Secure Remote Authentication Using Biometric Data
By Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, and Adam Smith.
In Advances in Cryptology (EUROCRYPT 2005), volume 3494 of Lecture Notes in Computer Science, pages 147-163. Springer, 2005.
Abstract
Biometric data offer a potential source of high-entropy, secret information that can be used in cryptographic protocols provided two issues are addressed: (1) biometric data are not uniformly distributed; and (2) they are not exactly reproducible. Recent work, most notably that of Dodis, Reyzin, and Smith, has shown how these obstacles may be overcome by allowing some auxiliary public information to be reliably sent from a server to the human user. Subsequent work of Boyen has shown how to extend these techniques, in the random oracle model, to enable unidirectional authentication from the user to the server without the assumption of a reliable communication channel.
We show two efficient techniques enabling the use of biometric data to achieve mutual authentication or authenticated key exchange over a completely insecure (i.e., adversarially controlled) channel. In addition to achieving stronger security guarantees than the work of Boyen, we improve upon his solution in a number of other respects: we tolerate a broader class of errors and, in one case, improve upon the parameters of his solution and give a proof of security in the standard model.
Material
- published paper (PS) (PDF) (accessible from the publisher) © IACR
- revised version (PS) (PDF)
- presentation slides (HTML)
Reference
@InProceedings{Boyen+Dodis+Katz+Ostrovsky+Smith:EUROCRYPT-2005:fuzzyauth, author = {Xavier Boyen and Yevgeniy Dodis and Jonathan Katz and Rafail Ostrovsky and Adam Smith}, title = {Secure Remote Authentication Using Biometric Data}, booktitle = {Advances in Cryptology---EUROCRYPT 2005}, series = {Lecture Notes in Computer Science}, volume = {3494}, pages = {147--163}, publisher = {Berlin: Springer-Verlag}, year = {2005}, note = {Available at \url{http://www.cs.stanford.edu/~xb/eurocrypt05b/}} }
Unless indicated otherwise, these documents are Copyright © Xavier Boyen; all rights reserved in all countries.
Back to Xavier's homepage