Abstract: Due to security and usability challenges with passwords, the industry is gradually moving to biometric-based authentication. While biometrics are user-friendly, a server-side breach of biometric data is more damaging because, unlike passwords, changing biometric information is difficult. FIDO Alliance, an industry-wide effort to enable biometric authentication, uses an approach where biometric templates and measurements are stored and matched on the client device. A successful match transmits a digital signature (on a fresh challenge) to the server which can verify this. Thus, a server-side breach does not lead to a loss of sensitve user data. We introduce a new framework for Distributing FIDO that securely distributes both the biometric template and signing key among multiple devices, who can collectively perform biometric matching and signature generation without reconstructing the template or signing key on any device. We model security via a real-ideal world UC definition and design several protocols that realize this.
NIST Workshop on Multi-Party Threshold Schemes (MPTS) 2020. https://csrc.nist.gov/events/2020/mpts2020
Based on joint work with Shashank Agrawal, Payman Mohassel, Pratyay Mukherjee and Sikhar Patranabis.
NIST Workshop on Multi-Party Threshold Schemes 2020
Starts: November 04, 2020Security and Privacy: cryptography