PrivBioMTAuth: Privacy Preserving Biometrics-Based and User Centric Protocol for User Authentication from Mobile Phones

Get BibTex-formatted data

Download

PDF

Author

Hasini Gunasinghe, Elisa Bertino

Tech report number

CERIAS TR 2017-4

Entry type

techreport

Abstract

We introduce a privacy preserving biometrics-based authentication solution by which users can authenticate to different service providers from mobile phones without involving identity providers in the transactions. Authentication is performed via zero-knowledge proof of knowledge, based on a cryptographic identity token that encodes the biometric identifier of the user and a secret provided by the user, making it three-factor authentication. Our approach for generating a unique, repeatable and revocable biometric identifier from the user's biometric image is based on a machine learning based classification technique which involves the features extracted from the user's biometric image. We have implemented a prototype of the proposed authentication solution and evaluated our solution with respect to its performance, security and privacy. The evaluation has been performed on a public dataset of face images.

Download

PDF

Date

2017 – 11 – 15

Institution

Purdue University

Key alpha

Biometrics, Authentication, Privacy

School

Purdue University

Affiliation

Purdue University, CERIAS

Publication Date

2017-11-15

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Biometrics, Authentication, Privacy,
	title = "PrivBioMTAuth: Privacy Preserving Biometrics-Based and User Centric Protocol for User Authentication from Mobile Phones",
	author = "Hasini Gunasinghe, Elisa Bertino",
	year = "2017",
	month = "11",
	institution = "Purdue University",
	school = "Purdue University",
	day = "15",
	abstract = "We introduce a privacy preserving biometrics-based authentication solution by which users can authenticate to different service providers from mobile 
phones without involving identity providers in the transactions. 
Authentication is performed via zero-knowledge proof of knowledge, based on a cryptographic identity token that encodes the biometric identifier of 
the user and a secret provided by the user, making it three-factor authentication.
Our approach for generating a unique, repeatable and revocable biometric identifier from the user's biometric image is based on a machine learning 
based classification technique which involves the features extracted from the user's biometric image.
We have implemented a prototype of the proposed authentication solution and evaluated our solution with 
respect to its performance, security and privacy. The evaluation has been performed on a public dataset of face images.",
	affiliation = "Purdue University, CERIAS",
}