oBAKE: an Online Biometric-Authenticated Key Exchange Protocol

TL;DR

oBAKE is a novel biometric-authenticated key exchange protocol enabling secure, privacy-preserving, and efficient online mutual authentication between a stateless biometric sensing system and a user token, supporting multiple modalities and rounds.

Contribution

It introduces a new biometric key exchange protocol that is privacy-preserving, supports multiple modalities, and allows online authentication with minimal computational burden on the user token.

Findings

Protocol achieves secure mutual authentication without revealing biometric data.

Supports multiple biometric modalities through component-wise threshold matching.

Enables online, multi-round authentication with minimal user token computation.

Abstract

In this writing, we introduce a novel biometric-authenticated key exchange protocol that allows secure and privacy-preserving key establishment between a stateless biometric sensing system and a "smart" user token that possesses biometric templates of the user. The protocol yields a shared secret incorporating random nonce from both parties when they positively authenticate each other. Mutual positive authentication here is defined as when the feature vector calculated from the sensor data captured by the biometric sensing system only differs from the feature vector stored as the biometric template within the user token by less than a predefined threshold. The parties exchange only randomized data and cryptographically derived verifiers; no significant information regarding the vectors is ever exchanged. The protocol essentially utilizes the BBKDF scheme for feature vector matching, and as a result, the threshold is compared per component of the two vectors to be matched. This fact makes it straightforward to employ multiple biometric modalities. The protocol also allows online authentication where the biometric sensing system can potentially send multiple queries derived from different sensor data samples, in one or more rounds. The protocol is designed in such a way that the user token can very efficiently answer a multitude of such queries. This makes the protocol especially suitable for interactive systems while posing a minimal computational burden on the user token. The biometric sensing system can be made stateless, i.e. user registration in advance is not required. Furthermore, the protocol is bidirectionally privacy-preserving in the sense that unless mutual authentication is achieved first, neither the biometric sensing system, nor the user token can gain useful information, respectively regarding the biometric template, or sensor-data-derived feature vectors.