CryptoDB
BETA: Biometric-Enabled Threshold Authentication
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | In the past decades, user authentication has been dominated by server-side password-based solutions that rely on ``what users know". This approach is susceptible to breaches and phishing attacks, and poses usability challenges. As a result, the industry is gradually moving to biometric-based client-side solutions that do not store any secret information on servers. This shift necessitates the safe storage of biometric templates and private keys, which are used to generate tokens, on user devices. We propose a new generic framework called Biometric Enabled Threshold Authentication (BETA) to protect sensitive client-side information like biometric templates and cryptographic keys. Towards this, we formally introduce the notion of Fuzzy Threshold Tokenizer (FTT) where an initiator can use a ``close'' biometric measurement to generate an authentication token if at least t (the threshold) devices participate. We require that the devices only talk to the initiator, and not to each other, to capture the way user devices are connected in the real world. We use the universal composability (UC) framework to model the security properties of FTT, including the unforgeability of tokens and the privacy of the biometric values (template and measurement), under a malicious adversary. We construct three protocols that meet our definition. Our first two protocols are general feasibility results that work for any distance function, any threshold t and tolerate the maximal (i.e. t-1) amount of corruption. They are based on any two round UC-secure multi-party computation protocol in the standard model (with a CRS) and threshold fully homomorphic encryption, respectively. We show how to effectively use these primitives to build protocols in a constrained communication model with just four rounds of communication. For the third protocol, we consider inner-product based distance metrics (cosine similarity, Euclidean distance, etc.) specifically, motivated by the recent interest in its use for face recognition. We use Paillier encryption, efficient NIZKs for specific languages, and a simple garbled circuit to build an efficient protocol for the common case of n=3 devices with one compromised. |
Video from PKC 2021
BibTeX
@article{pkc-2021-30973,
title={BETA: Biometric-Enabled Threshold Authentication},
booktitle={Public-Key Cryptography - PKC 2021},
publisher={Springer},
doi={10.1007/978-3-030-75248-4_11},
author={Shashank Agrawal and Saikrishna Badrinarayanan and Payman Mohassel and Pratyay Mukherjee and Sikhar Patranabis},
year=2021
}