Secure Biometric Verification in the Presence of Malicious Adversaries

Kamela Al-Mannai; Elmahdi Bentafat; Spiridon Bakiras; Jens Schneider

doi:10.1109/ACCESS.2024.3522859

Secure Biometric Verification in the Presence of Malicious Adversaries

Kamela Al-Mannai^*, Elmahdi Bentafat, Spiridon Bakiras, Jens Schneider

^*Corresponding author for this work

Hamad Bin Khalifa University

Singapore Institute of Technology

Research output: Contribution to journal › Article › peer-review

Abstract

In a secure biometric verification system, users authenticate themselves by submitting their encrypted biometric data to the application server. Such systems must be able to defend against 1) malicious clients that try to gain unauthorized access to the system; and 2) malicious servers that aim to identify the users' plaintext biometric data. To this end, our work introduces an efficient biometric verification protocol that is provably secure against both a malicious client and a malicious server. We formally prove the security of our scheme in the random oracle model and also present results from a proof-of-concept implementation. Our results demonstrate that the protocol is very efficient, incurring just 880 ms of computational overhead and 99 KB of communication cost.

Original language	English
Pages (from-to)	5284-5295
Number of pages	12
Journal	IEEE Access
Volume	13
DOIs	https://doi.org/10.1109/ACCESS.2024.3522859
Publication status	Published - 9 Jan 2025

Keywords

Authentication
Biometric data privacy
Biometric verification
Costs
Cryptography
Euclidean distance
Face recognition
Hands
Homomorphic encryption
Pairing-based cryptography
Protocols
Secure computations
Servers
Vectors

Access to Document

10.1109/ACCESS.2024.3522859

Cite this

@article{6f2b1a73c8d94a908f3c31e6d1334c93,

title = "Secure Biometric Verification in the Presence of Malicious Adversaries",

abstract = "In a secure biometric verification system, users authenticate themselves by submitting their encrypted biometric data to the application server. Such systems must be able to defend against 1) malicious clients that try to gain unauthorized access to the system; and 2) malicious servers that aim to identify the users' plaintext biometric data. To this end, our work introduces an efficient biometric verification protocol that is provably secure against both a malicious client and a malicious server. We formally prove the security of our scheme in the random oracle model and also present results from a proof-of-concept implementation. Our results demonstrate that the protocol is very efficient, incurring just 880 ms of computational overhead and 99 KB of communication cost.",

keywords = "Authentication, Biometric data privacy, Biometric verification, Costs, Cryptography, Euclidean distance, Face recognition, Hands, Homomorphic encryption, Pairing-based cryptography, Protocols, Secure computations, Servers, Vectors",

author = "Kamela Al-Mannai and Elmahdi Bentafat and Spiridon Bakiras and Jens Schneider",

note = "Publisher Copyright: {\textcopyright} 2013 IEEE.",

year = "2025",

month = jan,

day = "9",

doi = "10.1109/ACCESS.2024.3522859",

language = "English",

volume = "13",

pages = "5284--5295",

journal = "IEEE Access",

issn = "2169-3536",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Secure Biometric Verification in the Presence of Malicious Adversaries

AU - Al-Mannai, Kamela

AU - Bentafat, Elmahdi

AU - Bakiras, Spiridon

AU - Schneider, Jens

PY - 2025/1/9

Y1 - 2025/1/9

N2 - In a secure biometric verification system, users authenticate themselves by submitting their encrypted biometric data to the application server. Such systems must be able to defend against 1) malicious clients that try to gain unauthorized access to the system; and 2) malicious servers that aim to identify the users' plaintext biometric data. To this end, our work introduces an efficient biometric verification protocol that is provably secure against both a malicious client and a malicious server. We formally prove the security of our scheme in the random oracle model and also present results from a proof-of-concept implementation. Our results demonstrate that the protocol is very efficient, incurring just 880 ms of computational overhead and 99 KB of communication cost.

AB - In a secure biometric verification system, users authenticate themselves by submitting their encrypted biometric data to the application server. Such systems must be able to defend against 1) malicious clients that try to gain unauthorized access to the system; and 2) malicious servers that aim to identify the users' plaintext biometric data. To this end, our work introduces an efficient biometric verification protocol that is provably secure against both a malicious client and a malicious server. We formally prove the security of our scheme in the random oracle model and also present results from a proof-of-concept implementation. Our results demonstrate that the protocol is very efficient, incurring just 880 ms of computational overhead and 99 KB of communication cost.

KW - Authentication

KW - Biometric data privacy

KW - Biometric verification

KW - Costs

KW - Cryptography

KW - Euclidean distance

KW - Face recognition

KW - Hands

KW - Homomorphic encryption

KW - Pairing-based cryptography

KW - Protocols

KW - Secure computations

KW - Servers

KW - Vectors

UR - http://www.scopus.com/inward/record.url?scp=85213555723&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2024.3522859

DO - 10.1109/ACCESS.2024.3522859

M3 - Article

AN - SCOPUS:85213555723

SN - 2169-3536

VL - 13

SP - 5284

EP - 5295

JO - IEEE Access

JF - IEEE Access

ER -

Secure Biometric Verification in the Presence of Malicious Adversaries

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this