Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

姚琳,范庆娜,孔祥维

DOI: https://doi.org/10.3969/j.issn.1001-3695.2010.01.079

2010-01-01

Abstract:Traditional authorization with a variety of secure and privacy limitations,cannot satisfy the security needs of the internet environment,this paper proposed an identity authentication scheme based on biometric encryption.By adopting the biometric encryption,protected the biometric and key of the user well.The scheme could prevent unauthorized users from accessing and avoid unauthorized use of resources.The experiment results show that the scheme can distinguish the genuine users from imitated users though the face expressions very much.The scheme provided perfect authentication,and secure the communication well.

Weiye Xu,Jianwei Liu,Shimin Zhang,Yuanqing Zheng,Feng Lin,Fu Xiao,Jinsong Han

DOI: https://doi.org/10.1109/infocom42981.2021.9488737

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Current facial authentication (FA) systems are mostly based on the images of human faces, thus suffering from privacy leakage and spoofing attacks. Mainstream systems utilize facial geometry features for spoofing mitigation. which are still easy to deceive with the feature manipulation, e.g., 3D-printed human faces. In this paper, we propose a novel privacy-preserving anti-spoofing FA system, named RFace, which extracts both the 3D geometry and inner biomaterial features of faces using a COTS RFID tag array. These features are difficult to obtain and forge, hence are resistant to spoofing attacks. RFace only requires users to pose their faces in front of a tag array for a few seconds, without leaking their visual facial information. We build a theoretical model to rigorously prove the feasibility of feature acquisition and the correlation between the facial features and RF signals. For practicality, we design an effective algorithm to mitigate the impact of unstable distance and angle deflection from the face to the array. Extensive experiments with 30 participants and three types of spoofing attacks show that RFace achieves an average authentication success rate of over 95.7% and an EER of 4.4%. More importantly, no spoofing attack succeeds in deceiving RFace in the experiments.

Xiang Wang,Heyu Xue,Xuefeng Liu,Qingqi Pei

DOI: https://doi.org/10.1109/access.2019.2894535

IF: 3.9

2019-01-01

IEEE Access

Abstract:The face recognition has become a common means of identity authentication because of the advantages of uniqueness, non-invasive and not easy to be stolen. The outsourcing of face recognition to the service provider is a typical manner nowadays. However, it raises vital concerns about the privacy of outsourcing server due to the sensitivity of face data. Therefore, a frame of identity authentication based on the technology of privacy-preserving face recognition is presented in this paper. The convolutional neural network is used for face feature extraction. To overcome the issue of privacy leaked, a method of secure nearest neighbor that can compute the cosine similarity over encrypted feature vectors is proposed. What's more, the edge computing is introduced in our frame to increase the authentication efficiency by removing some operations from the cloud to the edge of the Internet. Moreover, we also propose a secret sharing homomorphism technology which is used for distributed computing to improve the fault-tolerance of our identity authentication system. The experimental results show that the proposed schemes are secure and effective.

Lei Wu,Lingzhen Meng,Shengnan Zhao,Xia Wei,Hao Wang

DOI: https://doi.org/10.1109/access.2021.3092018

IF: 3.9

2021-01-01

IEEE Access

Abstract:Biometric authentication is getting increasingly popular and demands a wide range of solutions to against increasing cybercrimes and digital identity thefts. This paper proposes a new privacy-preserving cancelable biometric authentication key agreement scheme, which improves the existing authentication scheme based on ECC. We are going to integrate the fuzzy commitment and cancelable biometrics to guarantee the security for user’s biometric information. The cancelable biometrics named as the random distance method (RDM) which can generate non-invertible and privacy-preserving revocable pseudo-biometric identities. The proposed scheme realizes the mutual authentication of participants, and the privacy of biometric information and also can resist the vast majority of existing attacks. We use the widely accepted BPR adversary model to formally prove the safety features of our scheme. Further, the comparison of other existing related schemes shows that the performance of this scheme has greater advantages in terms of computation and communication costs. The experiments demonstrate that this scheme can achieves higher accuracy, while preserving biometric information privacy.

Mingming Jiang,Shengli Liu,You Lyu,Yu Zhou

DOI: https://doi.org/10.1109/tmc.2022.3207830

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:Biometric features are quite suitable for identity authentication due to its inherent properties – universality, uniqueness and persistence. In fact, biometric authentication has been widely used in our daily life, especially in mobile devices. However, biometric features are quite sensitive, and once a feature is leaked to an evil adversary, it cannot be used in authentication any more. This leads to a push on research of biometric privacy protection. In this paper, we propose a face-based authentication system with the help of a computational secure sketch. The computational secure sketch takes charge of error tolerance on the face samplings. Then the face features of the same user are used to extract an authentication key, which is in turn used to do the identity authentication for the user. The computational security of the computational secure sketch makes sure that the public information obtained by the adversary does not affect the pseudorandomness of the authentication key, hence the privacy of face features is guaranteed. Moreover, the privacy protection technique in our face-based authentication system can be extended to other biometric-based authentication.

computer science, information systems,telecommunications

Tao Wang,Yushu Zhang,Xiangli Xiao,Lin Yuan,Zhihua Xia,Jian Weng

DOI: https://doi.org/10.1145/3664647.3680704

2024-01-01

Abstract:The significant advancement in face recognition drives face privacy protection into a prominent research direction. Unlike de-identification, a recent class of face privacy protection schemes preserves identifiable formation for face recognition. However, these schemes fail to support the revocation of the leaked identity, causing attackers to potentially identify individuals and then pose security threats. In this paper, we explore the possibility of generating privacy-preserving faces (not features) supporting cancelable biometric recognition. Specifically, we propose a cancelable face generator (CanFG), which removes the physical identity for privacy protection and embeds the virtual identity for face recognition. Particularly, when leaked, the virtual identity can be revoked and renew as another one, preventing re-identification from attackers. Benefiting from the designed distance-preserving identity transformation, CanFG can guarantee separability and preserve recognizability of virtual identities. Moreover, to make CanFG lightweight, we design a simple but effective training strategy, which allows CanFG to require only one (rather than two) network for achieving stable multi-objective learning. Extensive experimental results and sufficient security analyses demonstrate the ability of CanFG to effectively protect physical identity and support cancelable biometric recognition. Our code is available at https://github.com/daizigege/CanFG.

Peng Jiang,Qiaoyan Wen,Wenmin Li,Zhengping Jin,Hua Zhang

DOI: https://doi.org/10.1007/s11704-014-3125-7

2015-01-01

Abstract:As service demands rise and expand single-server user authentication has become unable to satisfy actual application demand. At the same time identity and password based authentication schemes are no longer adequate because of the insecurity of user identity and password. As a result biometric user authentication has emerged as a more reliable and attractive method. However, existing biometric authentication schemes are vulnerable to some common attacks and provide no security proof, some of these biometric schemes are also either inefficient or lack sufficient concern for privacy. In this paper, we propose an anonymous and efficient remote biometric user authentication scheme for a multi-server architecture with provable security. Through theoretical mathematic deduction, simulation implementation, and comparison with related work, we demonstrate that our approach can remove the aforementioned weaknesses and is well suited for a multi-server environment.

Xinying Yu,Kejun Zhang,Zhufeng Suo,Jun Wang,Wenbin Wang,Bing Zou

DOI: https://doi.org/10.1016/j.jksuci.2024.102166

IF: 9.006

2024-08-30

Journal of King Saud University - Computer and Information Sciences

Abstract:Biometric recognition is extensive for user security authentication in the Industrial Internet of Things (IIoT). However, the potential leakage of biometric data has severe repercussions, such as identity theft or tracking. Existing authentication schemes primarily focus on protecting biometric templates but often overlook the "one-authentication multiple-access" mode. As a result, these schemes still confront challenges related to privacy leakage and low efficiency for users who frequently access the server. In this regard, this paper proposes an efficient authentication scheme syncretizing physical unclonable function (PUF) and revocable biometrics in IIoT. Specifically, we design a revocable biometric template generation method syncretizing the user's biometric data and the device's PUF to enhance the security and revocability of the dual identity information. Given the generated revocable biometric template and the secret sharing, our scheme implements secure authentication and key negotiation between users and servers. Additionally, we establish an access boundary and an authentication validity period to permit multiple accesses following one authentication, thus significantly decreasing the computational cost of the user-side device. We leverage BAN logic and the ROR model to prove our scheme's security. Informal security analysis and performance comparison demonstrate that our scheme satisfies more security features with higher authentication efficiency.

computer science, information systems

Zhengxin You,Sheng Li,Zhenxing Qian,Xinpeng Zhang

DOI: https://doi.org/10.1109/icme51207.2021.9428115

2021-01-01

Abstract:In this paper, we propose a novel reversible face privacy-preserving scheme. Before uploading facial images onto the cloud, we first cover the facial region with mosaic and train an encoder to generate protected images with original facial information embedded. We train another classifier with protected images for facial expression recognition and a decoder for recovering original facial images. On the cloud service, protected images provide little identity information to malicious attackers. For low-privileged users, they can use the provided classifier to do computer vision tasks with protected images. For authorized users, after content recovery, the nor-mal usage of the facial images will not be affected. Experimental results show that the proposed method is effective in facial images recovery. In addition, the protected images can maintain similar accuracy on typical computer vision tasks compared to the original images.

Haoyang Wang,Kai Fan,Hongyan Chen,Qi Chen,Kuan Zhang,Fenghua Li,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/tdsc.2022.3186999

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Biometric applications makes biometric authentication replace the traditional password in many cases. Biometric recognition technology has the advantages of convenience and high stability, facilitating identity recognition. However, the shortcoming of biometric authentication is easy to be stolen and leaked, which raises security concerns. In this paper, we design a lightweight joint biometric authentication scheme (SELBA) based on face and fingerprint. We improve searchable encryption (SE) to protect the privacy security of extracted biometric features in the storage and authentication stage. Because of the problem that biometric features cannot be changed or retrieved once leaked in existing schemes, we propose a cancelable mechanism to reconstruct stolen or damaged biometric templates. Moreover, we make a complete security analysis of the SELBA to meet the confidentiality, renewability, revocability, irreversibility and unlinkability of template in biometric recognition. Meanwhile, we conduct experiments on real data sets to show that SELBA is secure, efficient and easy to use in practical application scenarios.

Lifang Wu,Songlong Yuan

DOI: https://doi.org/10.1109/ISDPE.2010.13

2010-01-01

Abstract:Biometric template protection is becoming a hot research recently. Fuzzy vault is a key binding biometric cryptosystem scheme. It binds a key with the biometric template and obtains the helper data. The main problem of fuzzy vault is that it can not provide the diversity and revocability. In this paper we propose a face based fuzzy vault scheme for online authentication. At the user side, the user's identity, the transformed template and key generated from user's password are always provided to the server. At the registration stage, fuzzy vault encoding is implemented using both key and transformed template. And then the fuzzy vault is encrypted using digital signature. At the authentication stage, by the identity claimed by user, the corresponding fuzzy vault will be checked, If it has been changed, the authentication will be failed. Otherwise, the key is recovered from the transformed template using fuzzy vault decoding, in which the nearest distance is computed for point matching. If the recovered key is same as that provided by user, the authentication will be successful. Otherwise it will be failed. The contribution of this paper include: the transformed template instead of face template is used, which will enable the system to provide diversity and revocability. The nearest distance based matching algorithm tolerates the much intra-class variation. The digital signature can be used to check if the fuzzy vault has been changed. The experimental results show that the proposed scheme achieves promising results.

Yangguang Tian,Yingjiu Li,Rongmao Chen,Nan Li,Ximeng Liu,Bing Chang,Xingjie Yu

DOI: https://doi.org/10.1007/978-3-030-01701-9_7

2018-01-01

Abstract:Biometric-based remote user authentication is a useful primitive that allows an authorized user to authenticate to a remote server using his biometrics. Leakage attacks, such as side-channel attacks, allow an attacker to learn partial knowledge of secrets (e.g., biometrics) stored on any physical medium. Leakage attacks can be potentially launched to any existing biometric-based remote user authentication systems. Furthermore, applying plain biometrics is an efficient and straightforward approach when designing remote user authentication schemes. However, this approach jeopardises user’s biometrics privacy. To address these issues, we propose a novel leakage-resilient and privacy-preserving biometric-based remote user authentication framework, such that registered users securely and privately authenticate to an honest-but-curious remote server in the cloud. In particular, the proposed generic framework provides optimal efficiency using lightweight symmetric-key cryptography, and it remains secure under leakage attacks. We formalize several new security models, including leakage-resilient user authenticity and leakage-resilient biometrics privacy, for biometric-based remote user authentication, and prove the security of proposed framework under standard assumptions.

Xuechun Mao,Ying Chen,Cong Deng,Xiaqing Zhou

DOI: https://doi.org/10.1371/journal.pone.0286215

IF: 3.7

2023-05-25

PLoS ONE

Abstract:Most existing secure biometric authentication schemes are server-centric, and users must fully trust the server to store, process, and manage their biometric data. As a result, users' biometric data could be leaked by outside attackers or the service provider itself. This paper first constructs the EDZKP protocol based on the inner product, which proves whether the secret value is the Euclidean distance of the secret vectors. Then, combined with the Cuproof protocol, we propose a novel user-centric biometric authentication scheme called BAZKP. In this scheme, all the biometric data remain encrypted during authentication phase, so the server will never see them directly. Meanwhile, the server can determine whether the Euclidean distance of two secret vectors is within a pre-defined threshold by calculation. Security analysis shows BAZKP satisfies completeness, soundness, and zero-knowledge. Based on BAZKP, we propose a privacy-preserving biometric authentication system, and its evaluation demonstrates that it provides reliable and secure authentication.

Lin Yuan,Wu Chen,Xiao Pu,Yan Zhang,Hongbo Li,Yushu Zhang,Xinbo Gao,Touradj Ebrahimi

DOI: https://doi.org/10.1109/tifs.2024.3388976

IF: 7.231

2024-05-10

IEEE Transactions on Information Forensics and Security

Abstract:The advancement of face recognition technology has delivered substantial societal advantages. However, it has also raised global privacy concerns due to the ubiquitous collection and potential misuse of individuals' facial data. This presents a notable paradox: while there is a societal demand for a robust face recognition ecosystem to ensure public security and convenience, an increasing number of individuals are hesitant to release their facial data. Numerous studies have endeavored to find such a utility-privacy trade-off, yet many struggle with the dilemma of prioritizing one at the expense of the other. In response to this challenge, this paper proposes PRO-Face C, a novel paradigm for privacy-preserving recognition of obfuscated faces via a dedicated feature compensation mechanism, aimed at optimizing the equilibrium between privacy preservation and utility maximization. The proposed approach is characterized by a specialized client-server architecture: the client transmits only obfuscated images to the server, which then performs identity recognition using a pre-trained model in conjunction with a suite of privacy-free complementary features. This framework facilitates accurate face identification while safeguarding the original facial appearance from explicit disclosure. Furthermore, the obfuscated image retains its visualization capability, crucial for image preview functionalities. To ensure the desired properties, we have developed an identity-guided feature compensation mechanism, complemented by several privacy-enhancing techniques. Extensive experiments conducted across multiple face datasets underscore the effectiveness of the proposed approach in diverse scenarios.

computer science, theory & methods,engineering, electrical & electronic

Zhiyong Zhou,Yuanning Liu,Xiaodong Zhu,Shaoqiang Zhang,Zhen Liu

DOI: https://doi.org/10.1016/j.ipm.2024.103869

2025-01-01

Abstract:Biometrics have copious merits over traditional authentication schemes and promote information management. The demand for large-scale biometric identification and certification booms. In spite of enhanced efficiency and scalability in cloud-based biometrics, they suffer from compromised privacy during the transmission and storage of irrevocable biometric information. Existing biometric protection strategies fatally degrade the recognition performance, due to two folds: inherent drawbacks of uni-biometrics and inevitable information loss caused by over-protection. Hence, how to make a trade-off between performance and protection is an alluring challenge. To settle these issues, we are the first to present a cancelable multi-biometric system combining iris and periocular traits with recognition performance improved and privacy protection emphasized. Our proposed binary mask-based cross-folding integrates multi-instance and multi-modal fusion tactics. Further, the steganography based on a low-bit strategy conceals sensitive biometric fusion into QR code with transmission imperceptible. Subsequently, a fine-grained hybrid attention dual-path network through stage-wise training models inter-class separability and intra-class compactness to extract more discriminative templates for biometric fusion. Afterward, the random graph neural network transforms the template into the protection domain to generate the cancelable template versus the malicious. Experimental results on two benchmark datasets, namely IITDv1 and MMUv1, show the proposed algorithm attains promising performance against state-of-the-art approaches in terms of equal error rate. What is more, extensive privacy analysis demonstrates prospective irreversibility, unlinkability, and revocability, respectively.

Yanrong Lu,Lixiang Li,Haipeng Peng,Yixian Yang

DOI: https://doi.org/10.1002/sec.1246

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:With the rapid development of computer networks, multi-server architecture has attracted much attention in many network environments. Moreover, in order to achieve non-repudiation which both passwords and cryptographic keys cannot provide, several password authentication schemes combining a user's biometrics for multi-server environments have been proposed in the past. In 2014, Chuang et al. presented a biometrics-based multi-server authenticated key agreement scheme and declared that their scheme was efficient and secure. Later, Mishra et al. commented that the scheme by Chuang et al. was susceptible to stolen smart card, impersonation and denial of service attacks. To conquer these weaknesses, Mishra et al. presented an efficient biometrics-based multi-server authenticated key agreement scheme using hash functions. However, we prove that the scheme by Mishra et al. is insecure against forgery, server masquerading and lacks perfect forward secrecy. The focus of this paper is to present a robust biometrics and public-key techniques-based authentication scheme, which is a significant enhancement to the scheme recently proposed by Mishra et al. The highlight of our scheme is that it not only conquers the flaws but also is efficient compared with other related authenticated key agreement schemes. Copyright © 2015John Wiley & Sons, Ltd.

Weiye Xu,Jianwei Liu,Shimin Zhang,Yuanqing Zheng,Feng Lin,Fu Xiao,Jinsong Han

DOI: https://doi.org/10.1109/tmc.2023.3289708

IF: 6.075

2023-01-01

IEEE Transactions on Mobile Computing

Abstract:Current facial authentication (FA) systems are mostly based on the images of human faces, thus suffering from privacy leakage and spoofing attacks. Mainstream systems utilize facial geometry features for spoofing mitigation, but they are still vulnerable to feature manipulation, e.g., 3D-printed human faces. In this paper, we propose a novel privacy-preserving anti-spoofing FA system, named RFace, which extracts both the 3D geometry and inner biomaterial features of faces using a COTS RFID tag array. These features are difficult to obtain and forge, hence are resistant to spoofing attacks. Unlike images, RF signals are not perceptible to human eyes, so RFace protects user's privacy. We build a theoretical model to rigorously prove the feasibility of feature acquisition and the correlation between facial features and RF signals. To enhance the security of RFace, we specify the tag reading order for each authentication to defend against the signal replay attack. For practicality, we design an effective algorithm to mitigate the impact of unstable distance and angle deflection from the face to the array. Extensive experiments with 30 participants and three types of spoofing attacks show that RFace achieves an average authentication success rate of over 95.7$\%$ and an EER of 4.4$\%$. More importantly, no replay attack or spoofing attack succeeds in deceiving RFace in the experiments.

computer science, information systems,telecommunications

Xiaopeng Yang,Hui Zhu,Rongxing Lu,Ximeng Liu,Hui Li

DOI: https://doi.org/10.1109/cybermatics_2018.2018.00089

2018-01-01

Abstract:With the development of image processing technology and the pervasiveness of mobile devices, face recognition, which can be used to offer convenient and efficient individual authentication service, has attracted considerable interest in recent years. However, people's concern about their face data being leaked during the face recognition process impedes the flourish of face recognition. To address this problem, we present a novel privacy-preserving online face recognition scheme over encrypted outsourced data, named EPFR. With EPFR, a user can achieve secure, accurate and efficient authentication service without disclosing her/his face data. Specifically, an improved homomorphic encryption technology is introduced to provide an efficient online face recognition service based on the Eigenface algorithm. Through extensive analysis, we show that users' face data are kept confidential during the online face recognition process. In addition, we implement the scheme with a real face database, and simulation results demonstrate that the scheme can be used to provide efficient and accurate online face recognition service.

WU Li-fang,JIANG Si-yuan,XIAO Peng,YANG Xin

DOI: https://doi.org/10.3969/j.issn.1003-0530.2012.07.014

IF: 4.729

2012-01-01

Signal Processing

Abstract:Biometric encryptions combine biometric authentication and cryptography.It can possibly provide accurate and convenient authentication with the benefits of privacy and security.In this paper,we propose three irreversible transformation schemes using four irreversible transformation functions for face features:order number transformation scheme,feature value transformation scheme and two dimensional transformation schemes.In experiment,we compared the authentication performance and the security of each scheme.Faces from ORL database are taken as examples to illustrate the performance.Then we use one arbitrary face from the database to compare the reconstructed faces for each transformed feature.The results show that the reconstructed face images from the transformed feature values are much different from the original face images.The scheme 2,order number transformation,can be secure enough by increasing the percentage of many-to-one area.It has almost the same authentication performance as original face features.