Privacy preserving biometric-based remote authentication with secure processing unit on untrusted server

Privacy preserving biometric-based remote authentication with secure processing unit on untrusted server

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Biometrics — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Biometric-based authentication systems offer undeniable benefits to users. However, biometric features are vulnerable to attacks, especially those happening over transmission network or at the stored biometric templates. In this work, we propose a novel biometric-based remote authentication framework to deal with malicious attacks over the transmission channel and at the untrusted server. More concretely, the proposed framework is not only resistant against attacks on the network but also protects biometric templates stored in the untrusted server's database, thanks to the combination of fuzzy commitment protocol and non-invertible transformation techniques. The notable feature as compared to previous biometric based remote authentication framework is its ability to defend the sensitive data against different kinds of insider attacks. The server's administrator is incapable of utilizing information saved in its database to impersonate the clients and deceive the whole system because secure computing in the server is guaranteed by employing a secure coprocessor embedded in the server. In addition, the system performance is maintained with the support of random orthonormal project, which reduces computational complexity while preserving its accuracy.


    1. 1)
      • 1. Jain, A.K., Ross, A.: ‘Multibiometric systems’, Commun. ACM, 2004, 47, (1), pp. 3440.
    2. 2)
      • 2. Rathgeb, C., Uhl, A.: ‘A survey on biometric cryptosystems and cancelable biometrics’, EURASIP J. Inf. Secur., 2011, 2011, (1), pp. 125.
    3. 3)
      • 3. Maneesh, U., Anoop, M.N., Kannan, S., et al: ‘Blind authentication: a secure crypto-biometric verification protocol’, IEEE Trans. Inf. Forensics Sec., 2010, 5, (2), pp. 255268.
    4. 4)
      • 4. Nguyen, T.A.T., Dang, T.K., Truong, Q.C., et al: ‘Secure biometric-based remote authentication protocol using Chebyshev polynomials and fuzzy extractor’. AUN/SEED-Net Reginal Conf. on Computer and Information Engineering, 2017.
    5. 5)
      • 5. Lamport, L.: ‘Password authentication with insecure communication’, Commun. ACM, 1981, 24, (11), pp. 770772.
    6. 6)
      • 6. Shamir, A.: ‘Identity-based cryptosystems and signature schemes’, in Blakley, G.R., Chaum, D., (Eds.): ‘Advances in cryptology: proceedings of CRYPTO 84’ (Springer Berlin Heidelberg, Berlin, Heidelberg, 1985), pp. 4753.
    7. 7)
      • 7. Manik Lal Das, A.S., Gulati, V. P.: ‘A dynamic ID-based remote user authentication scheme’, IEEE Trans. Consum. Electron., 2004, 50, (2), pp. 629631.
    8. 8)
      • 8. Yoon, E.-J., Yoo, K.-Y.: ‘Improving the dynamic ID-based remote mutual authentication scheme’, in Meersman, R., Tari, Z., Herrero, P., (Eds.): ‘On the move to meaningful internet systems 2006’ (Springer Berlin Heidelberg, Berlin, Heidelberg), 2006, pp. 499507.
    9. 9)
      • 9. Sood, S.K., Sarje, A.K., Singh, K.: ‘A secure dynamic identity based authentication protocol for multi-server architecture’, J. Netw. Comput. Appl., 2011, 34, (2), pp. 609618.
    10. 10)
      • 10. Jain, A.K., Nandakumar, K., Nagar, A.: ‘Biometric template security’, EURASIP J. Adv. Signal Process., 2008, 2008, pp. 117.
    11. 11)
      • 11. Dang, T.K., Huynh, V.Q.P., Truong, Q.H.: ‘A hybrid template protection approach using secure sketch and ANN for strong biometric key generation with revocability guarantee’, Int. Arab J. Inf. Technol., 2018, 15, (2), pp. 331340.
    12. 12)
      • 12. Dang, T.K., Truong, Q.C., Le, T.B.T., et al: ‘A combination of fuzzy vault and periodic transformation for cancelable biometric template. IET biometrics’ (The Institution of Engineering and Technology, United Kingdom, 2016), vol. 5, pp. 229235.
    13. 13)
      • 13. Lifang, W., Songlong, Y.: ‘A face based fuzzy vault scheme for secure online authentication’. Second Int. Symp. on Data, Privacy and E-Commerce (ISDPE), 2010, pp. 4549.
    14. 14)
      • 14. Failla, P., Sutcu, Y., Barni, M.: ‘Esketch: a privacy-preserving fuzzy commitment scheme for authentication using encrypted biometrics’. Proc. of the 12th ACM Workshop on Multimedia and Security, Roma, Italy, 2010, pp. 241246.
    15. 15)
      • 15. Iovane, G., Bisogni, C., Maio, L.D., et al: ‘An encryption approach using information fusion techniques involving prime numbers and face biometrics’, IEEE Trans. Sustain. Comput., 2018, pp. 11, DOI: 10.1109/TSUSC.2018.2793466.
    16. 16)
      • 16. Nguyen, T.H.L., Nguyen, T.T.H.: ‘An approach to protect private key using fingerprint biometric encryption key in BioPKI based security system’. The 10th Int. Conf. on Control, Automation, Robotics and Vision, ICARCV, 2008, pp. 15951599.
    17. 17)
      • 17. Xi, K., Ahmad, T., Han, F., et al: ‘A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment’, Secur. Commun. Netw., 2011, 4, (5), pp. 487499.
    18. 18)
      • 18. Hisham, A.-A., Rasber, R., Sabah, J.: ‘Combining steganography and biometric cryptosystems for secure mutual authentication and key exchange’. The 8th Int. Conf. for Internet Technology and Secured Transactions (ICITST), 2013, pp. 369374.
    19. 19)
      • 19. Jain, A.K., Uludag, U.: ‘Hiding biometric data’, IEEE Trans. Pattern Anal. Mach. Intell., 2003, 25, (11), pp. 14941498.
    20. 20)
      • 20. Fengling, H., Alkhathami, M., Van Schyndel, R.: ‘Biometric-Kerberos authentication scheme for secure mobile computing services’. The 6th Int. Congress on Image and Signal Processing (CISP), 2013, pp. 16941698.
    21. 21)
      • 21. Zhang, M., Zhang, J., Zhang, Y.: ‘Remote three factor authentication scheme based on fuzzy extractors’, Secur. Commun. Netw., 2015, 8, (4), pp. 682693.
    22. 22)
      • 22. Lee, C.-C., Hsu, C.-W.: ‘A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps’, Nonlinear Dyn., 2013, 71, (1), pp. 201211.
    23. 23)
      • 23. Nguyen, T.A.T., Nguyen, D.T., Dang, T.K.: ‘A multi-factor biometric based remote authentication using fuzzy commitment and non-invertible transformation’. Information and Communication Technology: Third IFIP TC 5/8 Int. Conf., ICT-EurAsia 2015, and 9th IFIP WG 8.9 Working Conference, CONFENIS 2015, Held as Part of WCC 2015, Daejeon, Korea, October 4–7, 2015, Proceedings, I. Khalil, et al., Editors, Springer International Publishing, Cham, 2015, pp. 7788.
    24. 24)
      • 24. Nguyen, T.A.T., Dang, T.K.: ‘Protecting biometrics using fuzzy extractor and non-invertible transformation methods in Kerberos authentication protocol’, LNCS Trans. Large-Scale Data- and Knowledge-Centered Syst XXXI, 2016, 10140, p. 19.
    25. 25)
      • 25. Juels, A., Wattenberg, M.: ‘A fuzzy commitment scheme’. Proc. of the 6th ACM Conf. on Computer and communications security, Singapore, 1999, pp. 2836.
    26. 26)
      • 26. Hisham, A.-A., Harin, S., Sabah, J.: ‘A lightweight approach for biometric template protection’. Proc. of SPIE, 2009.
    27. 27)
      • 27. Benzekki, K., Fergougui, A.E., Alaoui, A.E.B.E.: ‘A secure cloud computing architecture using homomorphic encryption’, Int. J. Adv. Comput. Sci. Appl., 2016, 7, (2), p. 6.
    28. 28)
      • 28. Dang, T.K.: ‘Security issues in outsourced XML databases’. IT Outsourcing: Concepts, Methodologies, Tools, and Applications, 2010, pp. 20522081.
    29. 29)
      • 29. Dang, T.K.: ‘A practical solution to supporting oblivious basic operations on dynamic outsourced search trees’, Int. J. Comput. Syst. Sci. Eng., 2006, 21, (1), pp. 5364.
    30. 30)
      • 30. Nguyen, T.A.T., Dang, T.K.: ‘Enhanced security in internet voting protocol using blind signature and dynamic ballots’, Electron. Commer. Res., 2013, 13, (3), pp. 257272.
    31. 31)
      • 31. IBM cryptographic coprocessor, 2018 March 15’, 2018. Available from:
    32. 32)
      • 32. Anderson, R., Bond, M., Clulow, J., et al: ‘Cryptographic processors – a survey’, Proc. IEEE, 2006, 94, (2), pp. 357369.
    33. 33)
      • 33. Fletcher, C.W., Dijk, M.V., Devadas, S.: ‘A secure processor architecture for encrypted computation on untrusted programs’. Proc. of the Seventh ACM Workshop on Scalable Trusted Computing, 2012, pp. 38.
    34. 34)
      • 34. Maas, M.C., Love, E., Stefanov, E., et al: ‘Phantom: practical oblivious computation in a secure processor’, Proc of the 2013 ACM SIGSAC conference on Computer & communications security, Berlin, Germany, 2013, pp. 311324.
    35. 35)
      • 35. Chhabra, S., Solihin, Y., Lal, R., et al: ‘An analysis of secure processor architectures’, Trans. Comput. Sci., 2010, 7, pp. 101121.
    36. 36)
      • 36. Gentry, C., Boneh, D.: ‘A fully homomorphic encryption scheme’, ‘Stanford University Stanford’, 2009, 20, (9), p. 199.
    37. 37)
      • 37. Nguyen, T.A.T., Dang, T.K.: ‘Combining fuzzy extractor in biometric-Kerberos based authentication protocol’. Int. Conf. on Advanced Computing and Appications, Ho Chi Minh, Vietnam, 2015, pp. 16.
    38. 38)
      • 38. Mishra, D., Kumari, S., Khan, M.K., et al: ‘An anonymous biometric-based remote user-authenticated key agreement scheme for multimedia systems’, Int. J. Commun. Syst., 2017, 30, (1), DOI: 10.1002/dac.2946.

Related content

This is a required field
Please enter a valid email address