Biometric Verification Secure Against Malicious Adversaries

Biometric verification has been widely deployed in current authentication solutions as it proves the physical presence of individuals. To protect the sensitive biometric data in such systems, several solutions have been developed that provide security against honest-but-curious (semi-honest) attackers. However, in practice attackers typically do not act honestly and multiple studies have shown drastic biometric information leakage in such honest-but-curious solutions when considering dishonest, malicious attackers. In this paper, we propose a provably secure biometric verification protocol to withstand malicious attackers and prevent biometric data from any sort of leakage. The proposed protocol is based on a homomorphically encrypted log likelihood-ratio-based (HELR) classifier that supports any biometric modality (e.g. face, fingerprint, dynamic signature, etc.) encoded as a fixed-length real-valued feature vector and performs an accurate and fast biometric recognition. Our protocol, that is secure against malicious adversaries, is designed from a protocol secure against semi-honest adversaries enhanced by zero-knowledge proofs. We evaluate both protocols for various security levels and record a sub-second speed (between $0.37$s and $0.88$s) for the protocol against semi-honest adversaries and between $0.95$s and $2.50$s for the protocol secure against malicious adversaries.Comment: This is a complete reworking and major expansion of our paper arXiv:1705.09936 * Reworking of original semi-honest protocol and its security proof * Major expansions: tailored zero-knowledge proofs; efficient variant of original protocol that we prove secure against malicious adversaries; extensive experimental evaluation using three different datasets; in-depth comparison with related wor