Scalable Secure Biometric Authentication without Auxiliary Identifiers

TL;DR

This paper introduces a scalable, secure biometric authentication system that protects against database breaches without auxiliary identifiers, combining AI and cryptography for practical deployment.

Contribution

It presents the first real-world scalable biometric authentication method with provable security against data breaches, without relying on auxiliary identifiers.

Findings

Provides provable security guarantees against database breaches.

Achieves scalability and performance suitable for large user bases.

Combines AI and cryptographic techniques with optimizations.

Abstract

The prevalence of biometric authentication has been on the rise due to its ease of use and elimination of weak passwords. To date, most biometric authentication systems have been designed for on-device authentication of the device owner (e.g., smartphones and laptops). Recently, biometric authentication systems have started to emerge that are designed to authenticate users against cloud databases storing representations of biometrics for large numbers of users (potentially millions), such as those facilitating biometric payments. However, the use of a large cloud database introduces a significant attack vector, as a breach of the database could lead to the compromise of all enrolled users' sensitive biometric data. Indeed, all such existing systems either do not adequately protect against such a breach, or are impractical to deploy and use due to their high computational overhead. In this work, we present a new biometric authentication system that provides provable security guarantees against data breaches, while remaining scalable and performant. To do so, we marry artificial intelligence with advanced cryptographic techniques in a novel fashion, providing several optimizations along the way. Our work is the first to show that real-world scalable privacy-preserving biometric authentication without auxiliary identifiers is feasible, and we believe that it will spur widespread industrial adoption and further research in this area.