A Seminar ON

Blind Authentication: A Secure Crypto-Biometric Authentication Protocol

OFOFM.C.A.M.C.A. ByBy

Pranjul Mishra (2014024000132)Pranjul Mishra (2014024000132)

Under the Guidence of

Mr. M.HasanDepartment of Computer Science and EngineeringMadan Mohan Malaviya University of Technology Session(2015-16)

CONTENTS1. Biometrics2. Biometric Authentication System3. Different types of biometric systems4. Privacy concerns in Biometric authentication systems5. What is Blind Authentication ?6. Features of Blind Authentication7. Previous work8. Security, Privacy and Trust9. Blind Secure Product Protocol10. Advantages11. Conclusion12. References

BIOMETRICS

A biometric is a physiological or behavioral characteristic of a human being that can distinguish one person from another and that can be used for identification or verification of identity.

Biometric Authentication System

Different type of biometric systems

Primary Concerns in a Biometric authentication System

1. Template Protection

2. User's privacy

3. Network security

What is Blind Authentication?

A blind authentication protocol that means it reveals only the identity , and no other additional information to the user and the authenticating server.

Key point of Blind Authentication

Use of cryptography primitives to bolster the authenticating process

Encryption provides protection and ability to revoke enrolled templates,

Reduced the concern on privacy

PREVIOUS WORK

Categorization of template protection schemes by Jain

SALTINGInvertible function defined by a key or passwordDue to compromise Easy to revoke and replace with new keyNo longer secure

NON-INVERTIBLE TRANSFORMApply non-invertible function on the biometric templateKey must be available at the time of transformationEg. Robust hashing etc.

KEY BINDING AND KEY GENERATIONComputationally to decode the key or the templateIt is hard to develop scheme for generate a same key for different templates of same person.

Process of blind Authentication

1.Feature extraction2.Enrollment3.Authentication

ENROLLMENT

ALGORITHM ENROLLMENT

1: Client collects multiple sample of her biometric, B1..k2: Feature vectors, xi, are computed from each sample3: Client sends xi, along with her identity and public key E, to the enrollment server4: Enrollment server uses xi and the information from otherusers to compute an authenticating classifier (ω, τ) for the user5: The classifier parameters are encrypted using the users public key: E(ωi)6: E(ωi)s, along with the user’s identity, the encryption key (E), and the threshold (τ), are sent to the authentication server for registration7: The client is then notified about success

AUTHENTICATION

Blind Authentication Process: the identity vectors x, w or the intermediate results xi · wi is revealed to anyone.

Features of blind authentication

SYSTEM SECURITY

Server Security Client Security Network Security

PRIVACY

Concern of revealing personal information Concern of being tracked

Server securityHacker gains access to the template database

Client securityHacker gains access to the user’s biometric or private keyPassive attack at the user’s computer

Concern of revealing personal information-Template is never revealed to the server.

Privacy

ADVANTAGES OF BLIND AUTHENTICATION

• Fast and Provably Secure authentication without trading off accuracy.

• Supports generic classifiers such as Neural Network and SVMs.

• Ideal for applications such as biometric ATMs etc.

CONCLUSION

Verification can be done in real-time with the help of available hardware.

Keep the interaction between the user and the server to a minimum.

Extensions to this work includes secure enerollment protocols and encryption methods to reduce computations.

REFERENCES

www.wikipedia.org

www.studymafiya.org

THANK YOUTHANK YOU

QUERIES ??QUERIES ??