Authors:
D. Palma and P.L. Montessoro
Date:
2024
Publisher:
IEEE
Journal:
IEEE Access
Cite:
D. Palma and P.L. Montessoro, "For Your Eyes Only: a Privacy-Preserving Authentication Framework based on Homomorphic Encryption and Retina Biometrics," in IEEE Access (early access), 2024.
Bibtex:
@article{PM2024Access,
title = {For Your Eyes Only: a Privacy-Preserving Authentication Framework based on Homomorphic Encryption and Retina Biometrics},
author = {Palma, David and Montessoro, Pier Luca},
journal = {IEEE Access},
volume = {12},
pages = {183688-183706},
year = {2024},
publisher = {IEEE}
}
Abstract:
Securing personal information and data has become an imperative challenge, especially after the introduction of legal frameworks, such as, in Europe, the General Data Protection Regulation (GDPR). Conventional authentication methods, such as PINs and passwords, have demonstrated their vulnerabilities to various cyber threats, making it necessary the study of robust and reliable biometric authentication systems that can accurately verify an user’s identity. The human retina has demonstrated remarkable reliability as a biometric trait mainly because of its unique and stable patterns, even though the adoption of these systems gives rise to significant concerns regarding the confidentiality of biometric data. This study presents a groundbreaking approach to address these concerns by integrating homomorphic encryption into retina-based authentication. The combination of homomorphic encryption and retina biometrics within the proposed framework offers a comprehensive solution that ensures both privacy and security with no loss in accuracy. The proposed approach mitigates the risks associated with possible unauthorised access and security breaches by keeping the data encrypted throughout the entire procedure. Furthermore, it preserves the individual’s privacy by preventing the exposure of sensitive biometric information. We evaluated the proposed system through extensive experiments and simulations, demonstrating its effectiveness in terms of both security and privacy when the system operates in normal (ideal) and abnormal (under attack) conditions. Experimental results indicate that the combined approach offers robust resistance to various attacks, including replay attacks and data exposure, providing a robust and privacy-centric authentication solution.