BRAKE: Biometric Resilient Authenticated Key Exchange

Pia Bauspieb; Tjerand Silde; Matej Poljuha; Alexandre Tullot; Anamaria Costache; Christian Rathgeb; Jascha Kolberg; Christoph Busch

doi:10.1109/ACCESS.2024.3380915

IEEE Access (Jan 2024)

BRAKE: Biometric Resilient Authenticated Key Exchange

Pia Bauspieb,
Tjerand Silde,
Matej Poljuha,
Alexandre Tullot,
Anamaria Costache,
Christian Rathgeb,
Jascha Kolberg,
Christoph Busch

Affiliations

Pia Bauspieb: ORCiD; Department of Computer Science, Biometrics and Security Research Group (da/sec), Hochschule Darmstadt, Darmstadt, Germany
Tjerand Silde: ORCiD; Department of Information Security and Communication Technology, Norwegian University of Science and Technology (NTNU), Trondheim, Norway
Matej Poljuha: ORCiD; Department of Applied Mathematics and Computer Science, Technical University of Denmark (DTU Compute), Kongens Lyngby, Denmark
Alexandre Tullot: National Higher French Institute of Aeronautics and Space (ISAE-SUPAERO), Toulouse, France
Anamaria Costache: ORCiD; Department of Information Security and Communication Technology, Norwegian University of Science and Technology (NTNU), Trondheim, Norway
Christian Rathgeb: ORCiD; Department of Computer Science, Biometrics and Security Research Group (da/sec), Hochschule Darmstadt, Darmstadt, Germany
Jascha Kolberg: ORCiD; Department of Computer Science, Biometrics and Security Research Group (da/sec), Hochschule Darmstadt, Darmstadt, Germany
Christoph Busch: ORCiD; Department of Computer Science, Biometrics and Security Research Group (da/sec), Hochschule Darmstadt, Darmstadt, Germany

DOI: https://doi.org/10.1109/ACCESS.2024.3380915
Journal volume & issue: Vol. 12
pp. 46596 – 46615

Abstract

Read online

Biometric data are uniquely suited for connecting individuals to their digital identities. Deriving cryptographic key exchange from successful biometric authentication therefore gives an additional layer of trust compared to password-authenticated key exchange. However, biometric data are sensitive personal data that need to be protected on a long-term basis. Furthermore, efficient feature extraction and comparison components resulting in high intra-subject tolerance and inter-subject distinguishability, documented with good biometric performance, need to be applied in order to prevent zero-effort impersonation attacks. In this work, we present a novel protocol for Biometric Resilient Authenticated Key Exchange that fulfils the above requirements of biometric information protection compliant with the international ISO/IEC 24745 standard. In our protocol, we present a novel modification of unlinkable fuzzy vault schemes that allows their connection with oblivious pseudo-random functions to achieve resilient protection against offline attacks crucial for the protection of biometric data. Our protocol is independent of the biometric modality and can be implemented based on the security of discrete logarithms as well as lattices. We provide an open-source implementation of both instantiations of our protocol which achieve real-time efficiency with transaction times of less than one second from the image capture to the completed key exchange.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords