Reference : Security and Efficiency Analysis of the Hamming Distance Computation Protocol Based o...
Scientific journals : Article
Engineering, computing & technology : Computer science
Security, Reliability and Trust; Computational Sciences
http://hdl.handle.net/10993/29892
Security and Efficiency Analysis of the Hamming Distance Computation Protocol Based on Oblivious Transfer
English
Kiraz, Mehmet Sabır mailto [TÜBİTAK > BİLGEM > UEKAE]
Genç, Ziya Alper mailto [TÜBİTAK > BİLGEM > UEKAE]
Kardaş, Süleyman mailto [TÜBİTAK > BİLGEM > UEKAE]
21-Aug-2015
Security and Communication Networks
Wiley
8
18
4123-4135
Yes (verified by ORBilu)
International
1939-0114
1939-0122
[en] Biometric Identification ; Authentication ; Hamming distance ; Privacy ; Committed Oblivious Transfer
[en] Bringer et al. proposed two cryptographic protocols for the computation of Hamming distance. Their first scheme uses
Oblivious Transfer and provides security in the semi-honest model. The other scheme uses Committed Oblivious Transfer
and is claimed to provide full security in the malicious case. The proposed protocols have direct implications to biometric
authentication schemes between a prover and a verifier where the verifier has biometric data of the users in plain form.
In this paper, we show that their protocol is not actually fully secure against malicious adversaries. More precisely, our
attack breaks the soundness property of their protocol where a malicious user can compute a Hamming distance which is
different from the actual value. For biometric authentication systems, this attack allows a malicious adversary to pass the
authentication without knowledge of the honest user’s input with at most O(n) complexity instead of O(2n), where n is
the input length. We propose an enhanced version of their protocol where this attack is eliminated. The security of our
modified protocol is proven using the simulation-based paradigm. Furthermore, as for efficiency concerns, the modified
protocol utilizes Verifiable Oblivious Transfer which does not require the commitments to outputs which improves its
efficiency significantly.
TÜBİTAK BİLGEM UEKAE
COST Action CRYPTACUS (IC1403)
Cloud Computing and Big Data Research Lab Project
Researchers ; Professionals ; Students ; General public ; Others
http://hdl.handle.net/10993/29892
10.1002/sec.1329
http://onlinelibrary.wiley.com/doi/10.1002/sec.1329/abstract

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
security_analysis_shade.pdfAuthor postprint317.13 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.