Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

8-2018

Abstract

Biometric-based remote user authentication is a useful primitive that allows an authorized user to authenticate to a remote server using his biometrics. Leakage attacks, such as side-channel attacks, allow an attacker to learn partial knowledge of secrets (e.g., biometrics) stored on any physical medium. Leakage attacks can be potentially launched to any existing biometric-based remote user authentication systems. Furthermore, applying plain biometrics is an efficient and straightforward approach when designing remote user authentication schemes. However, this approach jeopardises user’s biometrics privacy. To address these issues, we propose a novel leakage-resilient and privacy-preserving biometric-based remote user authentication framework, such that registered users securely and privately authenticate to an honest-but-curious remote server in the cloud. In particular, the proposed generic framework provides optimal efficiency using lightweight symmetric-key cryptography, and it remains secure under leakage attacks. We formalize several new security models, including leakage-resilient user authenticity and leakage-resilient biometrics privacy, for biometric-based remote user authentication, and prove the security of proposed framework under standard assumptions.

Keywords

Biometrics privacy, Generic framework, Leakage-resilient, Remote user authentication

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Security and Privacy in Communication Networks: 14th International Conference, SecureComm 2018, Singapore, August 8-10, Proceedings

Volume

254

First Page

112

Last Page

132

ISBN

9783030017002

Identifier

10.1007/978-3-030-01701-9_7

Publisher

Springer

City or Country

Cham

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1007/978-3-030-01701-9_7

Download

Share

COinS