1. A
Seminar
ON
Blind Authentication: A Secure Crypto-Biometric Authentication
Protocol
OFOF
M.C.A.M.C.A.
ByBy
Pranjul Mishra (2014024000132)Pranjul Mishra (2014024000132)
Under the Guidence of
Mr. M.Hasan
Department of Computer Science and Engineering
Madan Mohan Malaviya University of Technology Session(2015-16)
2. CONTENTS
1. Biometrics
2. Biometric Authentication System
3. Different types of biometric systems
4. Privacy concerns in Biometric authentication systems
5. What is Blind Authentication ?
6. Features of Blind Authentication
7. Previous work
8. Security, Privacy and Trust
9. Blind Secure Product Protocol
10. Advantages
11. Conclusion
12. References
3. BIOMETRICS
A biometric is a physiological or behavioral
characteristic of a human being that can
distinguish one person from another and
that can be used for identification or
verification of identity.
6. Primary Concerns in a Biometric
authentication System
1. Template Protection
2. User's privacy
3. Network security
7. What is Blind Authentication?
A blind authentication protocol that means it
reveals only the identity , and no other
additional information to the user and the
authenticating server.
8. Key point of Blind Authentication
Use of cryptography primitives to bolster the
authenticating process
Encryption provides protection and ability to
revoke enrolled templates,
Reduced the concern on privacy
10. SALTING
Invertible function defined by a key or password
Due to compromise Easy to revoke and replace with
new key
No longer secure
NON-INVERTIBLE TRANSFORM
Apply non-invertible function on the biometric template
Key must be available at the time of transformation
Eg. Robust hashing etc.
KEY BINDING AND KEY GENERATION
Computationally to decode the key or the template
It is hard to develop scheme for generate a same key
for different templates of same person.
11. Process of blind Authentication
1.Feature extraction
2.Enrollment
3.Authentication
13. ALGORITHM ENROLLMENT
1: Client collects multiple sample of her biometric, B1..k
2: Feature vectors, xi, are computed from each sample
3: Client sends xi, along with her identity and public key
E, to the enrollment server
4: Enrollment server uses xi and the information from
other
users to compute an authenticating classifier (ω, τ) for
the user
5: The classifier parameters are encrypted using the
users public key: E(ωi)
6: E(ωi)s, along with the user’s identity, the encryption
key (E), and the threshold (τ), are sent to the
authentication server for registration
7: The client is then notified about success
15. Features of blind authentication
SYSTEM SECURITY
Server Security
Client Security
Network Security
PRIVACY
Concern of revealing personal information
Concern of being tracked
16. Server security
Hacker gains access to the template database
Client security
Hacker gains access to the user’s biometric or private key
Passive attack at the user’s computer
17. Concern of revealing personal information-Template is
never revealed to the server.
Privacy
18. ADVANTAGES OF BLIND AUTHENTICATION
• Fast and Provably Secure authentication without
trading off accuracy.
• Supports generic classifiers such as Neural
Network and SVMs.
• Ideal for applications such as biometric ATMs etc.
19. CONCLUSION
Verification can be done in real-time with the help of
available hardware.
Keep the interaction between the user and the server to a
minimum.
Extensions to this work includes secure enerollment
protocols and encryption methods to reduce
computations.