Iris-Based Privacy-Preserving Biometric Authentication Using NTRU Homomorphic Encryption

Introduction

In the current digital world, several applications need identity verification of clients. Traditional methods for identity verification are based on either knowledge of the user (such as user ID and password) or tokens. These methods suffer from the disadvantage that password can be hacked and tokens can be stolen. In a biometric authentication system, biometric traits are used to verify the identity of the client. The biometric characteristics include face, iris, fingerprint, retina, and DNA. These biometric traits are unique to an individual facilitating implementation of accurate and convenient biometric authentication system, since there is no need for the user to carry tokens or remember a password. Among all these biometric traits, iris has gained popularity due to its robustness. Biometric systems have two phases of operation: enrolment and authentication (either identification or verification). Enrolment is the registration phase, in which the biometric trait is captured and the extracted feature templates are stored in a database. In the authentication phase, fresh biometric template is compared with the registered templates in a database either to give access or to deny. Due to the digital revolution, most of the devices are using the services of the internet and storing the data in the cloud. Biometric traits are very sensitive and once leaked, they can neither be replaced nor revoked. Therefore, if the biometric template is stored in the understandable form, it will cause privacy and security issues. A user might want to prevent theft of his biometric, while a service provider wants to prevent the user from learning anything about the database. To address the security and privacy challenges, authentication and encryption schemes have been developed. It is desirable to develop encryption scheme to protect the biometric template, ensuring privacy of a user thereby providing trust between client and server. But the encryption process should be developed to support authentication in encrypted domain. All biometric authentication methods are threshold methods since features presented for verification will not be the same as the registered ones. This paper aims to design and implement privacy-preserving biometric authentication system.

Related Work

In the literature, there are three basic approaches to privacy-preserving biometric authentication:

• • Feature transformation includes cancellable biometrics [1,2] and biohashing [3]. These methods are adapted to real-time applications, and these are not secure if client-specific key is compromised.
• • Biometric cryptosystems, based on error-correcting codes, include fuzzy commitment [4] and fuzzy vault [5], and these are neither practical nor secure.
• • Homomorphic encryption (HE) [6], in which HE is used to protect the feature data and secure domain classification, is done from encrypted data.

HE is an algorithm which allows computations on ciphertext of a message to map computations on plaintext. The two group operations that are preserved are the arithmetic addition and multiplication.

• • A HE is additive, if E(a) E(b) = E(a+ b),
• • A HE is multiplicative, if E(a) E(b) = E(a. b),

where E is encryption function and the operation depending on user cipher and plaintext messages.

Three types of homomorphic cryptosystems are [7] partial homomorphic encryption (PHE), fully homomorphic encryption (FHE), and somewhat homomorphic encryption (SHE). PHE allows either addition or multiplication on the ciphertext. SHE allows any one operation an arbitrary number of times and another operation limited number of times on ciphertext. FHE allows both the operations arbitrary number of times on ciphertext. Even though FHE [8,9] allows both the operations, PHE algorithms are better in terms of computational complexity and accuracy. HE allows an encrypted database to be stored in an untrusted third-party cloud where the processing operations can be performed without revealing the contents of the database. The first HE scheme is RSA (N-th degree Truncated polynomial Ring Units), which is a multiplicative homomorphic scheme. The traditional public key cryptosystems like RSA and ElGamal are partial homomorphic schemes. But these conventional methods of encryption schemes can be broken with quantum algorithms. Post-quantum cryptosystems are the replacement for traditional methods, and these are immune to quantum computers. Lattices have several hard mathematical problems which are not solvable by quantum computers, like shortest and closest lattice vector problems which give new era of a cryptosystem known as post-quantum cryptography. Lattice-based encryption and exploiting the additive homomorphic property of NTRU [10] give robust and secure biometric authentication and matching.

Iris is a popular biometric trait due to the property that it is very robust. It is highly unique due to which chances of having the same iris pattern for different persons is minimal; also, its epigenetic features remain unchanged over a lifetime. Literature survey says that variability of iris patterns among different persons is enormous and also it is tough to modify the iris pattern by any surgery. Hence iris could be a suitable choice for implementing an accurate and secure biometric authentication system.