Security aspects of privacy-preserving biometric authentication based on ideal lattices and ring-LWE
Paper i proceeding, 2014

In this paper, we study the security of two recently proposed privacy-preserving biometric authentication protocols that employ packed somewhat homomorphic encryption schemes based on ideal lattices and ring-LWE, respectively. These two schemes have the same structure and have distributed architecture consisting of three entities: a client server, a computation server, and an authentication server. We present a simple attack algorithm that enables a malicious computation server to learn the biometric templates in at most 2N-τ queries, where N is the bit-length of a biometric template and τ the authentication threshold. The main enabler of the attack is that a malicious computation server can send an encryption of the inner product of the target biometric template with a bitstring of his own choice, instead of the securely computed Hamming distance between the fresh and stored biometric templates. We also discuss possible countermeasures to mitigate the attack using private information retrieval and signatures of correct computation.

biometric authentication

privacy-preservation

Författare

Aysajan Abidin

Chalmers, Data- och informationsteknik, Nätverk och system

Aikaterini Mitrokotsa

Chalmers, Data- och informationsteknik, Nätverk och system

IEEE International Workshop on Information Forensics and Security, WIFS 2014; Atlanta; United States; 3 December 2014 through 5 December 2014

60-65

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Data- och informationsvetenskap

Datavetenskap (datalogi)

DOI

10.1109/WIFS.2014.7084304

ISBN

978-147998882-2