Secure remote authentication using biometric data

Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, Adam Smith

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Biometric data offer a potential source of high-entropy, secret information that can be used in cryptographic protocols provided two issues are addressed: (1) biometric data are not uniformly distributed; and (2) they are not exactly reproducible. Recent work, most notably that of Dodis, Reyzin, and Smith, has shown how these obstacles may be overcome by allowing some auxiliary public information to be reliably sent from a server to the human user. Subsequent work of Boyen has shown how to extend these techniques, in the random oracle model, to enable unidirectional authentication from the user to the server without the assumption of a reliable communication channel. We show two efficient techniques enabling the use of biometric data to achieve mutual authentication or authenticated key exchange over a completely insecure (i.e., adversarially controlled) channel. In addition to achieving stronger security guarantees than the work of Boyen, we improve upon his solution in a number of other respects: we tolerate a broader class of errors and, in one case, improve upon the parameters of his solution and give a proof of security in the standard model.

Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science
EditorsR. Cramer
Pages147-163
Number of pages17
Volume3494
StatePublished - 2005
Event24th Annual International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology - EUROCRYPT 2005 - Aarhus, Denmark
Duration: May 22 2005May 26 2005

Other

Other24th Annual International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology - EUROCRYPT 2005
CountryDenmark
CityAarhus
Period5/22/055/26/05

Fingerprint

Biometrics
Authentication
Servers
Entropy
Network protocols

ASJC Scopus subject areas

  • Computer Science (miscellaneous)

Cite this

Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., & Smith, A. (2005). Secure remote authentication using biometric data. In R. Cramer (Ed.), Lecture Notes in Computer Science (Vol. 3494, pp. 147-163)

Secure remote authentication using biometric data. / Boyen, Xavier; Dodis, Yevgeniy; Katz, Jonathan; Ostrovsky, Rafail; Smith, Adam.

Lecture Notes in Computer Science. ed. / R. Cramer. Vol. 3494 2005. p. 147-163.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Boyen, X, Dodis, Y, Katz, J, Ostrovsky, R & Smith, A 2005, Secure remote authentication using biometric data. in R Cramer (ed.), Lecture Notes in Computer Science. vol. 3494, pp. 147-163, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology - EUROCRYPT 2005, Aarhus, Denmark, 5/22/05.
Boyen X, Dodis Y, Katz J, Ostrovsky R, Smith A. Secure remote authentication using biometric data. In Cramer R, editor, Lecture Notes in Computer Science. Vol. 3494. 2005. p. 147-163
Boyen, Xavier ; Dodis, Yevgeniy ; Katz, Jonathan ; Ostrovsky, Rafail ; Smith, Adam. / Secure remote authentication using biometric data. Lecture Notes in Computer Science. editor / R. Cramer. Vol. 3494 2005. pp. 147-163
@inproceedings{ed617eabaeda451091eb6d8c2223f113,
title = "Secure remote authentication using biometric data",
abstract = "Biometric data offer a potential source of high-entropy, secret information that can be used in cryptographic protocols provided two issues are addressed: (1) biometric data are not uniformly distributed; and (2) they are not exactly reproducible. Recent work, most notably that of Dodis, Reyzin, and Smith, has shown how these obstacles may be overcome by allowing some auxiliary public information to be reliably sent from a server to the human user. Subsequent work of Boyen has shown how to extend these techniques, in the random oracle model, to enable unidirectional authentication from the user to the server without the assumption of a reliable communication channel. We show two efficient techniques enabling the use of biometric data to achieve mutual authentication or authenticated key exchange over a completely insecure (i.e., adversarially controlled) channel. In addition to achieving stronger security guarantees than the work of Boyen, we improve upon his solution in a number of other respects: we tolerate a broader class of errors and, in one case, improve upon the parameters of his solution and give a proof of security in the standard model.",
author = "Xavier Boyen and Yevgeniy Dodis and Jonathan Katz and Rafail Ostrovsky and Adam Smith",
year = "2005",
language = "English (US)",
volume = "3494",
pages = "147--163",
editor = "R. Cramer",
booktitle = "Lecture Notes in Computer Science",

}

TY - GEN

T1 - Secure remote authentication using biometric data

AU - Boyen, Xavier

AU - Dodis, Yevgeniy

AU - Katz, Jonathan

AU - Ostrovsky, Rafail

AU - Smith, Adam

PY - 2005

Y1 - 2005

N2 - Biometric data offer a potential source of high-entropy, secret information that can be used in cryptographic protocols provided two issues are addressed: (1) biometric data are not uniformly distributed; and (2) they are not exactly reproducible. Recent work, most notably that of Dodis, Reyzin, and Smith, has shown how these obstacles may be overcome by allowing some auxiliary public information to be reliably sent from a server to the human user. Subsequent work of Boyen has shown how to extend these techniques, in the random oracle model, to enable unidirectional authentication from the user to the server without the assumption of a reliable communication channel. We show two efficient techniques enabling the use of biometric data to achieve mutual authentication or authenticated key exchange over a completely insecure (i.e., adversarially controlled) channel. In addition to achieving stronger security guarantees than the work of Boyen, we improve upon his solution in a number of other respects: we tolerate a broader class of errors and, in one case, improve upon the parameters of his solution and give a proof of security in the standard model.

AB - Biometric data offer a potential source of high-entropy, secret information that can be used in cryptographic protocols provided two issues are addressed: (1) biometric data are not uniformly distributed; and (2) they are not exactly reproducible. Recent work, most notably that of Dodis, Reyzin, and Smith, has shown how these obstacles may be overcome by allowing some auxiliary public information to be reliably sent from a server to the human user. Subsequent work of Boyen has shown how to extend these techniques, in the random oracle model, to enable unidirectional authentication from the user to the server without the assumption of a reliable communication channel. We show two efficient techniques enabling the use of biometric data to achieve mutual authentication or authenticated key exchange over a completely insecure (i.e., adversarially controlled) channel. In addition to achieving stronger security guarantees than the work of Boyen, we improve upon his solution in a number of other respects: we tolerate a broader class of errors and, in one case, improve upon the parameters of his solution and give a proof of security in the standard model.

UR - http://www.scopus.com/inward/record.url?scp=24944501364&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=24944501364&partnerID=8YFLogxK

M3 - Conference contribution

VL - 3494

SP - 147

EP - 163

BT - Lecture Notes in Computer Science

A2 - Cramer, R.

ER -