Home // International Journal On Advances in Security, volume 8, numbers 1 and 2, 2015 // View article


Impacts on Database Performance in a Privacy-Preserving Biometric Authentication Scenario

Authors:
Veit Köppen
Christian Krätzer
Jana Dittmann
Gunter Saake
Claus Vielhauer

Keywords: Database Security, Homomorphic Encryption, Privacy, Multi-Computer Scenarios, Database Performance, Biometric Authentication

Abstract:
Nowadays, biometric data are more and more used within authentication processes. Such data are usually stored in databases and underlie inherent privacy concerns. Therefore, special attention should be paid to their handling. We propose an extension to an existing privacy preserving similarity verification system. The Paillier scheme, being an asymmetric as well as additive homomorphic cryptography approach, enables signal processing in the encrypted domain operations. Amongst other modifications, we introduce a padding approach to increase entropy for better filling the co-domain. As a result, we combine the benefits of signal processing in the encrypted domain with the advantages of salting. The concept of verification of encrypted biometric data comes at the cost of increased computational effort in contrast to already available biometric systems. Nevertheless, this additional cost is in many scenarios justified by addressing that most currently available biometric authentication systems lack sufficient privacy protection. In our evaluation, we focus on performance issues of the privacy-preserving biometric authentication scheme with respect to database response time. The results presented for different evaluations on the influence of numbers of users, template sizes, and cryptographic key lengths show that the increase in effort required caused by our extensions is negligible. Furthermore, our improved scheme lowers the error rates attached as well as it reduces the amount of data that is disclosed in an authentication attempt. Our work highlights that user- and privacy-centric approaches to authentication have become feasible in the last few years. Modern schemes, as the one discussed in this paper, are not only efficient but also make the usage of data mining techniques in the domain of user tracking much more difficult.

Pages: 99 to 108

Copyright: Copyright (c) to authors, 2015. Used with permission.

Publication date: June 30, 2015

Published in: journal

ISSN: 1942-2636