Privacy Preserving Bio-Metric Authentication

Abstract

Biometric authentication is now extensively used in several systems and applications to authenticate users using their biometrics. The biometrics of the users are compared to the biometric templates already stored on the server, and if there is a match, only the user is permitted to enter the system. However, because each user\'s biometrics are unique, it is more important than the user\'s actual biometric data is never leaked. Moreover, the utilization of the user\'s actual biometric data for comparisons during the authentication process can\'t be done because the revelation of the user\'s actual biometrics to the server should not be done. Throughout authentication, each user will encrypt his biometrics and then transmit this encrypted data to the server for comparison, and this data will never be decrypted for privacy reasons during the whole authentication process. To compare two encrypted data without decrypting them, the present study uses the homomorphic properties of the Pailler cryptosystem which will be the encryption of the algorithm for the comparison part. The use of Euclidean Distance is made to find the squared distance between the users’ queried feature vector and the templates stored into the server. In the end, among all the distances, the minimum distance will be chosen and will compare with some predefined threshold to decide whether the user is an authenticated user or not.

Introduction

I. INTRODUCTION

Biometrics authentication has gained very much importance in recent years, this authentication process uses face, fingerprints, eyes, etc as biometric data. The user has to first register into the system and while registering, he will give his biometric templates which will be stored on the server. The user mostly gives more than one copy of its biometric, for example, in the case of face recognition, the user will be asked to give different images having different expressions and taken from different angles so that the authentication is done in fewer trials as possible [1-3].

During the authentication, the user’s actual biometrics must be kept secret from the server so that if during the authentication the data gets leaked, then it would be impossible for that malicious party to get the original data of the user in polynomial time. For that, the encryption schemes will be used which we will deal in the numbers that will be of several of hundreds of digits. Also, decryption of the encrypted data of the user at any point of time during the authentication can’t be done. To pursue that, the use of Paillier’s encryption scheme is made because of its additive homomorphic property. Because of this property, the present study will be able to compare two encrypted data without decrypting them. It will have to maintain the privacy of the templates stored in the server from the user. Also, the permission of letting the server know which one of its biometric templates is matched with the user’s queried feature vector because of the same possibility of the server getting breached during the authentication must be prohibited [4-6].

The use of Euclidean distance is made in order to find the closeness between the user’s data and the templates stored on the server. Yet again all the operations that will be done to compute the distance will be in an encrypted domain i.e., not be decrypting the user’s data to compute the distance. Then, a comparison among these encrypted distances to find the minimum of them is to be done. Afterward, this minimum encrypted distance will be compared with some threshold value which can be decided by doing several experiments. If this minimum encrypted distance is less than or equal to the threshold, then it will let the user enter into the system for being an authenticated user. Before all these, the system has to extract the features from the images that are stored during the enrollment process of the user. Before storing an image into the server also, the feature extraction is performed and then that feature vector will be stored in the server.

A. Problem Statement

At the server, we have got N templates X = {x1, x2, . . ., xN} stored and each template is a vector of dimension d that is, each template is having d features. During the registration or enrollment of the user, we converted his actual image into a feature vector by performing all the feature extractions, and these final feature vectors are represented as xi here for 1 ≤ i ≤ N. For the client, we have got the user’s actual image W[1xD] of dimension D which will be encrypted according to the Paillier encryption scheme before sending to the server. After encryption of the actual image of the user, we will send this to a server for an authentication process. At the server, the Encrypted image will be transformed into an encrypted feature vector which is represented as [u[1xd]]. Any encrypted entity will be represented as [.]. We will use this encrypted feature vector for all calculations [7-9].

The server will have to tell after doing the comparison of this the user’s feature vector with a template of servers, whether the user has authenticated the user or not. The server will return one boolean value only, telling whether the user is valid or not. Other than that, no information regarding the user will be returned.

B. Approach

The problem of PPBA mainly consists of four modules

1. Encryption: In this module, we will have the user’s feature vector that will be encrypted using Paillier encryption and then this encrypted feature vector will be sent to the server. A server, for performing the computations in the next module, we will be needed to do encryption on the server-side as well using the same encryption scheme. These encrypted feature vectors will be used as input for the next module [10].
2. Feature Extraction: In this module we will have the actual image of the user of dimension D. We will perform some dimension reduction and will extract some features from the image transforming the D dimensional vector into the feature vector of dimension d where d << D. Output of this module will be the final feature vector which will be used as an input for the next module. Also, all the templates that will be stored on the server, will pass through this module first [11].
3. Matching: This module is consist of two things. First, the server will compute the distance between the user’s feature vector and templates of the server in an encrypted domain. Then the second thing is to compare this distance and to choose the minimum among them. This minimum distance will be used as the input for the next module [9].
4. Decision: This module is the last one and is rather simple. We will just compare the minimum distance with the predefined threshold. And based on this comparison, the server will decide whether the user is valid or not [8].

II. ENCRYPTION MODULE

III. FEATURE EXTRACTION MODULE

IV. MATCHING MODULE

References

[1] Paillier, P. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999) [2] H. Chun et al., Outsourceable Two-Party Privacy-Preserving Biometric Authentication , Proc. 9th ACM Symp. Info. Computer and Commun. Security, pp. 401-12, June 2014. [3] Z. Erkin, M. Franz, J. Guajardo, S. Katzenbeisser, I. Lagendijk, and T. Toft. Privacy-preserving Face Recognition. , In 9th International Symposium on Privacy Enhancing Technologies, 2009. [4] Malik Jyoti, Girdhar Dhiraj, Dahiya, Ratna Sainarayanan, I. Lagendijk and T. Toft. Reference Threshold Calculation for Biometric Authentication. , International Journal of Image, Graphics and Signal Processing. [5] R. Canetti, B. Fuller, O. Paneth, L. Reyzin, and A. Smith, “Reusable fuzzy extractors for low-entropy distributions,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 117–146, Springer, 2016. [6] A. I. Desoky, H. A. Ali, and N. B. Abdel-Hamid, “Enhancing iris recognition system performance using templates fusion,” Ain Shams Engineering Journal, vol. 3, no. 2, pp. 133–140, 2012. [7] K. P. Hollingsworth, K. W. Bowyer, and P. J. Flynn, “Improved iris recognition through fusion of hamming distance and fragile bit distance,” IEEE transactions on pattern analysis and machine intelligence, vol. 33, no. 12, pp. 2465–2476, 2011. [8] N. K. Ratha, J. H. Connell, and R. M. Bolle, “Enhancing security and privacy in biometrics-based authentication systems,” IBM systems Journal, vol. 40, no. 3, pp. 614–634, 2001. [9] A. T. B. Jin, D. N. C. Ling, and A. Goh, “Biohashing: two factor authentication featuring fingerprint data and tokenised random number,” Pattern recognition, vol. 37, no. 11, pp. 2245–2255, 2004. [10] R. Ang, R. Safavi-Naini, and L. McAven, “Cancelable key-based fingerprint templates,” in Australasian conference on information security and privacy, pp. 242– 252, Springer, 2005. [11] S. Kanade, D. Petrovska-Delacr´etaz, and B. Dorizzi, “Cancelable iris biometrics and using error correcting codes to reduce variability in biometric data,” in Comuputer Vision and Pattern Recognition, 2009. CVPR 2009. IEEE Conference on, pp. 120–127, IEEE, 2009.

Copyright

Copyright © 2022 Karan Ladhiya. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.