Biometric-based Authentication Schemes using Private Information Retrieval

This work deals with the security problems in authentication schemes employing volatile biometric features, where the authentication is indeed a comparison between a fresh feature and that enrolled during the initialization phase. We propose a security model for biometric-based authentication schemes by assuming that the biometric features to be public. Extra attentions have been paid to the privacy issues related to the sensitive relation between a biometric feature and the relevant identity. To formally study the security issues in biometric information comparison, we introduce a new cryptographic primitive, i.e., Decisional Private Information Retrieval (DPIR), inspired by the concept of Private Information Retrieval (PIR). DPIR protocols enable a client to obtain some information about an item from a database without retrieving this item directly. One DPIR protocol is constructed using Paillier's public key encryption scheme and the ElGamal scheme. Finally, we present an authentication scheme based on this DPIR protocol, proved secure in our security model.<br/> Cet exposé est basé sur des travaux communs avec Hervé Chabanne (Sagem Défense Sécurité), Malika Izabachéne, David Pointcheval, Qiang Tang, et Sébastien Zimmer (ENS).