PrivBioMTAuth: Privacy Preserving Biometrics-Based and User Centric Protocol for User Authentication from Mobile Phones


Download PDF Document


Hasini Gunasinghe, Elisa Bertino

Tech report number

CERIAS TR 2017-4

Entry type



We introduce a privacy preserving biometrics-based authentication solution by which users can authenticate to different service providers from mobile phones without involving identity providers in the transactions. Authentication is performed via zero-knowledge proof of knowledge, based on a cryptographic identity token that encodes the biometric identifier of the user and a secret provided by the user, making it three-factor authentication. Our approach for generating a unique, repeatable and revocable biometric identifier from the user's biometric image is based on a machine learning based classification technique which involves the features extracted from the user's biometric image. We have implemented a prototype of the proposed authentication solution and evaluated our solution with respect to its performance, security and privacy. The evaluation has been performed on a public dataset of face images.




2017 – 11 – 15


Purdue University

Key alpha

Biometrics, Authentication, Privacy


Purdue University


Purdue University, CERIAS

Publication Date


BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

Coming Up!

Our annual security symposium will take place on April 9th and 10th, 2019.
Purdue University, West Lafayette, IN

More Information