Joep Peeters

Amina Bassit, Florian Hahn, Joep Peeters et al.

Biometric verification has been widely deployed in current authentication solutions as it proves the physical presence of individuals. To protect the sensitive biometric data in such systems, several solutions have been developed that provide security against honest-but-curious (semi-honest) attackers. However, in practice attackers typically do not act honestly and multiple studies have shown drastic biometric information leakage in such honest-but-curious solutions when considering dishonest, malicious attackers. In this paper, we propose a provably secure biometric verification protocol to withstand malicious attackers and prevent biometric data from any sort of leakage. The proposed protocol is based on a homomorphically encrypted log likelihood-ratio-based (HELR) classifier that supports any biometric modality (e.g. face, fingerprint, dynamic signature, etc.) encoded as a fixed-length real-valued feature vector and performs an accurate and fast biometric recognition. Our protocol, that is secure against malicious adversaries, is designed from a protocol secure against semi-honest adversaries enhanced by zero-knowledge proofs. We evaluate both protocols for various security levels and record a sub-second speed (between $0.37$s and $0.88$s) for the protocol against semi-honest adversaries and between $0.95$s and $2.50$s for the protocol secure against malicious adversaries.

Joep Peeters, Andreas Peter, Raymond N. J. Veldhuis

As applications of biometric verification proliferate, users become more vulnerable to privacy infringement. Biometric data is very privacy sensitive as it may contain information as gender, ethnicity and health conditions which should not be shared with third parties during the verification process. Moreover, biometric data that has fallen into the wrong hands often leads to identity theft. Secure biometric verification schemes try to overcome such privacy threats. Unfortunately, existing secure solutions either introduce a heavy computational or communication overhead or have to accept a high loss in accuracy; both of which make them impractical in real-world settings. This paper presents a novel approach to secure biometric verification aiming at a practical trade-off between efficiency and accuracy, while guaranteeing full security against honest-but-curious adversaries. The system performs verification in the encrypted domain using elliptic curve based homomorphic ElGamal encryption for high efficiency. Classification is based on a log-likelihood ratio classifier which has proven to be very accurate. No private information is leaked during the verification process using a two-party secure protocol. Initial tests show highly accurate results that have been computed within milliseconds range.