PrivBioMTAuth: Privacy Preserving Biometrics-Based and User Centric Protocol for User Authentication from Mobile Phones
Author
Hasini Gunasinghe, Elisa Bertino
Tech report number
CERIAS TR 2017-4
Abstract
We introduce a privacy preserving biometrics-based authentication solution by which users can authenticate to different service providers from mobile
phones without involving identity providers in the transactions.
Authentication is performed via zero-knowledge proof of knowledge, based on a cryptographic identity token that encodes the biometric identifier of
the user and a secret provided by the user, making it three-factor authentication.
Our approach for generating a unique, repeatable and revocable biometric identifier from the user's biometric image is based on a machine learning
based classification technique which involves the features extracted from the user's biometric image.
We have implemented a prototype of the proposed authentication solution and evaluated our solution with
respect to its performance, security and privacy. The evaluation has been performed on a public dataset of face images.
Institution
Purdue University
Key alpha
Biometrics, Authentication, Privacy
Affiliation
Purdue University, CERIAS
Publication Date
2017-11-15