Secure Biometric Verification in the Presence of Malicious Adversaries

Abstract

In a secure biometric verification system, users authenticate themselves by submitting their encrypted biometric data to the application server. Such systems must be able to defend against 1) malicious clients that try to gain unauthorized access to the system; and 2) malicious servers that aim to identify the users' plaintext biometric data. To this end, our work introduces an efficient biometric verification protocol that is provably secure against both a malicious client and a malicious server. We formally prove the security of our scheme in the random oracle model and also present results from a proof-of-concept implementation. Our results demonstrate that the protocol is very efficient, incurring just 880 ms of computational overhead and 99 KB of communication cost.