[Resource Topic] 2024/100: FiveEyes: Cryptographic Biometric Authentication from the Iris

Resource Applications
#1

Welcome to the resource topic for 2024/100

Title:
FiveEyes: Cryptographic Biometric Authentication from the Iris

Authors: Luke Demarest, Sohaib Ahmad, Sixia Chen, Benjamin Fuller, Alexander Russell

Abstract:

Despite decades of effort, a stubborn chasm exists between the theory and practice of device-level biometric authentication. Deployed authentication algorithms rely on data that leaks private information about the biometric; thus systems rely on externalized security measures such as trusted execution environments. In particular, the authentication algorithms themselves provide no cryptographic security guarantees.

This is particularly frustrating given the long line of research that has developed theoretical tools—known as fuzzy extractors—that enable secure, privacy preserving biometric authentication with public enrollment data. Unfortunately, the best known constructions involving these rigorous tools can only provide substantial true accept rates with an estimated security of 32 bits for the iris (Simhadri et al., ISC 2019) and 45 bits for the face (Zhang, Cui, and Yu, ePrint 2021/1559).

This work introduces FiveEyes, an iris key derivation system that integrates an improved feature extractor with a fuzzy extractor that leverages a new mechanism, which we formally analyze, for selecting verification subsets based on statistics of the iris. (These statistics are computed from a class disjoint dataset from our test set.) We present various parameter regimes in order to highlight different true accept rates:

  1. 65 bits of security (equivalent to 87 bits with a password) at 12\% true accept rate, and
  2. 50 bits of security (equivalent to 72 bits with a password) at 45\% true accept rate.
    We remark that powerful techniques are known that amplify true accept rates (Davida et al., IEEE S&P 1998); in particular, for the first time these results indicate practical viability of biometric authentication with strongcryptographic security.

ePrint: https://eprint.iacr.org/2024/100

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .