TY - JOUR
T1 - PassBio: Privacy-preserving user-centric biometric authentication
AU - Zhou, Kai
AU - Ren, Jian
N1 - Funding Information:
Manuscript received November 7, 2017; revised March 14, 2018 and April 26, 2018; accepted May 13, 2018. Date of publication May 21, 2018; date of current version June 5, 2018. This work was supported in part by the National Science Foundation under Grant CNS: 1524520 and in part by the Semiconductor Research Corporation under Grant 2015-TS-2639. The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Aris Gkoulalas Divanis. (Corresponding author: Jian Ren.) The authors are with the Department of Electrical and Computer Engineering, Michigan State University, East Lansing, MI 48824-1226 USA (e-mail: zhoukai@msu.edu; renjian@msu.edu).
Publisher Copyright:
© 2005-2012 IEEE.
Copyright:
Copyright 2018 Elsevier B.V., All rights reserved.
PY - 2018/12
Y1 - 2018/12
N2 - The proliferation of online biometric authentication has necessitated security requirements of biometric templates. The existing secure biometric authentication schemes feature a server-centric model, where a service provider maintains a biometric database and is fully responsible for the security of the templates. The end-users have to fully trust the server in storing, processing, and managing their private templates. As a result, the end-users' templates could be compromised by outside attackers or even the service provider itself. In this paper, we propose a user-centric biometric authentication scheme (PassBio) that enables end-users to encrypt their own templates with our proposed light-weighted encryption scheme. During authentication, all the templates remain encrypted such that the server will never see them directly. However, the server is able to determine whether the distance of two encrypted templates is within a pre-defined threshold. Our security analysis shows that no critical information of the templates can be revealed under both passive and active attacks. PassBio follows a 'compute-then-compare' computational model over encrypted data. More specifically, our proposed threshold predicate encryption (TPE) scheme can encrypt two vectors x and y in such a manner that the inner product of x and y can be evaluated and compared to a pre-defined threshold. TPE guarantees that only the comparison result is revealed and no key information about x and y can be learned. Furthermore, we show that TPE can be utilized as a flexible building block to evaluate different distance metrics, such as Hamming distance and Euclidean distance over encrypted data. Such a compute-then-compare computational model, enabled by TPE, can be widely applied in many interesting applications, such as searching over encrypted data while ensuring data security and privacy.
AB - The proliferation of online biometric authentication has necessitated security requirements of biometric templates. The existing secure biometric authentication schemes feature a server-centric model, where a service provider maintains a biometric database and is fully responsible for the security of the templates. The end-users have to fully trust the server in storing, processing, and managing their private templates. As a result, the end-users' templates could be compromised by outside attackers or even the service provider itself. In this paper, we propose a user-centric biometric authentication scheme (PassBio) that enables end-users to encrypt their own templates with our proposed light-weighted encryption scheme. During authentication, all the templates remain encrypted such that the server will never see them directly. However, the server is able to determine whether the distance of two encrypted templates is within a pre-defined threshold. Our security analysis shows that no critical information of the templates can be revealed under both passive and active attacks. PassBio follows a 'compute-then-compare' computational model over encrypted data. More specifically, our proposed threshold predicate encryption (TPE) scheme can encrypt two vectors x and y in such a manner that the inner product of x and y can be evaluated and compared to a pre-defined threshold. TPE guarantees that only the comparison result is revealed and no key information about x and y can be learned. Furthermore, we show that TPE can be utilized as a flexible building block to evaluate different distance metrics, such as Hamming distance and Euclidean distance over encrypted data. Such a compute-then-compare computational model, enabled by TPE, can be widely applied in many interesting applications, such as searching over encrypted data while ensuring data security and privacy.
KW - Biometric authentication
KW - computation over encrypted data
KW - data security and privacy
KW - inner product encryption
KW - predicate encryption
UR - http://www.scopus.com/inward/record.url?scp=85047214753&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2018.2838540
DO - 10.1109/TIFS.2018.2838540
M3 - Journal article
AN - SCOPUS:85047214753
VL - 13
SP - 3050
EP - 3063
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
SN - 1556-6013
IS - 12
ER -