Privacy-preserving Biometric Authentication

Developing methods for biometric authentication that severely limit the exposure and the risk of leakage of biometric data to external providers.

This SNF-funded 4-year project will provide the first formal treatment of remote biometric authentication, and develops provably secure cryptographic solutions to protect user's biometrics in the world wide web. Being unforgettable and unique, biometrics are our convenient passwords of tomorrow. On the other hand, they are irreplaceable and tied to our identity, and thus deserve strong and provable protection. Provable guarantees are inevitable for protocols operating with sensitive users' data such as biometrics, as any security issues would put a user's privacy at stake without her even noticing. The formal approach taken in this project will yield protocols that provably and strongly protect biometrics when used to authenticate in remote settings such as the internet. Thanks to a general treatment, our findings have broad applicability even beyond biometrics, e.g., they can be used for IoT device pairing or to design typo-tolerant password systems. All results, including proof-of-concept implementations, will be made publicly available.