BioShare: An Open Framework for Trusted Biometric Authentication under User Control

Abstract

Generally, biometric authentication is conducted either by mobile terminals in local-processing mode or by public servers in centralized-processing mode. In the former mode, each user has full control of his/her biometric data, but the authentication service is restricted to local mobile apps. In the latter mode, the authentication service can be opened up to network applications, but the owners have no control of their private data. It has become a difficult problem for biometric applications to provide open and trusted authentication services under user control. Existing approaches address these concerns in ad-hoc ways. In this work, we propose BioShare, a framework that provides trusted biometric authentication services to network applications while giving users full control of their biometric data. Our framework is designed around three key principles: each user has full control of his/her biometric data; biometric data is stored and processed in trusted environments to prevent privacy leaks; and the open biometric-authentication service is efficiently provided to network applications. We describe our current design and sample implementation, and illustrate how it provides an open face-recognition service with standard interfaces, combines terminal trusted environments with server enclaves, and enables each user to control his/her biometric data efficiently. Finally, we analyze the security of the framework and measure the performance of the implementation.