Blind Authentication a Secure Crypto-Biometric Verification Protocol-jUu

  • View
    110

  • Download
    1

Embed Size (px)

Text of Blind Authentication a Secure Crypto-Biometric Verification Protocol-jUu

Copyright (c) 2010 IEEE. Personal use is permitted. For any other purposes, Permission must be obtained from the IEEE by emailing pubs-permissions@ieee.org.This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.TRANSACTIONSONINFORMATIONFORENSICSANDSECURITY, VOL. X, NO. Y, MONTHYEAR 1BlindAuthentication: ASecureCrypto-BiometricVericationProtocolManeeshUpmanyu, AnoopM. Namboodiri, K. SrinathanandC.V. Jawahar{upmanyu@research., anoop@, srinathan@, jawahar@}@iiit.ac.inInternational InstituteofInformationTechnology, Hyderabad, INDIA-500032AbstractConcernsonwidespreaduseofbiometricauthenticationsystemsareprimarilycenteredaroundtem-platesecurity,revocabilityandprivacy.Theuseofcryptographic primitivestobolstertheauthenticationprocesscanalleviatesomeof theseconcernsas shownbybiometriccryptosystems. Inthis paper, weproposeaprovablysecureandblindbiometricauthenticationprotocol,whichaddressestheconcernsofusersprivacy, templateprotection, andtrustissues.Theprotocol isblindinthesensethatitrevealsonlytheidentity, andnoadditional informationabout theuser or thebiometrictotheauthenticatingserveror vice-versa. As the protocol is basedonasymmetric encryptionof the biometric data, it capturesthe advantages of biometric authenticationas well as the security of public key cryptography. Theauthenticationprotocol canrunover publicnetworksandprovidenon-repudiableidentityverication.Theencryptionalsoprovidestemplateprotection,theabilitytorevokeenrolledtemplates,andalleviatestheconcernsonprivacyinwidespreaduseofbiometrics.The proposed approach makes no restrictive assumptions on the biometric data and is hence applicabletomultiplebiometrics. Suchaprotocol hassignicant advantages over existing biometriccryptosystems,whichuseabiometrictosecureasecret key, whichinturnisusedforauthentication. Weanalyzethesecurityoftheprotocol undervariousattackscenarios. Experimentalresultsonfourbiometricdatasets(face, iris, handgeometryandngerprint) showthat carryingout theauthenticationintheencrypteddomaindoesnotaffecttheaccuracy,whiletheencryptionkeyactsasanadditionallayerofsecurity.IndexTermsBiometrics, Privacy,Security,Cryptosystems,SupportVectorMachines,ArticialNeuralNetworks,PublicKeyCryptography.11Copyright (c)2008IEEE.Personal useofthismaterialispermitted. However, permissiontousethismaterial foranyotherpurposesmust beobtainedfromtheIEEEbysendingarequest topubs-permissions@ieee.orgJanuary8, 2010 DRAFT Copyright (c) 2010 IEEE. Personal use is permitted. For any other purposes, Permission must be obtained from the IEEE by emailing pubs-permissions@ieee.org.This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.TRANSACTIONSONINFORMATIONFORENSICSANDSECURITY, VOL. X, NO. Y, MONTHYEAR 2EDICSCategory:MOD-SECU, BIO-PROT, BIO-ATTA, SEC-PRIVI. INTRODUCTIONBiometric authentication systems are gaining wide-spread popularity in recent years due to the advancesinsensor technologiesaswell asimprovementsinthematchingalgorithms[1] that makethesystemsbothsecureandcost-effective. Theyareideallysuitedforbothhighsecurityandremoteauthenticationapplications due tothe non-repudiablenature anduser convenience. Most biometric systems assumethat the template in the systemis secure due to human supervision (e.g., immigration checks andcriminal databasesearch)or physicalprotection(e.g., laptoplocksanddoorlocks). However, avarietyof applicationsof authenticationneedtoworkoverapartiallysecureor insecurenetworkssuchasanATMnetworksor theInternet. Authenticationover insecurepublicnetworksor withuntrustedserversraisesmoreconcernsinprivacyandsecurity. Theprimaryconcernisrelatedtothesecurityoftheplainbiometrictemplates, whichcannot bereplaced, oncetheyarecompromised[2]. Theprivacyconcernsarisefromthefact that thebiometricsamplesreveal moreinformationabout itsowner (medical, foodhabits, etc.)inadditiontotheidentity.Widespread use ofbiometricauthentication alsoraises concerns oftrackingaperson,aseveryactivitythatrequiresauthenticationcanbeuniquelyassignedtoanindividual(seeTableI).Toclarifyourproblemletusconsider thefollowingusage scenario:Alicewantstocreate anaccountinBobmail,thatrequiresbiometricsbasedauthentication.However, sheneithertrustsBobtohandleherbiometricdatasecurely,nortruststhenetworktosendherplainbiometric.Theprimaryproblemhereisthat, forAlice, Bobcouldeitherbeincompetenttosecureherbiometricor evencurioustotryandgainaccesstoher biometricdata, whiletheauthenticationis goingon. SoAlicedoesnotwanttogiveherbiometricdatainplaintoBob.Ontheotherhand,Bobdoesnottrusttheclientasshecouldbeanimpostor.Shecouldalsorepudiateheraccesstotheserviceatalatertime. Forbothparties,thenetworkisinsecure.Abiometricsystemthatcanworksecurelyandreliablyundersuchcircumstancescanhaveamultitudeofapplicationsvaryingfromaccessingremoteserverstoe-shoppingover theInternet. TableI summarizestheprimaryconcernsthat needstobeaddressedfor widespreadadoptionofbiometrics.Forcivilianapplications, theseconcerns areoftenmoreseriousthantheaccuracyofthebiometric[3].If theuser is abletoauthenticatehimself usingastronglyencryptedversionof his biometric(sayusingRSA[4]), thenmanyof theconcernsonprivacyandsecuritycanbeaddressed. However, thiswouldrequiretheservertocarryoutallthecomputationsintheencrypteddomainitself. Unfortunately,January8, 2010 DRAFT Copyright (c) 2010 IEEE. Personal use is permitted. For any other purposes, Permission must be obtained from the IEEE by emailing pubs-permissions@ieee.org.This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.TRANSACTIONSONINFORMATIONFORENSICSANDSECURITY, VOL. X, NO. Y, MONTHYEAR 3a)Templateprotection:Asabiometricdonot changeovertime, onecannot revokeanenrolledplainbiometric. Hence,criticalinformationcouldberevealediftheserversbiometrictemplatedatabaseiscompromised.b)Usersprivacy:i)Theactivitiesofapersoncouldbetracked, asthebiometricisuniquetoaperson, andii)Certainbiometricsmayreveal personal informationabout auser(e.g., medical orfoodhabits), inadditiontoidentity.c)Trust betweenuserandserver:Inwidespreaduse, all authenticatingserversmaynot becompetent ortrustworthytosecurelyhandleausersplainbiometric, whilearemoteusercannot bereliablyidentiedwithoutbiometricinformation.d) Networksecurity: Astheauthenticationisdoneover aninsecurenetwork, anyonesnoopingthenetworkcouldgainaccesstothebiometricinformationbeingtransmitted.TABLEIPRIMARYCONCERNSINWIDESPREADADOPTIONOFBIOMETRICSFORREMOTEAUTHENTICATION.encryptionalgorithmsaredesignedtoremoveanysimilaritythat existwithinthedatatodefeat attacks,while patternclassicationalgorithms require the similarity of data to be preservedto achieve highaccuracy. Inother words, security/privacy andaccuracy seems tobeopposing objectives. Differentsecureauthenticationsolutionstrytomakereasonabletrade-offs betweentheopposinggoalsof securityandaccuracy,inadditiontomakingspecicassumptionsabouttherepresentationorbiometricbeingused.Weovercomethisseeminglyunavoidablecompromisebydesigningtheclassierintheplainfeaturespace, whichallowsustomaintaintheperformanceof thebiometric. Wewouldthenliketocarryoutthe computations requiredfor authenticationusingthis trainedclassier, completelyinthe encrypteddomain.However,suchasolutionwouldrequireanalgebraichomomorphicencryptionscheme[5]. TheonlyknowndoublyhomomorphicschemehasrecentlybeenproposedbyCraigGentry[6] andwouldmostlyleadtoacomputationallyintensivetheoretical solution. Weshowthat it ispossibletoachieveapractical solutionusingdistributionof workbetweentheclient (sensor) andtheserver (authenticator),usingourproposedrandomizationscheme.A. PreviousWorkThepreviousworkintheareaofencryptionbasedsecurityofbiometrictemplatestendtomodel theproblemasthat ofbuildingaclassication systemthat separates thegenuine and impostorsamples intheencrypteddomain[7][8][9]. Howeverastrongencryptionmechanismdestroysanypatterninthedata,whichadverselyaffectstheaccuracyof verication. Hence, anysuchmatchingmechanismnecessarilymakesacompromisebetweentemplatesecurity(strongencryption)andaccuracy(retainingpatternsinthedata). Theprimarydifferenceinourapproachisthatweareabletodesigntheclassierintheplainfeaturespace, whichallowsustomaintaintheperformanceof thebiometricitself, whilecarryingouttheauthenticationondatawithstrongencryption, whichprovideshighsecurity/privacy[10].January8, 2010 DRAFT Copyright (c) 2010 IEEE. Personal use is permitted. For any other purposes, Permission must be obtained from the IEEE by emailing pubs-permissions@ieee.org.This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.TRANSACTIONSONINFORMATIONFORENSICSANDSECURITY, VOL. X, NO. Y, MONTHYEAR 4Overtheyearsanumberof attemptshavebeenmadetoaddresstheproblemof templateprotectionandprivacyconcernsanddespiteall efforts, asA.K. Jainet al. puts it, atemplateprotectionschemewithprovablesecurityandacceptablerecognitionperformancehas thus far remainedelusive. [9]. Inthissection,wewilllookattheexistingworkinlightofthissecurity-accuracydilemma,andunderstandhowthiscanbeovercomebycommunicationbetweentheauthenticatingserverandtheclient. DetailedreviewsoftheworkontemplateprotectioncanbefoundinJainetal. [9],Uludagetal.[11], andRathaetal. [12]. WewilladopttheclassicationofexistingworksprovidedbyJainetal. [9](seeFig1), andshowthat eachclassofapproachesmakesthesecurity-accuracycompromise.Fig. 1. CategorizationoftemplateprotectionschemesbyJainet al. [9].Letusnowanalyzeeachofthefourcategoryofsolutionsintermsoftheirstrengthsandweaknesses:TherstclassoffeaturetransformationapproachesknownasSaltingofferssecurityusingatransfor-mationfunctionseededbyauserspecickey. Thestrengthof theapproachliesinthestrengthof thekey. Aclassier isthendesignedintheencryptedfeaturespace. Althoughthestandardcrypt