Continuous authentication enhances security by verifying users beyond their initial login. While it mitigates risks of one-time authentication, it often requires ongoing biometric data transmission, raising privacy concerns due to their sensitivity and non-revocability. To address this, we explore privacy-preserving continuous authentication using Zero-Knowledge Proofs (ZKP), which enable verification without revealing biometric data. We developed and evaluated two continuous authentication protocols: one using interactive ZKPs and another using Non-Interactive ZKPs (NIZKPs). Based on existing work, we selected and adapted a suitable one-time biometric authentication protocol, implemented a proof of concept, and tested different training sizes to optimize the trade-off between execution time and performance. With 30 training users, our system achieved a false acceptance rate of 0.0065, false rejection rate of 0.0048, and execution time of 0.1261 s. The NIZKP variant proved significantly faster due to reduced network overhead. Our approach demonstrates that continuous authentication can be made both secure and privacy-preserving, offering a scalable and highly adaptable alternative for existing systems.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Always Authenticated, Never Exposed: Continuous Authentication via Zero-Knowledge Proofs

  • Dennis Hamm,
  • Erwin Kupris,
  • Thomas Schreck

摘要

Continuous authentication enhances security by verifying users beyond their initial login. While it mitigates risks of one-time authentication, it often requires ongoing biometric data transmission, raising privacy concerns due to their sensitivity and non-revocability. To address this, we explore privacy-preserving continuous authentication using Zero-Knowledge Proofs (ZKP), which enable verification without revealing biometric data. We developed and evaluated two continuous authentication protocols: one using interactive ZKPs and another using Non-Interactive ZKPs (NIZKPs). Based on existing work, we selected and adapted a suitable one-time biometric authentication protocol, implemented a proof of concept, and tested different training sizes to optimize the trade-off between execution time and performance. With 30 training users, our system achieved a false acceptance rate of 0.0065, false rejection rate of 0.0048, and execution time of 0.1261 s. The NIZKP variant proved significantly faster due to reduced network overhead. Our approach demonstrates that continuous authentication can be made both secure and privacy-preserving, offering a scalable and highly adaptable alternative for existing systems.