Privacy preserving biometric authentication using Chaos on remote untrusted server

Abstract

Biometric-based authentication systems are promising because of unique biometric features for each person. Generally, biometric features are generated , and biometric templates or bio-hash codes are calculated and stored in Authentication Data Table (ADT) along with userid. However, such hashing based authentication is vulnerable to precomputed table attacks. Also, in some cases, the service providers outsource the ADT to cloud or untrusted server. In this paper, a novel biometric-based authentication system is proposed using two servers: crypto-match server and untrusted storage server. The system utilizes biometric image cryptosystem, cryptographic hashing, and Paillier cryptosystem. In the proposed cryptosystem, keystreams are generated from Henon and logistic maps. The control parameters of these chaotic maps are calculated from the input biometric image. The proposed biometric encryption is able to resist statistical and differential attacks and its security level is also validated through various analyzes. Also, the attacks related to the privacy of ADT are analyzed.