On Privacy-Preserving Biometric Authentication

摘要

Biometric authentication is becoming increasingly popular as a convenient authentication method. However, the privacy and security issues associated with biometric authentication are very serious. Privacy-preserving biometric authentication addresses privacy concerns associated with the use of biometrics and offers a secure solution for user authentication. Given the tremendous expansion of wireless communications a new distributed architecture in biometric authentication is evolving. In this distributed setting, a resource constrained client may outsource part of the computations during the biometric authentication process to a more powerful device (cloud server). In this work, we consider one such distributed setting consisting of clients, a cloud server, and a service provider and make a case for the need for verifiable computation to achieve security against malicious, as opposed to an honest-but-curious, cloud server. In particular, we propose to use verifiable computation on top of an homomorphic encryption scheme to verify that the cloud server correctly performs the computations outsourced to it. A proof of security of a generic protocol in the presence of a malicious cloud server is also provided. Finally, we discuss how an XOR-linear message authentication code can be used to verify the correctness of the computation.