Improving biometric authentication with Cloud-based SMC

Dr. Henry Carter
Villanova University


Fingerprints as biometric authenticators are rapidly increasing in popularity, with fingerprint scanners available on many modern smartphones and laptops. Because these authenticators are non-revocable, special care must be taken to prevent leakage of the representative feature information of a user’s fingerprint. To this end, secure multiparty computation protocols have been designed to allow for computation over encrypted or garbled data. These privacy-preserving techniques allow for computation to be performed on untrusted clouds or third-party application servers while maintaining a strong guarantee of privacy for the user’s data. In this presentation, we will discuss outsourcing techniques that allow these computationally expensive protocols to be executed from smartphones and other devices with limited computing power. After combining these protocols with fingerprint biometric techniques, we show that biometrics can be used to authenticate to remote services while maintaining the privacy of the user’s biometric information stored on the authentication server. Preliminary performance results show that this privacy-preserving fingerprint authentication can authenticate a user to a remote service in as little as 1.5 seconds. This prototype provides a template for designing low-cost biometric authentication systems, and shows a practical use-case for secure multiparty computation protocols in remote authentication systems.