1 research outputs found
Privacy Protection in Distributed Fingerprint-based Authentication
Biometric authentication is getting increasingly popular due to the
convenience of using unique individual traits, such as fingerprints, palm
veins, irises. Especially fingerprints are widely used nowadays due to the
availability and low cost of fingerprint scanners. To avoid identity theft or
impersonation, fingerprint data is typically stored locally, e.g., in a trusted
hardware module, in a single device that is used for user enrollment and
authentication. Local storage, however, limits the ability to implement
distributed applications, in which users can enroll their fingerprint once and
use it to access multiple physical locations and mobile applications
afterwards.
In this paper, we present a distributed authentication system that stores
fingerprint data in a server or cloud infrastructure in a privacy-preserving
way. Multiple devices can be connected and perform user enrollment or
verification. To secure the privacy and integrity of sensitive data, we employ
a cryptographic construct called fuzzy vault. We highlight challenges in
implementing fuzzy vault-based authentication, for which we propose and compare
alternative solutions. We conduct a security analysis of our biometric
cryptosystem, and as a proof of concept, we build an authentication system for
access control using resource-constrained devices (Raspberry Pis) connected to
fingerprint scanners and the Microsoft Azure cloud environment. Furthermore, we
evaluate the fingerprint matching algorithm against the well-known FVC2006
database and show that it can achieve comparable accuracy to widely-used
matching techniques that are not designed for privacy, while remaining
efficient with an authentication time of few seconds.Comment: This is an extended version of the paper with the same title which
has been accepted for publication at the Workshop on Privacy in the
Electronic Society (WPES 2019