Hui Zhu,Qing Wei,Xiaopeng Yang,Rongxing Lu,Hui Li

DOI: https://doi.org/10.1109/tcc.2018.2866405

IF: 5.697

2021-04-01

IEEE Transactions on Cloud Computing

Abstract:With the pervasiveness of mobile devices and the development of biometric technology, biometric identification, which can achieve individual authentication relies on personal biological or behavioral characteristics, has attracted widely considerable interest. However, privacy issues of biometric data bring out increasing concerns due to the highly sensitivity of biometric data. Aiming at this challenge, in this paper, we present a novel privacy-preserving online fingerprint authentication scheme, named e-Finga, over encrypted outsourced data. In the proposed e-Finga scheme, the user’s fingerprint registered in trust authority can be outsourced to different servers with user’s authorization, and secure, accurate and efficient authentication service can be provided without the leakage of fingerprint information. Specifically, an improved homomorphic encryption technology for secure euclidean distance calculation to achieve an efficient online fingerprint matching algorithm over encrypted FingerCode data in the outsourcing scenarios. Through detailed security analysis, we show that e-Finga can resist various security threats. In addition, we implement e-Finga over a workstation with a real fingerprint database, and extensive simulation results demonstrate that the proposed e-Finga scheme can serve efficient and accurate online fingerprint authentication.

computer science, information systems, theory & methods

Zhendong Wu,Longwei Tian,Ping Li,Ting Wu,Ming Jiang,Chunming Wu

DOI: https://doi.org/10.1016/j.ins.2016.12.048

IF: 8.1

2018-01-01

Information Sciences

Abstract:Cloud computing is profoundly changing the way of data storage, transfer and process. User authentication is the first security barrier for cloud computing. However, the security of traditional biometric-template-based authentication technology has been challenged because of the information leakage of biometric templates and insufficient user-key strength, which is limited by the ability of the user to memorize keys. In this paper, we propose a new bio-key generation algorithm named FVHS, which combines the advantages of both biometrics authentication and user-key authentication. It directly generates stable and sufficiently strong bio-key sequences from finger vein biometrics. Based on FVHS, a new framework for cloud computing authentication is presented that provides a more flexible, convenient, and secure user authentication. The key idea of FVHS is that through combining machine learning, biometrics, and cryptography technologies, we can mine a special feature vector from the biometrics space that can be separated and stabilized into a fixed number sequence in a higher-dimensional space. Both a theoretical analysis and experimental verification show that FVHS can extract stable bio-keys from high quality finger vein images. FVHS can extract a finger vein bio-key with a Genuine Accept Rate of more than 99.9%, while the False Accept Rate is less than 0.8% and Equal Error Rate is less than 0.5%. Meanwhile, the security strength can reach 256 bits.

YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Ali A. Yassin,Hai Jin,Ayad Ibrahim,Deqing Zou

DOI: https://doi.org/10.1109/CGC.2012.91

2012-01-01

Abstract:Cloud security represents a main hindrance that causes to retard its widespread adoption. Authentication considers a significance element of security in cloud environment, aiming to verify a user's identity when a user wishes to request services from cloud. There are many authentication schemes that depend on username/password, but they are considered weak techniques of cloud authentication. A more secure scheme is the two-factor authentication that does not only verify the username/password pair, but also needs a second factor such as a token device, biometric. However, the feasibility of second-factor authentication is limited by the deployment complexity, high cost and the cloud security is compromised when the token is missing or purloined. Furthermore, these schemes are failed to resist well-known attacks such as replay attacks, reflection attacks. This paper proposes two-factor authentication scheme based on Schnorr digital signature and feature extraction from fingerprint to overcome above aforementioned issues. Security analysis and experimental results illustrate that our proposed scheme can withstand the common security attacks as well, and has a good performance of password authentication.

Swe Geng,Georgia Giannopoulou,Maëlle Kabir-Querrec

DOI: https://doi.org/10.1145/3338498.3358648

2019-11-01

Abstract:Biometric authentication is getting increasingly popular due to the convenience of using unique individual traits, such as fingerprints, palm veins, irises. Especially fingerprints are widely used nowadays due to the availability and low cost of fingerprint scanners. To avoid identity theft or impersonation, fingerprint data is typically stored locally, e.g., in a trusted hardware module, in a single device that is used for user enrollment and authentication. Local storage, however, limits the ability to implement distributed applications, in which users can enroll their fingerprint once and use it to access multiple physical locations and mobile applications afterwards. In this paper, we present a distributed authentication system that stores fingerprint data in a server or cloud infrastructure in a privacy-preserving way. Multiple devices can be connected and perform user enrollment or verification. To secure the privacy and integrity of sensitive data, we employ a cryptographic construct called fuzzy vault. We highlight challenges in implementing fuzzy vault-based authentication, for which we propose and compare alternative solutions. We conduct a security analysis of our biometric cryptosystem, and as a proof of concept, we build an authentication system for access control using resource-constrained devices (Raspberry Pis) connected to fingerprint scanners and the Microsoft Azure cloud environment. Furthermore, we evaluate the fingerprint matching algorithm against the well-known FVC2006 database and show that it can achieve comparable accuracy to widely-used matching techniques that are not designed for privacy, while remaining efficient with an authentication time of few seconds.

Cryptography and Security

Yiming Yan,Haiyong Zhao,Haipeng Qu

DOI: https://doi.org/10.3390/electronics13142728

IF: 2.9

2024-01-01

Electronics

Abstract:Users encounter various threats, such as cross-site scripting attacks and session hijacking, when they perform login operations in the browser. These attacks pose significant risks to the integrity and confidentiality of personal data. The browser fingerprint, as an authentication technique, can effectively enhance user security. However, attackers can bypass browser fingerprint authentication through phishing attacks and other methods, leading to unauthorized logins. To address these issues, we propose a secure browser fingerprint authentication scheme that integrates the data of the browser cache side-channel into the traditional browser fingerprint. Consequently, it enhances the dynamics and non-determinism of the browser fingerprint and improves the anti-attack capabilities of the authentication process. Experimental results demonstrate that this scheme can effectively mitigate phishing attacks and man-in-the-middle attacks, achieving a 95.33% recognition rate for attackers and a 96.17% recall rate for authorized users.

Lin You,Guowei Zhang,Fan Zhang

DOI: https://doi.org/10.1109/iccit.2010.5711128

2010-01-01

Abstract:The biometric cryptographic system can provide the organic integration of biometric features and the traditional cryptology. The application of biometric keys can not only hide the information of users' biometric features, but also securely realize secret key production, recovery and certification. This paper proposes a new scheme of cryptographic key generation method based on fingerprint features and the (t,n)- threshold scheme. Our method can not only protect the user's key but can also effectively prevent the legitimate user's biometric features revealed. Our experiment results show that the key generation and recovery are efficient, and our proposed algorithm can achieve the anticipated results.

Chang Xu,Lvhan Zhang,Liehuang Zhu,Chuan Zhang,Kashif Sharif

DOI: https://doi.org/10.1109/trustcom53373.2021.00063

2021-01-01

Abstract:Biometrics identification has been used in a growing number of fields in recent years, since it is more secure, classified and convenient. With the development of cloud computing, database systems are able to upload large amounts of biometric data to cloud server for storage and identification to save local memory and improve computational efficiency. However, this involves potential privacy concerns because of the introduction of third-party platforms. In this paper, we achieve computational and communication efficiency in biometric identification, while preserving the privacy of data. Specifically, the database system firstly encrypts all biometric data and query data. Then, it sends the ciphertext to a cloud server to carry out matching tasks. Finally, the cloud server returns the index of final matches to the system so that it can check whether the biometric vector is legal or not. Detailed security analysis indicates that the proposed scheme can resist powerful attacks. Beyond that, Experiments show that the scheme is more efficient in computation and communication than stat of art biometric identification schemes.

Liehuang Zhu,Chuan Zhang,Chang Xu,Ximeng Liu,Cheng Huang

DOI: https://doi.org/10.1109/access.2018.2819166

IF: 3.9

2018-01-01

IEEE Access

Abstract:Biometric identification has become increasingly popular in recent years. With the development of cloud computing, database owners are motivated to outsource the large size of biometric data and identification tasks to the cloud to get rid of the expensive storage and computation costs, which, however, brings potential threats to users' privacy. In this paper, we propose an efficient and privacy-preserving biometric identification outsourcing scheme. Specifically, the biometric To execute a biometric identification, the database owner encrypts the query data and submits it to the cloud. The cloud performs identification operations over the encrypted database and returns the result to the database owner. A thorough security analysis indicates that the proposed scheme is secure even if attackers can forge identification requests and collude with the cloud. Compared with previous protocols, experimental results show that the proposed scheme achieves a better performance in both preparation and identification procedures.

Aseel Bedari,Song Wang,Jucheng Yang

DOI: https://doi.org/10.1109/tii.2021.3101208

IF: 12.3

2022-04-01

IEEE Transactions on Industrial Informatics

Abstract:The significant and rapid development of the Internet of Things (IoT) in recent years has greatly benefited people's lives. However, there are serious security and privacy concerns that need to be addressed when using the IoT for distributed authentication. In this article, we propose a secure fingerprint authentication system to protect user privacy for authentication on IoT devices. The proposed system applies a two-stage feature transformation scheme. Specifically, a weight-based fusion mechanism is designed in the first stage, while the second stage is featured by a linear convolution-based transformation with element removal from the convolution output to increase the security and protection. The proposed authentication system satisfies all the requirements of cancelable biometrics: accuracy, revocability, and diversity, unlinkability, and noninvertibility. Evaluated over six public fingerprint databases, the proposed authentication system exhibits highly competitive performance when compared with the existing cancelable fingerprint templates. Moreover, its energy efficiency on savings in memory space and low computational costs make the proposed scheme a good fit for resource-limited IoT devices.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Hyunmin Choi,Simon Woo,Hyoungshick Kim

DOI: https://doi.org/10.1609/aaai.v38i20.30200

2024-04-01

Abstract:Fingerprint authentication is a popular security mechanism for smartphones and laptops. However, its adoption in web and cloud environments has been limited due to privacy concerns over storing and processing biometric data on servers. This paper introduces Blind-Touch, a novel machine learning-based fingerprint authentication system leveraging homomorphic encryption to address these privacy concerns. Homomorphic encryption allows computations on encrypted data without decrypting. Thus, Blind-Touch can keep fingerprint data encrypted on the server while performing machine learning operations. Blind-Touch combines three strategies to efficiently utilize homomorphic encryption in machine learning: (1) It optimizes the feature vector for a distributed architecture, processing the first fully connected layer (FC-16) in plaintext on the client side and the subsequent layer (FC-1) post-encryption on the server, thereby minimizing encrypted computations; (2) It employs a homomorphic encryption compatible data compression technique capable of handling 8,192 authentication results concurrently; and (3) It utilizes a clustered server architecture to simultaneously process authentication results, thereby enhancing scalability with increasing user numbers. Blind-Touch achieves high accuracy on two benchmark fingerprint datasets, with a 93.6% F1- score for the PolyU dataset and a 98.2% F1-score for the SOKOTO dataset. Moreover, Blind-Touch can match a fingerprint among 5,000 in about 0.65 seconds. With its privacy focused design, high accuracy, and efficiency, Blind-Touch is a promising alternative to conventional fingerprint authentication for web and cloud applications.

Cryptography and Security

Xuefei Yin,Song Wang,Muhammad Shahzad,Jiankun Hu

DOI: https://doi.org/10.1109/jiot.2021.3131956

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Identity authentication has become an essential component for access control in the Internet of Things (IoT) environment. To overcome the inherent weakness of password-based authentication, many present IoT devices (e.g., commercial banking smart cards) are equipped with the fingerprint authentication mechanism. However, due to the resource constraints of IoT devices, oversimplified authentication schemes are deployed, which compromise system performance significantly. Moreover, fingerprint templates in these existing schemes are unprotected. To address these issues, we propose an IoT-oriented privacy-preserving fingerprint authentication system. The proposed system is composed of four main components: 1) minutiae extraction; 2) the minutia cylinder-code (MCC)-based cancelable binary template, generated by the proposed normalized random projection; 3) the lightweight, privacy-preserving template, built by novel pairwise Boolean operations; and 4) fingerprint matching. Our system can effectively mitigate preimage and hill-climbing attacks. A prototype of the proposed system is developed using a popular open-source platform (i.e., Open Virtual Platforms). Comprehensive experimental results on eight benchmark data sets validate the effectiveness of the proposed IoT-oriented fingerprint authentication system. Our system also achieves equivalent authentication accuracy to that of the unprotected fingerprint authentication systems deployed in the resource-rich, non-IoT environment. More importantly, our system prototype is deployable to commercially available low-cost smart cards, such as Atmel AT24C256C Memory Smart Card 256K Bits. To the best of our knowledge, the proposed system is the first privacy-preserving, cancelable fingerprint authentication system developed in such a resource-constrained IoT setting.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shuang Wang,Xiaoqian Jiang,Lucila Ohno-Machado,Lijuan Cui,Samuel Cheng,Hongkai Xiong

DOI: https://doi.org/10.1109/hisb.2012.53

2012-01-01

Abstract:Privacy is an important concern when biometrics are used in authentication systems for accessing Electronic Health Records (EHR) or other biomedical research data repositories involving human subjects. Biometrics of individuals deserve careful protection because they contain sensitive information closely related to personal privacy (e.g., personal health, ethnic group, etc.) and the leakage of such information can be used to re-identify individuals. More importantly, biometrics are unique and they are not easily revocable. Existing secure biometric systems prevent attackers from collecting unprotected biometrics in databases, however, they cannot guarantee confidentiality in probing and transmitting biometrics.

Kai Huang,Ming Xu,Shaojing Fu,Yuchuan Luo

DOI: https://doi.org/10.1587/transfun.e99.a.1891

2016-01-01

Abstract:In a previous work [1], Wang et al. proposed a privacy-preserving outsourcing scheme for biometric identification in cloud computing, namely CloudBI. The author claimed that it can resist against various known attacks. However, there exist serious security flaws in their scheme, and it can be completely broken through a small number of constructed identification requests. In this letter, we modify the encryption scheme and propose an improved version of the privacy-preserving biometric identification design which can resist such attack and can provide a much higher level of security.

Guorong Xuan,Junxiang Zheng,Chengyun Yang,Yun Q. Shi,Dekun Zou,Liu Liansheng,Bai Weichao

DOI: https://doi.org/10.1007/978-3-540-31805-7_5

2004-01-01

Abstract:This paper proposes an internet-based personal identity verification system using lossless data hiding and fingerprint recognition technologies. At the client side, the SHA-256 hash of the original fingerprint image and sensitive personal information are encrypted and embedded into the fingerprint image using an advanced lossless data hiding scheme. At the service provider side, after the hidden data are extracted out, the fingerprint image can be recovered without any distortion due to the usage of the lossless data hiding scheme. Hence, the originality of the fingerprint image can be ensured via hash check. The extracted personal information can be used to obtain the correct fingerprint feature from the database. The fingerprint matching can finally verify the client's identity. The experimental results demonstrate that our proposed system is effective. It can find wide applications in e-banking and e-government systems to name a few.

Cuilin Liu,Yongjun Shen,Guidong Zhang,Fang Wen

DOI: https://doi.org/10.1109/ICMSS.2010.5578326

2010-01-01

Abstract:In this paper, we have designed a high-security email system using dynamic password and fingerprint recognition to solve the shortages of traditional system. In order to guarantee the security of users' fingerprint characteristic value, we encrypt it with dynamic password. Using a two-way authentication method, not only ensure authentication server can recognize the users, but also guarantee the users can verify authentication server, effectively prevent Email from counterfeiting and tampering. © 2010 IEEE.

Sheng Li,Alex C. Kot

DOI: https://doi.org/10.1109/isias.2011.6122830

2011-01-01

Abstract:This paper proposes a novel system for protecting the fingerprint privacy without using a token or key. In the enrollment, two fingerprints are captured from two of an user's fingers. We extract the minutiae positions from one fingerprint, the orientation from the other fingerprint and the primary cores from both fingerprints. Based on these extracted information, a combined minutiae template is generated and stored in a database. In the authentication, the user needs to provide two query fingerprints from the same two fingers which are used in the enrollment. By storing the combined minutiae template, the complete minutiae feature of a single fingerprint will not be compromised when the database is stolen. Furthermore, because of the similarity in topology, it is also difficult for the attacker to distinguish our template from the minutiae of an original fingerprint. We evaluate the performance of our system over the FVC2002 DB2_A database. The results show that the False Rejection Rate of our system is 3% when the False Acceptance Rate is 0.01%.

Xiaopeng Yang,Hui Zhu,Fengwei Wang,Songnian Zhang,Rongxing Lu,Hui Li

DOI: https://doi.org/10.1007/s12083-021-01120-7

2021-05-25

Abstract:In recent years, the extensive application of biometric identification has been witnessed in various fields, such as airport service, criminal investigation, counter-terrorism and so on. Due to the sensitivity of the biometric data, people's concern over the leakage of their biometric data is a critical obstacle to hinder the future adoption of biometric identification applications. To address this problem, many schemes focusing on the privacy protection during biometric identification process have been proposed. However, identifying an individual in a huge database still faces many challenges while considering privacy protection and efficiency at the same time. In this paper, an efficient and privacy-preserving cloud based biometric identification scheme (named MASK) is proposed based on the M-tree data structure and symmetric homomorphic encryption (SHE) scheme. With MASK, the privacy of the user's identification request and service provider's dataset is guaranteed, while the computational cost of the cloud servers in searching the biometric dataset is significantly reduced. Besides, the accuracy of the identification service is not lost. Detailed security analysis shows that MASK can resist various known security threats. In addition, MASK is implemented and evaluated with a synthetic dataset and a real face dataset, and extensive simulation results demonstrate that MASK is efficient in terms of computational and communication costs.

computer science, information systems,telecommunications

HU Xiaocheng,ZHANG Weiming,YU Nenghai

DOI: https://doi.org/10.3969/j.issn.0253-2778.2011.07.002

2011-01-01

Journal of University of Science and Technology of China

Abstract:By merging several kinds of user authentication information such as fingerprints,faces,passwords etc.,multi-modal authentication can improve the security of traditional identify authentication systems.Furthermore,via data hiding technology,specific user identities can be imbedded into their biologic templates to ensure safe storage.A multi-modal authentication scheme was introduced,which uses fingerprint templates as the cover.The key problem of this technology is to ensure the quality of the template picture after embedding,which is important for the matching precision afterwards.Both theoretical analysis and experimental results demonstrate that by adopting a coding method which increases the sparseness of the original binary data before embedding,modification of the fingerprint template is lowers effectively,thus ensuring the image quality and matching precision.The method embeds fragile watermarks for the integrity authentication of the fingerprint template.