THRIVE: Threshold Homomorphic encryption based secure and privacy preserving bIometric VErification system

TL;DR

The paper introduces THRIVE, a secure biometric verification system utilizing threshold homomorphic encryption to protect user privacy and prevent template leakage during authentication.

Contribution

It presents a novel biometric verification protocol based on threshold homomorphic cryptosystem with security proof, enabling privacy-preserving and secure biometric authentication.

Findings

System achieves 336 ms connection time for 256-bit biohash vectors.

Ensures security against malicious database owners and protocol deviations.

Compatible with any biometric modality with binarized templates.

Abstract

In this paper, we propose a new biometric verification and template protection system which we call the THRIVE system. The system includes novel enrollment and authentication protocols based on threshold homomorphic cryptosystem where the private key is shared between a user and the verifier. In the THRIVE system, only encrypted binary biometric templates are stored in the database and verification is performed via homomorphically randomized templates, thus, original templates are never revealed during the authentication stage. The THRIVE system is designed for the malicious model where the cheating party may arbitrarily deviate from the protocol specification. Since threshold homomorphic encryption scheme is used, a malicious database owner cannot perform decryption on encrypted templates of the users in the database. Therefore, security of the THRIVE system is enhanced using a two-factor authentication scheme involving the user's private key and the biometric data. We prove security and privacy preservation capability of the proposed system in the simulation-based model with no assumption. The proposed system is suitable for applications where the user does not want to reveal her biometrics to the verifier in plain form but she needs to proof her physical presence by using biometrics. The system can be used with any biometric modality and biometric feature extraction scheme whose output templates can be binarized. The overall connection time for the proposed THRIVE system is estimated to be 336 ms on average for 256-bit biohash vectors on a desktop PC running with quad-core 3.2 GHz CPUs at 10 Mbit/s up/down link connection speed. Consequently, the proposed system can be efficiently used in real life applications.