CS406: Information Security

Generally speaking, a biometric authentication system works in the following way. First, a user (e.g., an employee) registers to the system by providing her identity together with her biometric template that becomes her reference template (registration phase). Subsequently, the user can get authenticated into the system (authentication phase) by submitting an identity and a biometric template, called fresh template. The system performs a matching process, which aims to check if the provided fresh template is close enough to the one stored for the given user (in which case the user is authenticated/accepted) or not (in which case the user is rejected). Common BAS aim at authenticating users regardless of what the system may leak about the user's biometric credentials to third parties. Such processes protect privacy at the design stage rather than being an aftermath action adopted as an add-on service at later stages. In contrast, privacy-preserving BAS provide user authentication through a privacy-aware process that includes privacy at the design stage of the system. Intuitively, privacy-preserving BAS transform biometric traits into vectors of data in secure domains, in such a way that the system can guarantee the anonymity of the biometric trait owner, while being able to distinguish among the clients in the system.

The base for biometric authentication is the extraction of a biometric trait from the human body or behaviour. Common biometric traits used nowadays for authentication are voice, signature, DNA, fingerprint, iris, and ear shape. In all cases, the biometric trait is a distinctive characteristic that is measurable and identifies (almost) uniquely each individual. In practice, the data collecting process of biometric templates is by itself a challenging task due to the inherent noise and the natural variability of biometric credentials. For example, two scans of the same fingerprint can differ because of the variance in finger pressure, orientation, dirt, or sweat. To overcome the presence of noise, which is inherited in biometric credentials and in the collection process, the comparison between a fresh biometric template and a stored one always takes into account approximation.

In order to understand how biometric authentication is performed and subsequently discuss what attacks and mitigations are possible, we need to formally present the two main phases that compose a privacy-preserving BAS. Figure 1 depicts the authentication phase for a distributed architecture, that is, where every entity involved in the authentication process performs only a single task. More precisely, by adopting a distributed architecture in the biometric authentication process (e.g., computational server $(\mathscr{C} \mathcal{S})$, authentication server $\mathscr{A} \mathcal{S}$, database $\mathscr{D} \mathscr{B})$, it is possible to limit the amount of information each entity has at its disposal and thus avoid single point of failures. Furthermore, a distributed architecture provides higher privacy guarantees since no single entity has access to all sensitive data (i.e., fresh biometric template, stored biometric template, and user's identity).

Figure 1: The authentication phase in a biometric authentication system with a distributed architecture.

This architecture is adopted as a security countermeasure against internal honest-butcurious adversaries. In most systems, even if one entity among $\mathscr{C} \mathcal{S}, \mathscr{D} \mathscr{B}$, and $\mathscr{A} \mathcal{S}$ is corrupted, an adversary (malicious third party) cannot learn anything about the biometric templates unless it behaves maliciously. In nondistributed architectures, the computational server and the authentication server merge into a single entity, leading to a single point of failure.

The Enrolment Phase. This phase takes place only once and is performed before the authentication. A user $\mathscr{C}$ (client) registers to a trusted party her biometric template (usually encrypted in a digital string $\tilde{b}$) along with her identity (possibly a pseudonym ID . These two data are then stored in the database $\mathscr{D} \mathscr{B}$ of the authentication system. Once enrolled in the system, the client can authenticate herself an unlimited number of times.

The Authentication Phase. This phase is depicted in Figure 1. The client provides her fresh biometric trait (through the sensor $\mathcal{S}$) together with her identity. These two pieces of information are then elaborated by the sensor and transmitted to the computational server $\mathscr{C} \mathcal{S}$ , as $\widetilde{b}^{\prime}(\mathrm{e} \cdot \mathrm{g}$., the encryption of the fresh template) and $\widehat{\mathrm{ID}}$ (e.g., a pseudonym). The computational server $\mathscr{C} \mathcal{S}$ queries the database $\mathscr{D} \mathscr{B}$ for the stored template $\tilde{b}$ linked to ID. After receiving $\tilde{b}, \mathscr{C} \mathcal{S}$ computes the (possibly encrypted) distance $d$ between $b^{\prime}$ and $b$ (e.g., $d$ could be the Euclidean or the Hamming distance). Let $\Delta=\widehat{d\left(b, b^{\prime}\right)}$ be the output that $\mathscr{C} \mathcal{S}$ sends to $\mathscr{A} \mathscr{S}$. The authentication server uses $\Delta$ to derive the actual distance between $b^{\prime}$ and $b$ and compares it with $\tau$, the threshold of the system. The threshold $\tau$ can be thought as the accuracy level of the system; indeed, if the templates are close enough (i.e., $d\left(b, b^{\prime}\right)$ ), the user is authenticated; otherwise the user is rejected.

In classical authentication systems (i.e., non-privacy-preserving), the biometric data is sent and stored in the clear. In this case, $\widetilde{b^{\prime}}=b^{\prime}, \widetilde{b}=b$, and $\widetilde{\mathrm{ID}}=\mathrm{ID}$ . In these systems an eavesdropper adversary can easily retrieve the biometric templates of any user.

In contrast, privacy-preserving biometric authentication systems aim at protecting the users' biometric templates against both passive and active adversaries. A common practice is to preserve the user's privacy by encrypting the sensitive data. For example, Yasuda et al.'s privacy-preserving biometric authentication scheme works as follows. The sensor $\mathcal{S}$ encrypts the provided fresh biometric template $b^{'}$ obtaining $\widetilde{b^{\prime}}= \operatorname{Enc}\left(b^{\prime}\right)$ (here the encryption scheme is based on a packing method for polynomials). For privacy reasons also the reference template $b$ is stored encrypted as $\widetilde{b}=\operatorname{Enc}(b)$. The computational server computes $\Delta$, which is the encrypted Hamming distance of the two templates, and forwards it to $\mathscr{A} \mathcal{S}$. The authentication server decrypts $\Delta$ and checks whether the distance is less than the predefined threshold $\tau$. In the protocol outlined above, the biometric templates are always handled in an encrypted way. The only entity in possession of the decryption key is $\mathscr{A} \mathcal{S}$, which never receives an encrypted template, but only encrypted distances.