may lead to the disclosure of stored biometric templates (even if the latter are encrypted). Pagnin et al [60] provide a formal mathematical framework to analyse this leakage.…”

Section: Privacy and Biometricsmentioning

confidence: 99%

Authentication in Constrained Settings

Mitrokotsa

2015

Cryptography and Information Security in the Balkans

Self Cite

View full text Add to dashboard Cite

Abstract. Communication technologies have revolutionized modern society. They have changed the way we do business, travel, manage our personal lives and communicate with our friends. In many cases, this crucially depends on accurate and reliable authentication. We need to get authenticated in order to get access to restricted services and/or places (i.e. transport systems, e-banking, border control). This authentication is performed in constrained settings due to: i) privacy issues, ii) noisy conditions, iii) resource constraints. Privacy-preservation is essential for the protection of sensitive information (i.e. diseases, location, nationality). Noisy conditions refer to physical noise in the communication channel that may lead to modification of the transmitted information, or natural variability due to the authentication medium (e.g. fingerprint scans). Resource constraints refer to limited device power/abilities (i.e. sensors, RFID tags). It is a very challenging problem to develop privacy-preserving authentication for noisy and constrained environments that optimally balance authentication accuracy, privacy-preservation and resource consumption. In this paper, we describe the main challenges of the problem of authentication in constrained settings, the current state-of-the-art of the field and possible directions of research.

show abstract

On the Leakage of Information in Biometric Authentication

Cited by 24 publications

References 22 publications

Privacy-Preserving Biometric Authentication: Challenges and Directions

Privacy-Preserving Biometric Authentication: Challenges and Directions

Efficient Verifiable Computation of XOR for Biometric Authentication

Authentication in Constrained Settings

Contact Info

Product

Resources

About