Use Case 4: Enforcement of Biometric-based Access Control

Partner: MORPHO
The use case describes the authentication of a user by some service provider, and assumes that the authentication process contains a biometric comparison (also called biometric matching). The use case assumes, moreover, that the service provider delegates the biometric matching to some dedicated server, called "cloud authentication server". In addition to the result of the authentication, the cloud authentication server supplies a proof that the biometric matching was correctly performed. This proof is enabled by the use of verifiability techniques and is at the core of this use-case.

Business Context
The demands for user authentication services have grown at the same time as digital services slot into everyday life. Conventionally, each agency, company and online service manages its own user database. As a result, the user management becomes tricky, particularly for users. Several paradigms appear to facilitate the authentication, such as Single-Sign-On or Identity Federation. The authentication of users is itself seen as a service and might be delegated from the service provider to dedicated entities. From another perspective, the approaches for authentication of users involve more and more biometric data. However, the outsourcing of processes that make use of biometric data raises privacy concerns and is thus generally avoided. The use of verifiability techniques would reinforce the confidence of outsourcing the authentication service in general and the processing over biometric data in particular to an external server.

Technology Context
Current models for the delegation of authentication are described in several standards, as OpenID and SAML. They involve three types of participants: users, service providers and identity providers. Such models are the basis for the use-case, with the difference that the management of the users is taken on by the service providers in the use case. The identity providers are called here cloud authentication servers, to which the service providers delegate the biometric matching. Their role is to manage the biometric algorithms, so that the service providers do not have to care about these technologies. A cloud authentication server may be provided as a SaaS on a private cloud or public cloud if biometric data are not encrypted, and in a public cloud if biometric data are encrypted.

Expected Outcomes and Contribution of TREDISEC
MORPHO plans to outsource its biometrics-based user authentication service to a cloud authentication server. Without full trust, MORPHO is looking for security primitives that can provide verifiable proofs for each authentication result, in order to audit the operations on the cloud authentication provider. The main contribution of TREDISEC to this use case is the design of the primitives that enable the verifiable processing of biometric data. A critical issue here is to achieve verifiability while being compatible with the comparison of two biometric data objects, as included in the authentication step. Additionally, the contribution of TREDISEC on processing over encrypted data would enforce the privacy of the biometric data.