Attacks and Countermeasures on Privacy-Preserving Biometric Authentication Schemes

Abstract

Based on the Threshold Predicate Encryption (TPE), the biometric authentication scheme <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">PassBio</i> aims to correctly authenticate genuine end-users without leaking their biometric privacy information. However, this article proposes two impersonation attacks to <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">PassBio</i> by merely sending very few query messages. Specifically, an attacker is able to cheat the authentication server with probability 50% by sending the server a random query, or almost 100% by sending the server a collusion of old genuine queries, without being identified. Moreover, in order to defeat the impersonation attacks, this article presents a Verifiable Threshold Predicate Encryption (VTPE) scheme which includes three components: (1) a multi-segment TPE for reducing the computational cost and communication overhead significantly; (2) a segment-wise watermarking for defeating the random attacks; and (3) a challenge-response mechanism for defeating the replay and collusion attacks. In addition, the watermarking also creates a secure channel between the querying user and the server. The experiments on both simulated feature vectors and real face images demonstrate that the present attacks and countermeasures are effective and efficient.