Abstract
Biometric identification provides a broad range of opportunities when compared to traditional forms of private identification and recognition. Today, many governmental and border control organisations use effective private biometric identification approaches such as the fingerprint recognition and face recognition essential for identifying personality with the help of automated distribution and dispensation of numerous variants from the system. The primary advantage of the biometric identification methods is that they provide the accurate recognition of persons and can guarantee security. This report aims to discuss application and implementation of secure computation protocols related to the integration of private biometric identification procedures.
Introduction
Biometric identification provides a broad range of opportunities when compared to traditional forms of private identification and recognition. Today, many governmental and border control organisations use effective private biometric identification approaches such as the fingerprint recognition and face recognition essential for identifying personality with the help of automated distribution and dispensation of numerous variants from the system (Maltoni, Maio, Jain, & Prabhakar, 2009, p. 12). The primary advantage of the biometric identification methods is that they can provide the accurate recognition or authentication of persons and can guarantee security (Applebaum, Ishai, & Kushilevitz, 2010, p. 153). This report aims to discuss application and implementation of secure computation protocols related to the integration of private biometric identification procedures.
Application Scenario
The system of private biometric identification is actively used in different governmental and law enforcement organizations. As a result, these recognition systems need to address the main criterion of security in order to avoid the cases of replicating or even stealing the private information to use it for entering the system. In spite of the fact that such private biometric identification methods as the fingerprint recognition or face recognition are discussed as most secure, it is important to prevent the unauthorized use of any personal information with the help of effectively developed, applied, and implemented secure computation protocols that can provide the solution to the application of private biometric identification systems in organizations in order to guarantee security.
Protocol Design for Core Functionality
The parties that are involved in the process of the private biometric identification are the server including the database of the private information and the users of the system who provide their private information for the further comparison with the information from the database and identification. This private information includes the fingerprints or face recognition data (Bringer & Chabanne, 2008, p. 110). From this point, it is possible to identify two core functions that are required to be computed securely. These functions are the following ones:
- To guarantee the accurate biometric identification and finding a match;
- To guarantee accurate biometric identification without disclosing private information.
In this case, the security requirements for the parties include the guarantee of providing the data from independent parties; the guarantee of providing the secret data; and the agreement of users to provide their secret private data without its further disclosure. These security requirements are necessary to prevent revealing private information.
In order to implement such core function as the provision of accurate biometric identification and finding a match, it is necessary to design a secure computation protocol. The computation of the Euclidean distance and the focus on the minimum value are important to design a secure protocol (Blanton & Gasti, 2011). Referring to the research of Blanton and Gasti (2011) on the fingerprint recognition systems, it is possible to assume the input and predict the output:
Input: C is a client or user of the system:
- X is the biometric fingerprint data, (x1,…, xm);
- S is a server;
- D is a biometric database;
- Y is biometric data from the database, (y1,…, ym).
Output: C sees the Y record from D that is in match with his X, a certain number of scans are allowed.
It is important to guarantee that a user will be accurately identified with references to his biometric data that needs to be matched with the database of the server. Thus, it is necessary to compare X to Y ∈ D. It is reasonable to follow Blanton and Gasti’s (2011) approach and focus on computing the Euclidean distance using the following formula:
The match is observed when the Euclidean distance is below the threshold (T) (Blanton & Gasti, 2011). If the comparisons are based on garbled circuits, the Euclidean distance is calculated referring to the homomorphic encryption (Blanton & Gasti, 2011).
In this case, the protocol steps are the following ones:
Protocol Steps
C sends to S encryptions.
S calculates the distance (d) between X and Y.
C decrypts the received value.
The secure protocol is computed between C and S according to
, S provides C with the key match related to the input (Blanton & Gasti, 2011).
Protocol Implementation
A ‘proof of concept’ prototype is a model that demonstrates how the core function protocol can be implemented effectively. Focusing on developing the protocol for the fingerprint identification system with the core function of the accurate and secure finding of a match for the client’s biometric data, it is important to propose the effective frame for the implementation (Bringer, Chabanne, & Patey, 2013, p. 43). The proposed prototype is based on the variant developed by Jansen, Daniellou, and Cilleros (2006). The authentication based on the proposed algorithm can be realized with the help of the following ‘proof of concept’ prototype:
Furthermore, according to the protocol based on Blanton and Gasti’s (2011) study, it is expected that several scans of the fingerprint are possible to compare the data with Y records before receiving the match. Referring to Jansen, Daniellou, and Cilleros’s (2006) approach, the code for this operation can be determined as the following one:
Efficiency Evaluation
The experimental evaluation of the protocol and implementation’s efficiency depends on the determined number of inputs that are predicted theoretically and followed directly during the experiment (Alonso-Fernandez, Bigun, Fierrez, Fronthaler, & Kollreider, 2009, p. 5). This evaluation is possible with references to the practical application of the proposed scenario. In order to conduct the evaluation, it is necessary to focus on determining parameters for computing the Euclidean distance first and on determining n.
According to experiments and data of Blanton and Gasti (2011), it is possible to expect the determined m = 16 and n = 19 (Blanton & Gasti, 2011). Furthermore, if there are 320 Y records in D, it is possible to expect that the work of C with S will last 0.36 sec, and the work of S will last 1.69 sec (Blanton & Gasti, 2011). As a result, the communication efficiency can be discussed as rather high in comparison with the other results of implementing similar protocols (Blanton & Gasti, 2011).
Security Evaluation
The proposed protocol guarantees that the authentication mechanism is secure. The followed identification algorithm is efficient to promote security and protection of the private information. The proposed protocol’s blocks are secure because of the security of garbled circuit evaluation. The implementation of the protocol can be discussed as secure because of selecting the effective identification algorithm that is not complicated with additional parameters, but the main focus is on security factor (Huang, Evans, Katz, & Malka, 2011). The confidentiality of the data from the database is guaranteed. Security evaluation of implementing the private biometric identification system on simple inputs is important (Alonso-Fernandez et al., 2009; Lindell & Pinkas, 2009, p. 5). The security regarding inputs should be evaluated separately, with the focus on the user’s activities and the server’s operations.
Comparison to State of the Art and Research Directions
Comparison of the theoretical efficiency estimates for the protocol design to other similar protocols is important since it helps in adopting the most efficient private biometric identification approach (Evans, Huang, Katz, & Malka, 2011). While comparing the performance of the proposed protocol to the state of the art protocol previously used for the private fingerprint identification systems, it is necessary to state that the protocol developed basing on the pattern of Blanton and Gasti (2011) is rather effective because the designed protocol can contribute to achieving the lower overhead and time for the procedure even if the number of operations is higher that it is according to the state of the art protocol. In this context, it is important to refer to the scheme developed by Alonso-Fernandez et al. (2009) in their research (Figure 1).
The focus on the standard algorithm allows achieving as high results as it is in the study by Blanton and Gasti (2011) and Jansen, Daniellou, and Cilleros (2006). Moreover, it is also possible to expect the decrease in the overhead while comparing the results with the state-of-the-art protocols (Bringer & Chabanne, 2008; Bringer, Chabanne, & Patey, 2013). However, the further improvements of the protocol are necessary because it is possible to avoiding the use of the garbled circuit technique. This approach is traditional, but it can contribute to making the computation more complex, and it is significant to prevent such outcomes. In addition, the change of the approach can lead to making the protocol more secure in comparison with the state-of-the-art protocol because now the security parameters are almost equal (Jansen et al., 2006). In order to improve security, it is efficient to focus on determining additional core functions such as the guarantee of the fact that the user will not see any private information computed during the finding a match process.
Conclusion
The key questions discussed in this report include application and implementation of the secure computation protocol for the fingerprint identification; the evaluation of the efficiency and security; as well as the comparison of the proposed protocol to the previously implemented protocols. Examination of the various aspects of implementing the private biometric identification procedure has established that the protocol is effective when the latest and efficient techniques are used for its design and further application. When procedures are too complex, they may deliver inaccurate matching and provide inappropriate results. If a developer can detect possible weaknesses and strengths of the protocol, he can effectively apply the proposed solution. The process of evaluating or estimating the efficiency of the protocol is likely to be successful if input sizes expected in the practical application scenario are determined appropriately. The importance of evaluating the finally proposed protocol is in the fact that it helps to determine how the system will operate in the future.
References
Alonso-Fernandez, F., Bigun, J., Fierrez, J., Fronthaler, H., & Kollreider, K. (2009). Fingerprint recognition. Web.
Applebaum, B., Ishai, Y., & Kushilevitz, E. (2010). From secrecy to soundness: Efficient verification via secure computation. Automata, Languages and Programming, 35(1), 152-163.
Blanton, M., & Gasti, P. (2011). Secure and efficient protocols for iris and fingerprint identification. ESORICS, 6879(2), 190–209.
Bringer, J., & Chabanne, H. (2008). An authentication protocol with encrypted biometric data. Progress in Cryptology–AFRICACRYPT, 75(5), 109-124.
Bringer, J., Chabanne, H., & Patey, A. (2013). Privacy-preserving biometric identification using secure multiparty computation: An overview and recent trends. Signal Processing Magazine, IEEE, 30(2), 42-52.
Evans, D., Huang, Y., Katz, J., & Malka, L. (2011). Efficient privacy-preserving biometric identification. Proceedings of the 17th Conference Network and Distributed System Security Symposium, NDSS, 43(9), 54-58.
Huang, Y., Evans, D., Katz, J., & Malka, L. (2011). Faster secure two-party computation using garbled circuits. USENIX Security Symposium, 201(1), 45-56.
Jansen, W., Daniellou, R., & Cilleros, N. (2006). Fingerprint identification and mobile handheld devices. Web.
Lindell, Y., & Pinkas, B. (2009). The secure multiparty computation for privacy-preserving data mining. Journal of Privacy and Confidentiality, 1(1), 5-7.
Maltoni, D., Maio, D., Jain, A. K., & Prabhakar, S. (2009). Handbook of fingerprint recognition. Canberra: Springer Science & Business Media.