两全其美：区块链上高效、可用、可审计的生物识别 ABC

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces Pub Date : 2024-08-13 DOI:10.1016/j.csi.2024.103916

{"title":"两全其美：区块链上高效、可用、可审计的生物识别 ABC","authors":"","doi":"10.1016/j.csi.2024.103916","DOIUrl":null,"url":null,"abstract":"<div>In García-Rodríguez et al. 2024, two generic constructions for biometric-based non-transferable Attribute Based Credentials (biometric ABC) are presented, which offer different trade-offs between efficiency and trust assumptions. In this paper, we focus on the second scheme denoted as BioABC-ZK that tries to remove the strong (and unrealistic) trust assumption on the Reader R, and we show that BioABC-ZK has a security flaw for a colluding R and Verifier V. Besides, BioABC-ZK lacks GDPR-compliance, which requires secure processing of biometrics, for instance in form of Fuzzy Extractors, as opposed to (<math><mi>i</mi></math>) storing the reference biometric template <math><msub><mrow><mi>a</mi></mrow><mrow><mi>B</mi><mi>i</mi><mi>o</mi></mrow></msub></math> in the user’s mobile phone and (<math><mrow><mi>i</mi><mi>i</mi></mrow></math>) processing of biometrics using an external untrusted R, whose foreign manufacturers are unlikely to adjust their products according to GDPR.The contributions of this paper are threefold. First, we review efficient biometric ABC schemes to identify the privacy-by-design criteria for them. In view of these principles, we propose a new architecture for biometric ABC of Sarier 2021 by adapting the recently introduced core/helper setting. Briefly, a user in our modified setting is composed of a constrained core device (a SIM card) inside a helper device (a smart phone with dual SIM and face recognition feature), which – as opposed to García-Rodríguez et al. 2024 – does not need to store <math><msub><mrow><mi>a</mi></mrow><mrow><mi>B</mi><mi>i</mi><mi>o</mi></mrow></msub></math>. This way, the new design provides Identity Privacy without the need for an external R and/or a dedicated hardware per user such as a biometric smart card reader or a tamper proof smart card as in current hardware-bound credential systems. Besides, the new system maintains minimal hardware requirements on the SIM card – only responsible for storing ABC and helper data –, which results in easy adoption and usability without loosing efficiency, if deep face fuzzy vault and our modified ABC scheme are employed together. As a result, a total overhead of 500 ms to a showing of a comparable non-biometric ABC is obtained instead of the 2.1 s in García-Rodríguez et al. 2024 apart from the removal of computationally expensive pairings. Finally, as different from García-Rodríguez et al. 2024, auditing is achieved via Blockchain instead of proving in zero-knowledge the actual biometric matching by the user to reveal malicious behavior of R and V.</div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1000,"publicationDate":"2024-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Best of two worlds: Efficient, usable and auditable biometric ABC on the blockchain\",\"authors\":\"\",\"doi\":\"10.1016/j.csi.2024.103916\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>In García-Rodríguez et al. 2024, two generic constructions for biometric-based non-transferable Attribute Based Credentials (biometric ABC) are presented, which offer different trade-offs between efficiency and trust assumptions. In this paper, we focus on the second scheme denoted as BioABC-ZK that tries to remove the strong (and unrealistic) trust assumption on the Reader R, and we show that BioABC-ZK has a security flaw for a colluding R and Verifier V. Besides, BioABC-ZK lacks GDPR-compliance, which requires secure processing of biometrics, for instance in form of Fuzzy Extractors, as opposed to (<math><mi>i</mi></math>) storing the reference biometric template <math><msub><mrow><mi>a</mi></mrow><mrow><mi>B</mi><mi>i</mi><mi>o</mi></mrow></msub></math> in the user’s mobile phone and (<math><mrow><mi>i</mi><mi>i</mi></mrow></math>) processing of biometrics using an external untrusted R, whose foreign manufacturers are unlikely to adjust their products according to GDPR.The contributions of this paper are threefold. First, we review efficient biometric ABC schemes to identify the privacy-by-design criteria for them. In view of these principles, we propose a new architecture for biometric ABC of Sarier 2021 by adapting the recently introduced core/helper setting. Briefly, a user in our modified setting is composed of a constrained core device (a SIM card) inside a helper device (a smart phone with dual SIM and face recognition feature), which – as opposed to García-Rodríguez et al. 2024 – does not need to store <math><msub><mrow><mi>a</mi></mrow><mrow><mi>B</mi><mi>i</mi><mi>o</mi></mrow></msub></math>. This way, the new design provides Identity Privacy without the need for an external R and/or a dedicated hardware per user such as a biometric smart card reader or a tamper proof smart card as in current hardware-bound credential systems. Besides, the new system maintains minimal hardware requirements on the SIM card – only responsible for storing ABC and helper data –, which results in easy adoption and usability without loosing efficiency, if deep face fuzzy vault and our modified ABC scheme are employed together. As a result, a total overhead of 500 ms to a showing of a comparable non-biometric ABC is obtained instead of the 2.1 s in García-Rodríguez et al. 2024 apart from the removal of computationally expensive pairings. Finally, as different from García-Rodríguez et al. 2024, auditing is achieved via Blockchain instead of proving in zero-knowledge the actual biometric matching by the user to reveal malicious behavior of R and V.</div>\",\"PeriodicalId\":50635,\"journal\":{\"name\":\"Computer Standards & Interfaces\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2024-08-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Standards & Interfaces\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0920548924000850\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Standards & Interfaces","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0920548924000850","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

García-Rodríguez 等人在 2024 年提出了两种基于生物特征的不可转移属性凭证（biometric ABC）的通用结构，它们在效率和信任假设之间做出了不同的权衡。本文重点讨论第二种方案，即 BioABC-ZK，该方案试图消除对阅读器 R 的强（不现实）信任假设，并证明 BioABC-ZK 在 R 和验证器 V 串通的情况下存在安全漏洞。此外，BioABC-ZK 不符合 GDPR 要求，而 GDPR 要求生物识别的安全处理，例如以模糊提取器的形式，而不是（i）将参考生物识别模板 aBio 存储在用户的手机中，以及（ii）使用外部不信任的 R 处理生物识别，国外制造商不太可能根据 GDPR 调整其产品。首先，我们回顾了有效的生物识别 ABC 方案，以确定其隐私设计标准。根据这些原则，我们通过调整最近引入的核心/助手设置，为 Sarier 2021 生物识别 ABC 提出了一种新的架构。简而言之，在我们修改后的设置中，用户由一个受限的核心设备（SIM 卡）和一个辅助设备（具有双 SIM 卡和人脸识别功能的智能手机）组成，与 García-Rodríguez 等人 2024 的设置不同，辅助设备不需要存储生物特征。因此，新设计无需外部 R 和/或每个用户的专用硬件，如生物识别智能卡读写器或防篡改智能卡，就能提供身份隐私保护，就像目前的硬件绑定证书系统一样。此外，新系统对 SIM 卡的硬件要求极低（仅负责存储 ABC 和辅助数据），因此，如果同时采用深层人脸模糊保险库和我们改进的 ABC 方案，则可以在不降低效率的情况下轻松采用新系统并提高其可用性。因此，除了去掉计算成本高昂的配对之外，显示类似的非生物识别 ABC 的总开销为 500 毫秒，而不是 García-Rodríguez 等人 2024 中的 2.1 秒。最后，与 García-Rodríguez 等人的论文 2024 不同的是，审计是通过区块链实现的，而不是通过零知识证明用户的实际生物特征匹配来揭示 R 和 V 的恶意行为。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Best of two worlds: Efficient, usable and auditable biometric ABC on the blockchain

In García-Rodríguez et al. 2024, two generic constructions for biometric-based non-transferable Attribute Based Credentials (biometric ABC) are presented, which offer different trade-offs between efficiency and trust assumptions. In this paper, we focus on the second scheme denoted as BioABC-ZK that tries to remove the strong (and unrealistic) trust assumption on the Reader R, and we show that BioABC-ZK has a security flaw for a colluding R and Verifier V. Besides, BioABC-ZK lacks GDPR-compliance, which requires secure processing of biometrics, for instance in form of Fuzzy Extractors, as opposed to ( $i$ ) storing the reference biometric template $a_{B i o}$ in the user’s mobile phone and ( $i i$ ) processing of biometrics using an external untrusted R, whose foreign manufacturers are unlikely to adjust their products according to GDPR.

The contributions of this paper are threefold. First, we review efficient biometric ABC schemes to identify the privacy-by-design criteria for them. In view of these principles, we propose a new architecture for biometric ABC of Sarier 2021 by adapting the recently introduced core/helper setting. Briefly, a user in our modified setting is composed of a constrained core device (a SIM card) inside a helper device (a smart phone with dual SIM and face recognition feature), which – as opposed to García-Rodríguez et al. 2024 – does not need to store $a_{B i o}$ . This way, the new design provides Identity Privacy without the need for an external R and/or a dedicated hardware per user such as a biometric smart card reader or a tamper proof smart card as in current hardware-bound credential systems. Besides, the new system maintains minimal hardware requirements on the SIM card – only responsible for storing ABC and helper data –, which results in easy adoption and usability without loosing efficiency, if deep face fuzzy vault and our modified ABC scheme are employed together. As a result, a total overhead of 500 ms to a showing of a comparable non-biometric ABC is obtained instead of the 2.1 s in García-Rodríguez et al. 2024 apart from the removal of computationally expensive pairings. Finally, as different from García-Rodríguez et al. 2024, auditing is achieved via Blockchain instead of proving in zero-knowledge the actual biometric matching by the user to reveal malicious behavior of R and V.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computer Standards & Interfaces 工程技术-计算机：软件工程

CiteScore

11.90

自引率

16.00%

发文量

审稿时长

6 months

期刊介绍： The quality of software, well-defined interfaces (hardware and software), the process of digitalisation, and accepted standards in these fields are essential for building and exploiting complex computing, communication, multimedia and measuring systems. Standards can simplify the design and construction of individual hardware and software components and help to ensure satisfactory interworking. Computer Standards & Interfaces is an international journal dealing specifically with these topics. The journal • Provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels • Publishes critical comments on standards and standards activities • Disseminates user''s experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods • Offers a forum for discussion on actual projects, standards, interfaces and methods by recognised experts • Stimulates relevant research by providing a specialised refereed medium.