Security aspects of privacy-preserving biometric authentication based on ideal lattices and ring-LWE
Paper in proceedings, 2015

In this paper, we study the security of two recently proposed privacy-preserving biometric authentication protocols that employ packed somewhat homomorphic encryption schemes based on ideal lattices and ring-LWE, respectively. These two schemes have the same structure and have distributed architecture consisting of three entities: a client server, a computation server, and an authentication server. We present a simple attack algorithm that enables a malicious computation server to learn the biometric templates in at most 2N-τ queries, where N is the bit-length of a biometric template and τ the authentication threshold. The main enabler of the attack is that a malicious computation server can send an encryption of the inner product of the target biometric template with a bitstring of his own choice, instead of the securely computed Hamming distance between the fresh and stored biometric templates. We also discuss possible countermeasures to mitigate the attack using private information retrieval and signatures of correct computation.

privacy-preservation

biometric authentication

Author

Aysajan Abidin

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Aikaterini Mitrokotsa

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

2014 IEEE International Conference on Communications Workshops, ICC 2014

60-65

2014 IEEE International Workshop on Information Forensics and Security, WIFS 2014
Atlanta, USA,

Areas of Advance

Information and Communication Technology

Subject Categories

Computer and Information Science

Computer Science

DOI

10.1109/WIFS.2014.7084304

More information

Latest update

11/4/2019