Secure Outsourced Biometric Authentication with Performance Evaluation on Smartphones

Abstract-We design privacy-preserving protocols for Scaled Manhattan and Scaled Euclidean verifiers, secure against malicious clients and honest-but-curious server. We then augment our protocols with principal component analysis (PCA), which can help improve authentication accuracy. We evaluate the performance of our protocols on an emerging application-namely, continuous authentication of smartphone users. We compare the performance of protocols secure under the malicious client model, with three protocols secure in the honest-but-curious model. We report tradeoffs between computation overhead, communication cost, and authentication accuracy. Our key observations are: 1) Scaled Manhattan without PCA gives the best tradeoff between security, accuracy, and overhead; and 2) with PCA, memory availability on current smartphones limits the number of features that can be used with Scaled Manhattan, and prevents the Scaled Euclidean protocol from running. Our extended evaluation on a laptop client shows that PCA with both Scaled Manhattan and Scaled Euclidean verifiers is feasible given sufficient memory

Secure, Fast, and Energy-Efficient Outsourced Authentication for Smartphones

Common smartphone authentication mechanisms (e.g., PINs, graphical passwords, and fingerprint scans) are not designed to offer security post-login. Multi-modal continuous authentication addresses this issue by frequently and unobtrusively authenticating the user via behavioral biometric signals, such as touchscreen interaction and hand movements. Because smartphones can easily fall into the hands of the adversary, it is critical that the behavioral biometric information collected and processed on these devices is secured. This can be done by offloading encrypted template information to a remote server, and then performing authentication via privacy-preserving protocols. In this paper, we demonstrate that the energy overhead of current privacy-preserving protocols for continuous authentication is unsustainable on smartphones. To reduce energy consumption, we design a technique that leverages characteristics unique to the authentication setting in order to securely outsource computation to an untrusted Cloud. Our approach is secure against a colluding smartphone and Cloud, thus making it well suited for authentication. We performed extensive experimental evaluation. With our technique, the energy requirement for running an authentication instance that computes Manhattan distance is 0.2 mWh, which corresponds to a negligible fraction of the smartphone\u27s battery capacity. In addition, for Manhattan distance, our protocol runs in 0.72 and 2 s for 8 and 28 biometric features, respectively. We were also able to compute Hamming distance in 3.29 s, compared with 95.57 s achieved with the previous fastest outsourced computation protocol (Whitewash). These results demonstrate that ours is presently the only technique suitable for low-latency continuous authentication (e.g., with authentication scan windows of 60 s or shorter)

Biometrics-as-a-Service: A Framework to Promote Innovative Biometric Recognition in the Cloud

Biometric recognition, or simply biometrics, is the use of biological attributes such as face, fingerprints or iris in order to recognize an individual in an automated manner. A key application of biometrics is authentication; i.e., using said biological attributes to provide access by verifying the claimed identity of an individual. This paper presents a framework for Biometrics-as-a-Service (BaaS) that performs biometric matching operations in the cloud, while relying on simple and ubiquitous consumer devices such as smartphones. Further, the framework promotes innovation by providing interfaces for a plurality of software developers to upload their matching algorithms to the cloud. When a biometric authentication request is submitted, the system uses a criteria to automatically select an appropriate matching algorithm. Every time a particular algorithm is selected, the corresponding developer is rendered a micropayment. This creates an innovative and competitive ecosystem that benefits both software developers and the consumers. As a case study, we have implemented the following: (a) an ocular recognition system using a mobile web interface providing user access to a biometric authentication service, and (b) a Linux-based virtual machine environment used by software developers for algorithm development and submission

SmartCAMPP - Smartphone-based Continuous Authentication leveraging Motion sensors with Privacy Preservation

Continuous Authentication (Ca) Approaches Are Attracting Attention Due To The Explosion Of Available Sensors From Iot Devices Such As Smartphones. However, A Critical Privacy Concern Arises When Ca Data Is Outsourced. Data From Motion Sensors May Reveal Users&#34 Private Issues. Despite The Need For Ca In Smartphones, No Previous Work Has Explored How To Tackle This Matter Leveraging Motion Sensors In A Privacy-Preserving Way. In This Work, A Mechanism Dubbed Smartcampp Is Proposed To Achieve Ca Based On Gyroscope And Accelerometer Data. Format-Preserving Encryption Techniques Are Applied To Privately Outsource Them. Our Results Show The Suitability Of The Proposed Scheme, Featuring Of Accuracy While Taking 5.12 Ms. Of Computation For Authenticating Each User. Interestingly, The Use Of Cryptography Does Not Lead To A Significant Impact As Compared To A Non-Privacy-Preserving MechanismThis work was partially supported by Spanish MINECO, AEI and European Regional Development Fund (ERDF), through grants TIN2017-84844-C2-1-R (COPCIS) and PID2019-111429RBC21 (ODIO); by Comunidad de Madrid (Spain) through grant P2018/TCS-4566-CM (CYNAMON), co-funded with ERDF, and also jointly with Univ. Carlos III de Madrid, grant CAVTIONS-CM-UC3M. Lorena González and José María de Fuentes would like to thank the Excellence Program for University Researchers. Luis Hernández-Álvarez would like to thank CSIC Project 202050E304 (CASDiM)

Efficient Verifiable Computation of XOR for Biometric Authentication

This work addresses the security and privacy issues in remotebiometric authentication by proposing an efficient mechanism to verifythe correctness of the outsourced computation in such protocols.In particular, we propose an efficient verifiable computation of XORingencrypted messages using an XOR linear message authenticationcode (MAC) and we employ the proposed scheme to build a biometricauthentication protocol. The proposed authentication protocol is bothsecure and privacy-preserving against malicious (as opposed to honest-but-curious) adversaries. Specifically, the use of the verifiable computation scheme together with an homomorphic encryption protects the privacy of biometric templates against malicious adversaries. Furthermore, in order to achieve unlinkability of authentication attempts, while keeping a low communication overhead, we show how to apply Oblivious RAM and biohashing to our protocol. We also provide a proof of security for the proposed solution. Our simulation results show that the proposed authentication protocol is efficient

Performance Evaluation of Mobile Sensor for Context Awareness User Authentication

With the increase of smart devices and their capacities, their use for different services have also increased. As much as this is an advantage, it has posed additional risks because of the confidential information stored on them. This has increased the need for additional security on these systems. Most of the methods used for user authentication pose certain drawbacks that are either easy to circumvent or cumbersome to use. As a result, multi-level means of authentication is needed to improve the security of mobile devices. Sensors are playing a vital role in the mobile ecosystem to enhance different services. These sensors can be leveraged upon as a solution for user authentication. This research analyzed and evaluated different mobile device sensors for continuous and transparent user authentication. The mobile data used includes gyroscope, accelerometer, linear accelerometer, proximity, gravity, and magnetometer sensors’ data. Using a Feedforward Neural network for data classification after extracting features from the different sensors available in the mobile device; the most effective was selected by evaluating performance of the different sensors. The best sensor, the accelerometer was further experimented on. The experiment showed that smartphone accelerometer sensor exhibits sufficient discriminability, stability, and reliability for active and continuous authentication, by achieving a performance of 6.55% for the best overall EER.With the increase of smart devices and their capacities, their use for different services have also increased. As much as this is an advantage, it has posed additional risks because of the confidential information stored on them. This has increased the need for additional security on these systems. Most of the methods used for user authentication pose certain drawbacks that are either easy to circumvent or cumbersome to use. As a result, multi-level means of authentication is needed to improve the security of mobile devices. Sensors are playing a vital role in the mobile ecosystem to enhance different services. These sensors can be leveraged upon as a solution for user authentication. This research analyzed and evaluated different mobile device sensors for continuous and transparent user authentication. The mobile data used includes gyroscope, accelerometer, linear accelerometer, proximity, gravity, and magnetometer sensors’ data. Using a Feedforward Neural network for data classification after extracting features from the different sensors available in the mobile device; the most effective was selected by evaluating performance of the different sensors. The best sensor, the accelerometer was further experimented on. The experiment showed that smartphone accelerometer sensor exhibits sufficient discriminability, stability, and reliability for active and continuous authentication, by achieving a performance of 6.55% for the best overall EER

Instant Privacy-Preserving Biometric Authentication for Hamming Distance

In recent years, there has been enormous research attention in privacy-preserving biometric authentication, which enables a user to verify him or herself to a server without disclosing raw biometric information. Since biometrics is irrevocable when exposed, it is very important to protect its privacy. In IEEE TIFS 2018, Zhou and Ren proposed a privacy-preserving user-centric biometric authentication scheme named PassBio, where the end-users encrypt their own templates, and the authentication server never sees the raw templates during the authentication phase. In their approach, it takes about 1 second to encrypt and compare 2000-bit templates based on Hamming distance on a laptop. However, this result is still far from practice because the size of templates used in commercialized products is much larger: according to NIST IREX IX report of 2018 which analyzed 46 iris recognition algorithms, size of their templates varies from 4,632-bit (579-byte) to 145,832-bit (18,229-byte). In this paper, we propose a new privacy-preserving user-centric biometric authentication (HDM-PPBA) based on Hamming distance, which shows a big improvement in efficiency to the previous works. It is based on our new single-key function-hiding inner product encryption, which encrypts and computes the Hamming distance of 145,832-bit binary in about 0.3 seconds on Intel Core i5 2.9GHz CPU. We show that it satisfies simulation-based security under the hardness assumption of Learning with Errors (LWE) problem. The storage requirements, bandwidth and time complexity of HDM-PPBA depend linearly on the bit-length of biometrics, and it is applicable to any large templates used in NIST IREX IX report with high efficiency