BLIND AUTHENTICATION: A SECURE CRYPTO-BIOMETRIC VERIFICATION PROTOCOL

By Maneesh Upmanyu ,C. V. Jawahar , Anoop M Namboodiri, Kannan Srinathan

CONTENTS
1. Biometrics 2. Biometric Authentication System

3. Comparison of Biometric systems

4. Privacy concerns in Biometric systems 5. What is Blind Authentication? 6. Previous work 7. Features of Blind Authentication 8. Enrollment 9. Authentication

10. Security, Privacy and Trust

11. Extensions to Kernels and Neural networks 12. Blind Secure Product Protocol 13. Implementation and analysis 14. Advantages 15. Conclusion

BIOMETRICS
A biometric is a physiological or behavioral characteristic of a human being that can distinguish one person from another and that theoretically can be used for identification or verification of identity.

AUTHENTICATION

WHAT YOU KNOW? WHAT YOU HAVE? WHAT YOU ARE?

Biometric Authentication System

COMPARISON OF BIOMETRIC SYSTEMS

PHYSIOLOGICAL BIOMETRICS
1. Fingerprint recognition
a) No two persons share the same fingerprints b) Can go for thermal sensing, optical sensing, capacitance sensing, ultrasound sensing etc. c) Wet, dry, or dirty skin may create problems

2. Face Recognition
a) One of the most acceptable biometrics
b) Not accurate and dependable

3. Hand Geometry
a) Include length and width of fingers, different aspect ratios of palm and fingers, thickness and width of the palm etc. b) Existing hand geometry systems mostly use images of the hand

4. Iris Recognition
a) Reliable and accurate
b) Believed to be unique in every individual c) Not work for people who are missing both eyes or who have serious eye illnesses that affect the iris.

BEHAVIORAL BIOMETRICS
1. Signature
a) High degree of acceptance b) Signatures lack permanence c) Static signature verification systems & Dynamic signature verification systems

2. Voice
a) Depend on numerous characteristics of a human voice to identify the speaker

b) Does not require expensive input devices

c) Issues- may skillfully imitate others' voices, record and replay attacks

Primary Concerns in a Biometric System

Template Protection
User's privacy Trust between user and

server
Network security

What is Blind Authentication?

A blind authentication protocol that does not reveal any:
information about the biometric samples to the authenticating server. information regarding the classifier, employed by the server, to the user or client

PREVIOUS WORK

Categorization of template protection schemes by Jain

SALTING
Design a classifier in the encrypted feature space
Specific to a biometric trait Security using a transformation function seeded by a user

specific key
Do not offer well defined security

NON-INVERTIBLE TRANSFORM
Apply non-invertible function on the biometric template
Key must be available at the time of transformation Eg. Robust hashing, Cancelable templates

KEY BINDING AND KEY GENERATION

Integrate the advantages of biometrics and cryptography Using the biometric as a protection for the secret key or to

generate secret key

FEATURES OF BLIND AUTHENTICATION

Strong encryption Non-repudiable authentication

Protection against replay and

client-side attacks Revocability

ENROLLMENT

Enrollment based on a trusted third party(TTP): At the time of registering with a website, the encrypted version of the users biometric template is made available to the website. The one-time classifier training is done on the plain biometrics, and hence requires a trusted server to handle training.

AUTHENTICATION

Blind Authentication Process: Linear kernel computation for encrypted feature vectors. At no point, the identity vectors x, w or the intermediate results xi wi is revealed to anyone.

SECURITY PRIVACY AND TRUST

SYSTEM SECURITY

Server Security
Client Security

Network Security

PRIVACY

Concern of revealing personal

information

Server security
Hacker gains access to the template database

Hacker is in the database server during the authentication

Impostor trying blind attacks from a remote machine

Client security
Hacker gains access to the users biometric or private key
Passive attack at the users computer

Network Security
Attacker gains access to the network

PRIVACY
Concern of revealing personal information-Template

is

never revealed to the server

Concern of being tracked-Use different keys for different applications

EXTENSIONS TO KERNELS AND NEURAL NETWORKS

Kernel based classifier uses a discriminating function like Similarly, in Neural Network the basic units are, for example perceptron and sigmoid

Model above functions as arithmetic circuits consisting of add and multiplication gates over a finite domain. Consider two encryptions E+ and E*

BLIND SECURE PRODUCT PROTOCOL

Receive from client

Server computes kn+k random numbers such that

Server computes and send it to the client.Client decrypts it.

Client computes
Send to the server

Server computes

IMPLEMENTATION AND ANALYSIS

Experiments designed to evaluate the efficiency and accuracy of proposed approach. For evaluation, an SVM based verifier based on clientserver architecture was implemented.

Verification time for various key sizes and feature vector lengths

Variation of accuracy w.r.t. The precisionof representation

ROC CURVES FOR VERIFICATION

ADVANTAGES OF BLIND AUTHENTICATION

Fast and Provably Secure authentication without trading off accuracy. Supports generic classifiers Network and SVMs. such as Neural

Useful with wide variety of fixed-length biometrictraits. Ideal for applications such as biometric ATMs, login from public terminals.

CONCLUSION
Verification can be done in real-time with the help of available hardware Keep the interaction between the user and the server to a

minimum
Extensions to this work includes secure enrollment protocols and encryption methods to reduce computations

Dynamic warping based matching of variable length feature

vectors can further enhance the utility of the approach

REFERENCES

N. K. Ratha, J. H. Connell, and R. M. Bolle, Enhancing security and privacy in biometrics-based authentication systems Maneesh Upmanyu, Anoop M. Namboodiri, K. Srinathan and C.V. Jawahar,Blind authentication: A secure crypto-biometric verification protocol