Major security flaws in biometric authentication systems include the possibility of biometric information leakage, the unreliability of authentication modules, and the lack of openness in the handling of biometric information. Because each person's biometrics are distinct and must be maintained securely, and replication of a biometric template is difficult, its application systems are more secure than conventional techniques like passwords
Block-chain is a fast-expanding technology that combines distributed immutable ledgers, consensus algorithms, and smart contracts to produce an incorruptible digital
In this part, we provide the findings of our assessment and prototype implementation. The Ethereum network Geth (v.1.9.25) and Solidity (v.0.6.0) were used to create our prototype, while Python 3.8 and Web3py were used for the client.
We analytically assessed BBAS performance in real-world circumstances to verify its dependability. Assume that there are 3n clients in BBAS (n = 1, 2, 3, etc.), and each client is responsible for managing n copies of each fragment. The functioning of BBAS may thus be ensured as long as less than n clients are disabled. However, its authentication would not be possible if more than 3n-2 clients were deactivated.
Let x represent the number of disabled clients (n 1 x 3n2) and P represent the probability of a successful authentication (see Eq. (1)): Instances in which certain clients are disabled but still have several pieces of each template accessible for completing authentication are represented by the numbers I, j, and k. Instances in which n copies of each fragment are kept across 3n clients are represented by the number g.
In order to evaluate the effectiveness of BBAS, we built a typical authentication system with one server and one client. The execution times of the server-client system and the BBAS prototype were compared while running on Virtual Box-capable VMs (Ubuntu LTS 22.04, 8GB RAM, 100GB HDD storage). Three clients, each of which is in charge of a different split template. A template's size was set to 2KB, which is considered to be a standard template size. Between extracting the template and authenticating, we timed the BBAS authentication process. Over BBAS's five repetitions, the LookUp smart contract's conclusion was obtained on average in 352 milliseconds, whereas split template fragments from other clients were obtained in 167 milliseconds (519 ms in total). It took 201 milliseconds to complete the authentication for the server-client system, in which a client requests and receives a template from a server. It is clear from the little time difference between the systems that BBAS ensures the reliability of its authentication process while incurring no performance overhead. The fact that recording an authentication action took a considerably longer amount of time (1,906 ms), although having no bearing on the authentication process, has no impact on BBAS's performance in terms of authentication.
To perform biometric based authentication, the biometrics of each and every individual have to be stored in a secure database such as Aadhar, which was created by the Unique Identification Authority of India (UIDAI). Every subject who is enrolled in the biometric system will be issued a 12-digit Unique Identification (UID) number. As the Aadhar contains 1.2 billion Indian residents, by the end of 2014, this will create a database of about 15 petabytes in size. Storing this huge data on the block chain is the biggest challenge and comes with significant cost and creates redundancy. To overcome this issue, we have proposed a new hybrid approach that includes both the block chain and a central Aadhar biometrics server.
In the proposed solution, a hybrid approach is used in which instead of storing the biometric template files in each and every node of the block chain, a one-way hash function is used in which for every biometric template, a unique hash value is generated and these values are stored in the block chain nodes. The biometrics enrollment along with Aadhar and Blockchain is explained in Algorithm 1. From the algorithm, it is clear that the biometric templates will be stored on Aadhar DB and a hash value generated for the template will be stored on block chain nodes. Algorithm 2 shows the migrating of the already enrolled biometrics from Aadhar to the block chain.
In the proposed technique the biometric is split into 2 equal parts and they are managed by different clients, the hash values for the dual split templates were generated and stored in the block chain and this technique avoids leaking of complete biometric in case of attacks . Hashing algorithms can be used for a variety of tasks such as saving passwords, computer vision, and data storage in databases, among others. SHA (Secured Hashing Algorithm) is one of several hashing algorithms that are available, and is chosen based on the speed, optimization, as well as security of the cryptographic algorithm being used. SHA produces irreversible and unique hashes and is one of the fastest hashing algorithms available. There are two methods for hashing: SHA-1 and SHA-2, which differ in terms of construction and bit length. There are many possible hashes in SHA-2, including SHA-224, SHA-384, and SHA-512, with the 256 bit hash being the most used. The secure block chain based authentication scheme is explained in Algorithm 3, in which when a subject's biometric such as finger print is captured by an authentication biometric device, a hash value is generated for that particular biometric template and checked against the block chain global ledger entry. If there is a successful match, then an authentication success code of 0 is returned to the biometric client. If there is no match between the hash value and the block chain global ledger entry, then an authentication failure -1 value is returned to the biometric client. Algorithm 4 shows the block chain smart contract look up at block chain nodes for storing the hash values for the split biometric templates.
The blockchain-based distributed and decentralised biometric authentication system known as BBAS was introduced in this study. The blockchain-based biometric authentication system (BBAS) increases the security and reliability of existing biometric identification systems by breaking a biometric template into parts and managing them in this way. In particular, BBAS (1) enhances biometric data security via distributed blockchain administration, (2) enhances authentication operation reliability through decentralised blockchain authentication, and (3) ensures biometric data flow transparency through blockchain-based audit mechanism. The split template storage and authentication client for BBAS on the Ethereum blockchain was successfully created. We can confidently claim that BBAS offers reliable authentication with very low performance overhead based on the evaluation's results.
The biometric DB such as Aadhar is very big and its size is around 15 petabytes because it stores the physical biometric templates of every single subject. For each single subject, 10 finger prints, 2 iris prints, and one face template have to be stored on the Aadhar DB, which requires big data centers. The existing block chain based biometric security systems are suitable for small-sized DB users such as office employees, college students, etc., and the existing techniques fail to store large data such as Aadhar in their block chain nodes, and it comes with significant cost and effort. Storing the Aadhar biometrics on block chain peers creates redundancy. In the proposed solution, only the hash values of the biometric templates are stored on block chain nodes. This solves all of these problems.
|
|
|
Time taken to run contract |
352 ms |
- |
Time taken to request biometric template |
167 ms |
- |
Total time taken for authentication |
519 ms |
201 ms |
Block-chain based Biometric Authentication Solution BBAS solves the single point of failure problem with a negligible drop in performance/speed of authentication as compared to client-server model of authentication. The proposed BBAS solves the reliability problem by incorporating block-chain based distributed authentication scheme. By using optimization approaches for the template segmentation process and inter-node communication the performance can be further increased.