research-article

Secure Outsourced Biometric Authentication With Performance Evaluation on Smartphones

Authors:

Jaroslav Sedenka,

Sathya Govindarajan,

Kiran S. BalaganiAuthors Info & Claims

IEEE Transactions on Information Forensics and Security, Volume 10, Issue 2

Pages 384 - 396

https://doi.org/10.1109/TIFS.2014.2375571

Published: 01 February 2015 Publication History

Abstract

We design privacy-preserving protocols for scaled Manhattan and scaled Euclidean verifiers, secure against malicious clients and honest-but-curious server. We then augment our protocols with principal component analysis (PCA), which can help to improve authentication accuracy. We evaluate the performance of our protocols on an emerging application-namely, continuous authentication of smartphone users. We compare the performance of protocols secure under the malicious client model, with three protocols secure in the honest-but-curious model. We report tradeoffs between computation overhead, communication cost, and authentication accuracy. Our key observations are: 1) scaled Manhattan without PCA gives the best tradeoff between security, accuracy, and overhead and 2) with PCA, memory availability on current smartphones limits the number of features that can be used with scaled Manhattan, and prevents the scaled Euclidean protocol from running. Our extended evaluation on a laptop client shows that PCA with both scaled Manhattan and scaled Euclidean verifiers is feasible given sufficient memory.

References

[1]

AdmitOne Security. [Online]. Available: http://www.admitonesecurity.com, accessed Nov. 3, 2014.

[2]

M. Barbosa, T. Brouard, S. Cauchie, and S. M. De Sousa, “Secure biometric authentication with improved accuracy,” in Proc. 13th Australasian Conf. Inf. Secur. Privacy, 2008, pp. 21–36.

[3]

M. Barni et al., “Privacy-preserving fingercode authentication,” in Proc. 12th ACM Workshop Multimedia Secur., 2010, pp. 231–240.

[4]

BehavioSec. [Online]. Available: http://www.behaviosec.com, accessed Nov. 3, 2014.

[5]

M. Blanton and P. Gasti, “Secure and efficient protocols for iris and fingerprint identification,” in Proc. 16th Eur. Conf. Res. Comput. Secur., 2011, pp. 190–209.

[6]

A. Boldyreva, N. Chenette, and A. O’Neill, “Order-preserving encryption revisited: Improved security analysis and alternative solutions,” in Proc. 31st Annu. Conf. CRYPTO, 2011, pp. 578–595.

[7]

J. Bringer, H. Chabanne, M. Izabachène, D. Pointcheval, Q. Tang, and S. Zimmer, “An application of the Goldwasser–Micali cryptosystem to biometric authentication,” in Proc. 12th Australasian Conf. Inf. Secur. Privacy, 2007, pp. 96–106.

[8]

H. Chun, Y. Elmehdwi, F. Li, P. Bhattacharya, and W. Jiang, “Outsourceable two-party privacy-preserving biometric authentication,” in Proc. 9th ASIACCS, 2014, pp. 401–412.

[9]

R. Cramer, I. Damgård, and J. B. Nielsen, “Multiparty computation from threshold homomorphic encryption,” in Proc. Int. Conf. Theory Appl. Cryptograph. Techn., 2001, pp. 280–299.

[10]

I. Damgård, M. Geisler, and M. Krøigård, “A correction to ‘efficient and secure comparison for on-line auctions,”’ Cryptology ePrint Archive, Tech. Rep. 2008/321, 2008.

[11]

I. Damgård, M. Geisler, and M. Krøigård, “Homomorphic encryption and secure comparison,” Int. J. Appl. Cryptol., vol. 1, no. 1, pp. 22–31, 2008.

Digital Library

[12]

I. Damgård, M. Geisler, M. Krøigård, and J. B. Nielsen, “Asynchronous multiparty computation: Theory and implementation,” in Proc. 12th Int. Conf. Pract. Theory PKC, 2009, pp. 160–179.

[13]

Z. Erkin, M. Franz, J. Guajardo, S. Katzenbeisser, I. Lagendijk, and T. Toft, “Privacy-preserving face recognition,” in Proc. 9th Int. Symp. PETS, 2009, pp. 235–253.

[14]

M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song, “Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication,” IEEE Trans. Inf. Forensics Security, vol. 8, no. 1, pp. 136–148, Jan. 2013.

Digital Library

[15]

C. Gentry, “Fully homomorphic encryption using ideal lattices,” in Proc. 41st Annu. ACM STOC, 2009, pp. 169–178.

[16]

C. Gentry and S. Halevi, “Implementing Gentry’s fully-homomorphic encryption scheme,” in Proc. 30th Annu. Int. Conf. EUROCRYPT, 2011, pp. 129–148.

[17]

O. Goldreich, Foundations of Cryptography: Basic Applications, vol. 2. Cambridge, U.K.: Cambridge Univ. Press, 2004.

[18]

O. Goldreich, S. Micali, and A. Wigderson, “How to play ANY mental game,” in Proc. 19th Annu. ACM STOC, 1987, pp. 218–229.

[19]

S. Govindarajan, P. Gasti, and K. S. Balagani, “Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data,” in Proc. IEEE 6th Int. Conf. BTAS, Sep./Oct. 2013, pp. 1–8.

[20]

V. Goyal, P. Mohassel, and A. Smith, “Efficient two party and multi party computation against covert adversaries,” in Proc. 27th Annu. Int. Conf. EUROCRYPT, 2008, pp. 289–306.

[21]

W. Henecka, S. Kögl, A.-R. Sadeghi, T. Schneider, and I. Wehrenberg, “TASTY: Tool for automating secure two-party computations,” in Proc. 17th ACM Conf. CCS, 2010, pp. 451–462.

[22]

Y. Huang, D. Evans, J. Katz, and L. Malka, “Faster secure two-party computation using garbled circuits,” in Proc. 20th USENIX, 2011, p. 35.

[23]

Y. Huang, J. Katz, and D. Evans, “Efficient secure two-party computation using symmetric cut-and-choose,” in Proc. 33rd Annu. CRYPTO, 2013, pp. 18–35.

[24]

Y. Ishai, J. Kilian, K. Nissim, and E. Petrank, “Extending oblivious transfers efficiently,” in Proc. 23rd Annu. Int. Conf. CRYPTO, 2003, pp. 145–161.

[25]

A. K. Jain, S. Prabhakar, L. Hong, and S. Pankanti, “Filterbank-based fingerprint matching,” IEEE Trans. Image Process., vol. 9, no. 5, pp. 846–859, May 2000.

Digital Library

[26]

A. Juels and M. Sudan, “A fuzzy vault scheme,” in Proc. Int. Symp. Inf. Theory (ISIT), 2002, p. 408.

[27]

A. Juels and M. Wattenberg, “A fuzzy commitment scheme,” in Proc. 6th ACM Conf. CCS, 1999, pp. 28–36.

[28]

K. Killourhy and R. A. Maxion, “Comparing anomaly-detection algorithms for keystroke dynamics,” in Proc. Annu. IEEE/IFIP Int. Conf. Dependable Syst. Netw., Jun./Jul. 2009, pp. 125–134.

[29]

V. Kolesnikov, A.-R. Sadeghi, and T. Schneider, “Improved garbled circuit building blocks and applications to auctions and computing minima,” in Proc. 8th Int. Conf. CANS, 2009, pp. 1–20.

[30]

V. Kolesnikov and T. Schneider, “Improved garbled circuit: Free XOR gates and applications,” in Proc. 35th Int. Colloq. Autom., Lang., Program., 2008, pp. 486–498.

[31]

G. Kumar, S. Tulyakov, and V. Govindaraju, “Combination of symmetric hash functions for secure fingerprint matching,” in Proc. 20th Int. Conf. Pattern Recognit., Aug. 2010, pp. 890–893.

[32]

Y. Lindell and B. Pinkas, “A proof of security of Yao’s protocol for two-party computation,” J. Cryptol., vol. 22, no. 2, pp. 161–188, 2009.

Digital Library

[33]

Y. Lindell and B. Pinkas, “Secure two-party computation via cut-and-choose oblivious transfer,” J. Cryptol., vol. 25, no. 4, pp. 680–722, 2012.

Digital Library

[34]

D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella, “Fairplay—A secure two-party computation system,” in Proc. 13th Conf. USENIX, 2004, p. 20.

[35]

M. Naor and B. Pinkas, “Efficient oblivious transfer protocols,” in Proc. 12th Annu. ACM-SIAM Symp. Discrete Algorithms (SODA), 2001, pp. 448–457.

[36]

M. Osadchy, B. Pinkas, A. Jarrous, and B. Moskovich, “SCiFI—A system for secure face identification,” in Proc. IEEE Symp. Secur. Privacy, May 2010, pp. 239–254.

[37]

P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes,” in Proc. 17th Int. Conf. EUROCRYPT, 1999, pp. 223–238.

[38]

B. Pinkas, T. Schneider, N. P. Smart, and S. C. Williams, “Secure two-party computation is practical,” in Proc. 15th Int. Conf. ASIACRYPT, 2009, pp. 250–267.

[39]

T. Plantard, W. Susilo, and Z. Zhang, “Fully homomorphic encryption using hidden ideal lattice,” IEEE Trans. Inf. Forensics Security, vol. 8, no. 12, pp. 2127–2137, Dec. 2013.

Digital Library

[40]

T. Rabin and M. Ben-Or, “Verifiable secret sharing and multiparty protocols with honest majority,” in Proc. 21st Annu. ACM STOC, 1989, pp. 73–85.

[41]

I. Rish, “An empirical study of the Naive Bayes classifier,” in Proc. IJCAI Workshop Empirical Methods AI, 2001, pp. 41–46.

[42]

A.-R. Sadeghi, T. Schneider, and I. Wehrenberg, “Efficient privacy-preserving face recognition,” in Proc. 12th Int. Conf. Inf. Secur. Cryptol., 2009, pp. 229–244.

[43]

N. A. Safa, R. Safavi-Naini, and S. Shahandashti, “Privacy-preserving implicit authentication,” in Proc. 29th ICT Syst. Secur. Privacy Protection, 2014, pp. 471–484.

[44]

C. Sanchez-Avila and R. Sanchez-Reillo, “Two different approaches for iris recognition using Gabor filters and multiscale zero-crossing representation,” Pattern Recognit., vol. 38, no. 2, pp. 231–240, 2005.

[45]

B. Schoenmakers and P. Tuyls, “Computationally secure authentication with noisy data,” in Security with Noisy Data: On Private Biometrics, Secure Key Storage and Anti-Counterfeiting. New York, NY, USA: Springer-Verlag, 2007.

[46]

A. Serwadda, V. V. Phoha, and Z. Wang, “Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms,” in Proc. IEEE 6th Int. Conf. BTAS, Sep./Oct. 2013, pp. 1–8.

[47]

C. Shen, Z. Cai, X. Guan, Y. Du, and R. A. Maxion, “User authentication through mouse dynamics,” IEEE Trans. Inf. Forensics Security, vol. 8, no. 1, pp. 16–30, Jan. 2013.

Digital Library

[48]

M. Turk and A. Pentland, “Eigenfaces for recognition,” J. Cognit. Neurosci., vol. 3, no. 1, pp. 71–86, 1991.

Digital Library

[49]

U. Uludag, S. Pankanti, and A. K. Jain, “Fuzzy vault for fingerprints,” in Proc. 5th Int. Conf. Audio- Video-Based Biometric Pers. Authentication, 2005, pp. 310–319.

[50]

J. Šeděnka, K. Balagani, V. Phoha, and P. Gasti, “Privacy-preserving population-enhanced biometric key generation from free-text keystroke dynamics,” in Proc. IJCB, 2014.

[51]

A. C.-C. Yao, “How to generate and exchange secrets,” in Proc. 27th Annu. Symp. FOCS, Oct. 1986, pp. 162–167.

[52]

X. Zhao, T. Feng, and W. Shi, “Continuous mobile authentication using a novel graphic touch gesture feature,” in Proc. IEEE 6th Int. Conf. BTAS, Sep./Oct. 2013, pp. 1–6.

Cited By

Blanton MMurphy DVilela JSchulmann HLi N(2024)Privacy Preserving Biometric Authentication for Fingerprints and BeyondProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653269(367-378)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653269
Baig AEskeland SYang B(2023)Privacy-preserving continuous authentication using behavioral biometricsInternational Journal of Information Security10.1007/s10207-023-00721-y22:6(1833-1847)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1007/s10207-023-00721-y
P. R. VA. A(2022)Optimal Weighted Logarithmic Transformation Converted HMOG Features for Automatic Smart Phone AuthenticationInternational Journal of Mobile Computing and Multimedia Communications10.4018/IJMCMC.30196813:1(1-23)Online publication date: 2-Sep-2022
https://dl.acm.org/doi/10.4018/IJMCMC.301968
Show More Cited By

Index Terms

Secure Outsourced Biometric Authentication With Performance Evaluation on Smartphones
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Index terms have been assigned to the content through auto-classification.

Recommendations

Optimizing Semi-Honest Secure Multiparty Computation for the Internet
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

In the setting of secure multiparty computation, a set of parties with private inputs wish to compute some function of their inputs without revealing anything but their output. Over the last decade, the efficiency of secure two-party computation has ...
Authentication for paranoids: multi-party secret handshakes
ACNS'06: Proceedings of the 4th international conference on Applied Cryptography and Network Security

In a society increasingly concerned with the steady assault on electronic privacy, the need for privacy-preserving techniques is both natural and justified. This need extends to traditional security tools such as authentication and key distribution ...
Round-Optimal Secure Multi-party Computation
Abstract
Secure multi-party computation (MPC) is a central cryptographic task that allows a set of mutually distrustful parties to jointly compute some function of their private inputs where security should hold in the presence of an active (i.e. malicious)...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Information Forensics and Security

IEEE Transactions on Information Forensics and Security Volume 10, Issue 2

Feb. 2015

217 pages

ISSN:1556-6013

Issue’s Table of Contents

Copyright © 2014.

Publisher

IEEE Press

Publication History

Published: 01 February 2015

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Blanton MMurphy DVilela JSchulmann HLi N(2024)Privacy Preserving Biometric Authentication for Fingerprints and BeyondProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653269(367-378)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653269
Baig AEskeland SYang B(2023)Privacy-preserving continuous authentication using behavioral biometricsInternational Journal of Information Security10.1007/s10207-023-00721-y22:6(1833-1847)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1007/s10207-023-00721-y
P. R. VA. A(2022)Optimal Weighted Logarithmic Transformation Converted HMOG Features for Automatic Smart Phone AuthenticationInternational Journal of Mobile Computing and Multimedia Communications10.4018/IJMCMC.30196813:1(1-23)Online publication date: 2-Sep-2022
https://dl.acm.org/doi/10.4018/IJMCMC.301968
Acar AAli SKarabina KKaygusuz CAksu HAkkaya KUluagac S(2021)A Lightweight Privacy-Aware Continuous Authentication Protocol-PACAACM Transactions on Privacy and Security10.1145/346469024:4(1-28)Online publication date: 2-Sep-2021
https://dl.acm.org/doi/10.1145/3464690
Liu MHu HXiang HYang CLyu LZhang X(2021)Clustering-based Efficient Privacy-preserving Face Recognition Scheme without Compromising AccuracyACM Transactions on Sensor Networks10.1145/344841417:3(1-27)Online publication date: 21-Jun-2021
https://dl.acm.org/doi/10.1145/3448414
Wei FZeadally SVijayakumar PKumar NHe D(2021)An Intelligent Terminal Based Privacy-Preserving Multi-Modal Implicit Authentication Protocol for Internet of Connected VehiclesIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2020.299877522:7(3939-3951)Online publication date: 1-Jul-2021
https://dl.acm.org/doi/10.1109/TITS.2020.2998775
Morampudi MPrasad MRaju U(2021)Privacy-preserving and verifiable multi-instance iris remote authentication using public auditorApplied Intelligence10.1007/s10489-021-02187-851:10(6823-6836)Online publication date: 1-Oct-2021
https://dl.acm.org/doi/10.1007/s10489-021-02187-8
Mainali PShepherd CPetitcolas F(2019)Privacy-Enhancing Context Authentication from Location-Sensitive DataProceedings of the 14th International Conference on Availability, Reliability and Security10.1145/3339252.3340334(1-10)Online publication date: 26-Aug-2019
https://dl.acm.org/doi/10.1145/3339252.3340334
Balagani KGasti PElliott ARichardson AO’Neal M(2018)The impact of application context on privacy and performance of keystroke authentication systemsJournal of Computer Security10.3233/JCS-17101726:4(543-556)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.3233/JCS-171017

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents