Secure Hamming Distance based Biometric Authentication Rohan Kulkarni Anoop Namboodiri International Institute of Information Technology Hyderabad {rohan.kulkarni@research, anoop@}.iiit.ac.in Abstract Concerns of privacy, template security and efﬁciency of biometric authentication systems have received consider- able research attention in the recent past. Binary template representations have been shown to provide signiﬁcant im- provements in efﬁciency without compromising accuracy for a variety of biometric modalities including ﬁngerprints, palmprints and iris. Most of the secure authentication pro- tocols work with generic feature representations or propose new secure templates for speciﬁc modalities. In this work, we propose an authentication protocol that works with any binary biometric representation that employs hamming dis- tance for comparison and convert it into a secure, privacy preserving protocol that provides template protection. We also provide the ability to use masks while computing the hamming distance. The protocol retains the accuracy of the underlying representation as demonstrated by our experi- ments. 1. Introduction Biometry and Security go hand in hand in user authen- tication or identiﬁcation. The uniqueness of the biometric data of a user provides the credibility of the individual to be authenticated. Thus it provides a way to ensure secure access to an environment. The non-revocability quality of biometrics causes high security to be ensured for the stored data. If stolen, the user’s identity in any system which au- thenticates based on that biometric is in danger. Ensur- ing perfection in combining both the aspects of security and credibility i.e accuracy for building a system efﬁcient enough to work in real time has not yet reached a satisfac- tory stage. This is the source of research motivation in the ﬁeld of biometric authentication[19]. In this paper, we design and implement a system which provides biometric template protection along with a secure authentication mechanism. The proposed protocol requires the underlying matching algorithm to be based on normal- ized hamming distance of two binary feature vectors. It also allows the use of masks while computing the distance. It’s a two party protocol with the server having the secure biomet- ric templates and the client attempting the authentication using its own biometric data along with some keys. The au- thentication process takes place on encrypted data and does not allow any leakage of information about the biometric features. State-of-the-art cryptographic protocols are not designed for error-tolerance in their inputs. On the other hand, bio- metric systems have to be built on a classiﬁer which toler- ates some amount of fuzziness in its data. Thus, combining biometrics and cryptographic protocols to develop a secure system is a difﬁcult problem. It can be dealt in two ways, either develop a stable feature from biometric data or make the matching algorithm a part of the protocol. However, both the ways are quite hard. Most of the systems which try to integrate the merits of both, cryptography and biometrics, use Fuzzy Extractors or Secure Sketches[15, 11]. The underlying mechanism uses error correction codes to handle the fuzziness in the biomet- ric data. The limitations of correction capacity affect the matching accuracy of the system. Many hashing based sys- tems have also been developed but they too fail to achieve high accuracy in realistic settings[16]. Several biometric matching systems are based on strong cryptographic primitives - the homomorphic Paillier[17], Goldwasser-Micali cryptosystem[8, 5], Garbled circuits[14, 9], [3] which propose secure methods for user authentica- tion, but are not equipped to provide security, privacy and template protection simultaneously with efﬁcient computa- tion. Of them, [14, 8] provide secure identiﬁcation, [3, 9] even involve a mask vector, but do not ensure template pro- tection. [5, 17] are based on secure hamming distances, however there is no mask vector involved. The protocols in [6, 7] operate on an encrypted domain and perform biometric identiﬁcation. Their computational complexities for performing a matching are high for a real time authentication system. A secure and private authenti- cation system is proposed in [20]. It is designed for biomet- ric schemes which use linear classiﬁers and SVMs.