Julien Bringer

An application of the Goldwasser-Micali cryptosystem to biometric authentication

This work deals with the security challenges in authentication protocols employing volatile biometric features, where the authentication is indeed a comparison between a fresh biometric template and that enrolled during the enrollment phase. We propose a security model for biometric-based authentication protocols by assuming that the biometric features to be public. Extra attention is paid to the privacy issues related to the sensitive relationship between a biometric feature and the relevant identity. Relying on the Goldwasser-Micali encryption scheme, we introduce a protocol for biometric-based authentication and prove its security in our security model.

Optimal Iris Fuzzy Sketches

Fuzzy sketches, introduced as a link between biometry and cryptography, are a way of handling biometric data matching as an error correction issue. We focus here on iris biometrics and look for the best error-correcting code in that respect. We show that two-dimensional iterative min-sum decoding leads to results near the theoretical limits. In particular, we experiment our techniques on the iris challenge evaluation (ICE) database and validate our findings.

Theoretical and Practical Boundaries of Binary Secure Sketches

Fuzzy commitment schemes, introduced as a link between biometrics and cryptography, are a way to handle biometric data matching as an error-correction issue. We focus here on finding the best error-correcting code with respect to a given database of biometric data. We propose a method that models discrepancies between biometric measurements as an erasure and error channel, and we estimate its capacity. We then show that two-dimensional iterative min-sum decoding of properly chosen product codes almost reaches the capacity of this channel. This leads to practical fuzzy commitment schemes that are close to theoretical limits. We test our techniques on public iris and fingerprint databases and validate our findings.

The best of both worlds: Applying secure sketches to cancelable biometrics

Cancelable biometrics and secure sketches have been introduced with the same purpose in mind: to protect the privacy of biometric templates while keeping the ability to match this protected data against a reference. The paradigm beyond cancelable biometrics is to perform an irreversible transformation over images and to make matching over transformed images. On one hand, a drawback of this technique is that for biometrics using a matching algorithm relying on some complex characteristics, such as the ones used for fingerprints, the irreversible transformation tends to break the underlying structure, thus degrading the performance accuracy. On the other hand, for secure sketches, matching is reduced to an error correction and we show here that applying secure sketch error correction to cancelable biometrics allows one to keep good matching performance. Moreover, the securitys advantages of both schemes adds up together.

Binary feature vector fingerprint representation from minutiae vicinities

Today, when comparing classical fingerprint matching and more constrained algorithms, like after binary quantization for biometric privacy protection purpose, there is an important gap in terms of performances. Performances of the latter solutions still need to be improved to decrease this gap. The main difficulty comes from the fact that fingerprint captures of the same trait give very different minutiae sets with possibly small overlaps and very different distortions among the different part of the images; and comparison of a stored reference with the fresh captured fingerprint data has to take into account those local variabilities. In this paper, we study a new approach to this problem by exhibiting a way to transform a minutiae set into a quantized feature vector by local comparisons. The encoding of the original fingerprint template is made by matching small minutiae vicinities with a set of representative vicinities. Moreover, the representation achieves the interesting property of self-alignment of the vectors.

A Framework for Analyzing Template Security and Privacy in Biometric Authentication Systems

In this correspondence, we analyze the vulnerabilities of biometric authentication protocols with respect to user and data privacy. The goal of an adversary in such context is not to bypass the authentication but to learn information either on biometric data or on users that are in the system. We elaborate our analysis on a general system model involving four logical entities (sensor, server, database, and matcher), and we focus on internal adversaries to encompass the situation where one or a combination of these entities would be malicious. Our goal is to emphasize that when going beyond the usual honest-but-curious assumption much more complex attacks can affect the privacy of data and users. On the one hand, we introduce a new comprehensive framework that encompasses the various schemes we want to look at. It presents a system model in which each internal entity or combination of entities is a potential attacker. Different attack goals are considered and resulting requirements on data flows are discussed. On the other hand, we develop different generic attacks. We follow a blackbox approach in which we consider components that perform operations on biometric data but where only the input/output behavior is analyzed. These attack strategies are exhibited on recent schemes such as the distributed protocol of Bringer (ACISP 2007), which is based on the Goldwasser-Micali cryptosystem, the related protocol of Barbosa (ACISP 2008), which uses the Paillier cryptosystem, and the scheme of Stoianov (SPIE 2010), that features the Blum-Goldwasser cryptosystem. All these schemes have been developed in the honest-but-curious adversary model and show potential weaknesses when considered in our malicious insider attack model.

Extended private information retrieval and its application in biometrics authentications

In this paper we generalize the concept of Private Information Retrieval (PIR) by formalizing a new cryptographic primitive, named Extended Private Information Retrieval (EPIR). Instead of enabling a user to retrieve a bit (or a block) from a database as in the case of PIR, an EPIR protocol enables a user to evaluate a function f which takes a string chosen by the user and a block from the database as input. Like PIR, EPIR can also be considered as a special case of the secure two-party computation problem (and more specifically the oblivious function evaluation problem). We propose two EPIR protocols, one for testing equality and the other for computing Hamming distance. As an important application, we show how to construct strong privacy-preserving biometric-based authentication schemes by employing these EPIR protocols.

Privacy-Preserving Biometric Identification Using Secure Multiparty Computation: An Overview and Recent Trends

This article presents a tutorial overview of the application of techniques of secure two-party computation (also known as secure function evaluation) to biometric identification. These techniques enable to compute biometric identification algorithms while maintaining the privacy of the biometric data. This overview considers the main tools of secure two-party computations such as homomorphic encryption, garbled circuits (GCs), and oblivious transfers (OTs) and intends to give clues on the best practices to secure a biometric identification protocol. It also presents recent trends in privacy-preserving biometric identification that aim at making it usable in real-life applications.

Error-Tolerant Searchable Encryption

In this paper, we describe a new primitive for Error-Tolerant Searchable Encryption and a security model for it. This generic scheme permits to make searches on encrypted data with only an approximation of some keyword. It enables to efficiently query secure databases in order to get the exact data with a close estimation of it. An application to biometric identification arises from this construction. This is the first construction both for Error-Tolerant Searchable Encryption and for a biometric identification protocol over encrypted personal data.

Identification with encrypted biometric data

Biometrics make human identification possible with a sample of a biometric trait and an associated database. Classical identification techniques lead to privacy concerns. This paper introduces a new method to identify someone using his biometrics in an encrypted way. Our construction combines Bloom Filters with Storage and Locality-Sensitive Hashing. We apply this error-tolerant scheme, in a Hamming space, to achieve biometric identification in an efficient way. This is the first non-trivial identification scheme dealing with fuzziness and encrypted data. Copyright