Revisiting Yasuda et al.’s Biometric Authentication Protocol: Are you Private Enough?
E. Pagnin, J. Liu, A. Mitrokotsa CANS 2017, Hong Kong (China), December 2017
Abstract
Biometric Authentication Protocols (BAPs) have increasingly been employed to guarantee reliable access control to places and services. However, it is well-known that biometric traits contain sensitive information of individuals and if compromised could lead to serious security and privacy breaches. Yasuda et al. [23] proposed a distributed privacy-preserving BAP which Abidin et al. [1] have shown to be vulnerable to biometric template recovery attacks under the presence of a malicious computational server. In this paper, we fix the weaknesses of Yasuda et al.’s BAP and present a detailed instantiation of a distributed privacy-preserving BAP which is resilient against the attack presented in [1]. Our solution employs Backes et al.’s [4] verifiable computation scheme to limit the possible misbehaviours of a malicious computational server.
Keywords: Biometric Authentication, Verifiable Delegation, Privacy- Preserving Authentication.