Privacy Protection in Distributed Fingerprint-based Authentication

TL;DR

This paper proposes a privacy-preserving distributed fingerprint authentication system using cryptographic fuzzy vaults, enabling secure multi-device access while maintaining accuracy and efficiency in resource-constrained environments.

Contribution

It introduces a novel distributed biometric authentication framework employing fuzzy vaults for privacy, with practical implementation and security analysis.

Findings

Achieves comparable accuracy to standard fingerprint matching techniques.

Demonstrates efficient authentication within a few seconds.

Validates system security through analysis and real-world testing.

Abstract

Biometric authentication is getting increasingly popular due to the convenience of using unique individual traits, such as fingerprints, palm veins, irises. Especially fingerprints are widely used nowadays due to the availability and low cost of fingerprint scanners. To avoid identity theft or impersonation, fingerprint data is typically stored locally, e.g., in a trusted hardware module, in a single device that is used for user enrollment and authentication. Local storage, however, limits the ability to implement distributed applications, in which users can enroll their fingerprint once and use it to access multiple physical locations and mobile applications afterwards. In this paper, we present a distributed authentication system that stores fingerprint data in a server or cloud infrastructure in a privacy-preserving way. Multiple devices can be connected and perform user enrollment or verification. To secure the privacy and integrity of sensitive data, we employ a cryptographic construct called fuzzy vault. We highlight challenges in implementing fuzzy vault-based authentication, for which we propose and compare alternative solutions. We conduct a security analysis of our biometric cryptosystem, and as a proof of concept, we build an authentication system for access control using resource-constrained devices (Raspberry Pis) connected to fingerprint scanners and the Microsoft Azure cloud environment. Furthermore, we evaluate the fingerprint matching algorithm against the well-known FVC2006 database and show that it can achieve comparable accuracy to widely-used matching techniques that are not designed for privacy, while remaining efficient with an authentication time of few seconds.