{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:01:52Z","timestamp":1777806112106,"version":"3.51.4"},"reference-count":44,"publisher":"SAGE Publications","issue":"4","license":[{"start":{"date-parts":[[2020,4,8]],"date-time":"2020-04-08T00:00:00Z","timestamp":1586304000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2020,6,19]]},"abstract":"In this paper, we introduce the first general framework for strong privacy-preserving biometric-based remote user authentication based on oblivious RAM (ORAM) protocol and computational fuzzy extractors. We define formal security models for the general framework, and we prove that it can achieve user authenticity and strong privacy. In particular, the general framework ensures that: (1) a strong privacy and a log-linear time-complexity are achieved by using a new tree-based ORAM protocol; (2) a constant bandwidth cost is achieved by exploiting computational fuzzy extractors in the challenge-response phase of remote user authentications.<\/jats:p>","DOI":"10.3233\/jcs-191336","type":"journal-article","created":{"date-parts":[[2020,4,10]],"date-time":"2020-04-10T11:56:06Z","timestamp":1586519766000},"page":"469-498","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":0,"title":["A new framework for privacy-preserving biometric-based remote user authentication"],"prefix":"10.1177","volume":"28","author":[{"given":"Yangguang","family":"Tian","sequence":"first","affiliation":[{"name":"School of Information Systems, Singapore Management University, Singapore. E-mails:\u00a0,\u00a0"}]},{"given":"Yingjiu","family":"Li","sequence":"additional","affiliation":[{"name":"Computer and Information Science, University of Oregon, USA. E-mail:\u00a0"}]},{"given":"Robert H.","family":"Deng","sequence":"additional","affiliation":[{"name":"School of Information Systems, Singapore Management University, Singapore. E-mails:\u00a0,\u00a0"}]},{"given":"Nan","family":"Li","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering and Computing, University of Newcastle, NSW, Australia. E-mail:\u00a0"}]},{"given":"Pengfei","family":"Wu","sequence":"additional","affiliation":[{"name":"School of Software and Microelectronics, Peking University, Beijing, China. E-mail:\u00a0"}]},{"given":"Anyi","family":"Liu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Oakland University, USA. E-mail:\u00a0"}]}],"member":"179","published-online":{"date-parts":[[2020,4,8]]},"reference":[{"key":"ref001","doi-asserted-by":"crossref","unstructured":"A.\u00a0Akavia, S.\u00a0Goldwasser and V.\u00a0Vaikuntanathan, Simultaneous hardcore bits and cryptography against memory attacks, in: TCC, 2009, pp.\u00a0474\u2013495.","DOI":"10.1007\/978-3-642-00457-5_28"},{"key":"ref002","doi-asserted-by":"crossref","unstructured":"D.\u00a0Apon, C.\u00a0Cho, K.\u00a0Eldefrawy and J.\u00a0Katz, Efficient, reusable fuzzy extractors from LWE, in: International Conference on Cyber Security Cryptography and Machine Learning, 2017, pp.\u00a01\u201318.","DOI":"10.1007\/978-3-319-60080-2_1"},{"key":"ref003","doi-asserted-by":"crossref","unstructured":"M.\u00a0Backes, A.\u00a0Herzberg, A.\u00a0Kate and I.\u00a0Pryvalov, Anonymous RAM, in: ESORICS, 2016, pp.\u00a0344\u2013362.","DOI":"10.1007\/978-3-319-45744-4_17"},{"key":"ref004","doi-asserted-by":"publisher","DOI":"10.1145\/1854229.1854270"},{"key":"ref005","doi-asserted-by":"crossref","unstructured":"M.\u00a0Bellare, A.\u00a0Boldyreva, A.\u00a0Desai and D.\u00a0Pointcheval, Key-privacy in public-key encryption, in: ASIACRYPT, 2001, pp.\u00a0566\u2013582.","DOI":"10.1007\/3-540-45682-1_33"},{"key":"ref006","doi-asserted-by":"crossref","unstructured":"V.\u00a0Bindschaedler, M.\u00a0Naveed, X.\u00a0Pan, X.\u00a0Wang and Y.\u00a0Huang, Practicing oblivious access on cloud storage: The gap, the fallacy, and the new way forward, in: ACM CCS, 2015, pp.\u00a0837\u2013849.","DOI":"10.1145\/2810103.2813649"},{"key":"ref007","doi-asserted-by":"crossref","unstructured":"O.\u00a0Blazy, G.\u00a0Fuchsbauer, D.\u00a0Pointcheval and D.\u00a0Vergnaud, Signatures on randomizable ciphertexts, in: PKC, 2011, pp.\u00a0403\u2013422.","DOI":"10.1007\/978-3-642-19379-8_25"},{"key":"ref008","doi-asserted-by":"crossref","unstructured":"X.\u00a0Boyen, Reusable cryptographic fuzzy extractors, in: ACM CCS, 2004, pp.\u00a082\u201391.","DOI":"10.1145\/1030083.1030096"},{"key":"ref009","doi-asserted-by":"crossref","unstructured":"X.\u00a0Boyen, Y.\u00a0Dodis, J.\u00a0Katz, R.\u00a0Ostrovsky and A.D.\u00a0Smith, Secure remote authentication using biometric data, in: EUROCRYPT, Lecture Notes in Computer Science, Vol.\u00a03494, 2005, pp.\u00a0147\u2013163.","DOI":"10.1007\/11426639_9"},{"key":"ref010","doi-asserted-by":"crossref","unstructured":"D.\u00a0Chaum and E.\u00a0Van Heyst, Group signatures, in: EUROCRYPT, 1991, pp.\u00a0257\u2013265.","DOI":"10.1007\/3-540-46416-6_22"},{"key":"ref011","doi-asserted-by":"publisher","DOI":"10.1109\/SFCS.1995.492461"},{"key":"ref012","doi-asserted-by":"crossref","unstructured":"R.\u00a0Cramer and V.\u00a0Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, in: CRYPTO, 1998, pp.\u00a013\u201325.","DOI":"10.1007\/BFb0055717"},{"key":"ref013","unstructured":"J.L.\u00a0DautrichJr., E.\u00a0Stefanov and E.\u00a0Shi, Burst ORAM: Minimizing ORAM response times for bursty access patterns, in: USENIX, 2014, pp.\u00a0749\u2013764."},{"key":"ref014","doi-asserted-by":"crossref","unstructured":"S.\u00a0De Capitani di Vimercati, S.\u00a0Foresti, S.\u00a0Paraboschi, G.\u00a0Pelosi and P.\u00a0Samarati, Shuffle index: Efficient and private access to outsourced data, ACM Transactions on Storage (TOS) 11(4) (2015), 19.","DOI":"10.1145\/2747878"},{"key":"ref015","doi-asserted-by":"crossref","unstructured":"S.\u00a0Devadas, M.\u00a0van Dijk, C.W.\u00a0Fletcher, L.\u00a0Ren, E.\u00a0Shi and D.\u00a0Wichs, Onion ORAM: A constant bandwidth blowup oblivious RAM, in: TCC, 2016, pp.\u00a0145\u2013174.","DOI":"10.1007\/978-3-662-49099-0_6"},{"key":"ref016","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Dodis, L.\u00a0Reyzin and A.\u00a0Smith, Fuzzy extractors: How to generate strong keys from biometrics and other noisy data, in: EUROCRYPT, 2004, pp.\u00a0523\u2013540.","DOI":"10.1007\/978-3-540-24676-3_31"},{"key":"ref017","doi-asserted-by":"crossref","unstructured":"J.\u00a0Doerner and A.\u00a0Shelat, Scaling ORAM for secure computation, in: ACM CCS, 2017, pp.\u00a0523\u2013535.","DOI":"10.1145\/3133956.3133967"},{"key":"ref018","doi-asserted-by":"crossref","unstructured":"N.\u00a0D\u00f6ttling and J.\u00a0M\u00fcller-Quade, Lossy codes and a new variant of the learning-with-errors problem, in: EUROCRYPT, 2013, pp.\u00a018\u201334.","DOI":"10.1007\/978-3-642-38348-9_2"},{"key":"ref019","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1985.1057074"},{"key":"ref020","doi-asserted-by":"crossref","unstructured":"Z.\u00a0Erkin, M.\u00a0Franz, J.\u00a0Guajardo, S.\u00a0Katzenbeisser, I.\u00a0Lagendijk and T.\u00a0Toft, Privacy-preserving face recognition, in: PET, 2009, pp.\u00a0235\u2013253.","DOI":"10.1007\/978-3-642-03168-7_14"},{"key":"ref021","doi-asserted-by":"crossref","unstructured":"B.\u00a0Fuller, X.\u00a0Meng and L.\u00a0Reyzin, Computational fuzzy extractors, in: ASIACRYPT, 2013, pp.\u00a0174\u2013193.","DOI":"10.1007\/978-3-642-42033-7_10"},{"key":"ref022","doi-asserted-by":"publisher","DOI":"10.1145\/233551.233553"},{"key":"ref023","unstructured":"Y.\u00a0Huang, L.\u00a0Malka, D.\u00a0Evans and J.\u00a0Katz, Efficient privacy-preserving biometric identification, in: NDSS, 2011."},{"key":"ref024","unstructured":"Is your information on mobile health apps safe? https:\/\/www.cybrary.it\/2018\/05\/information-mobile-health-apps-safe\/."},{"key":"ref025","unstructured":"M.S.\u00a0Islam, M.\u00a0Kuzu and M.\u00a0Kantarcioglu, Access pattern disclosure on searchable encryption: Ramification, attack and mitigation, in: NDSS, 2012, p.\u00a012."},{"key":"ref026","doi-asserted-by":"crossref","unstructured":"A.\u00a0Juels and M.\u00a0Wattenberg, A fuzzy commitment scheme, in: ACM CCS, 1999, pp.\u00a028\u201336.","DOI":"10.1145\/319709.319714"},{"key":"ref027","doi-asserted-by":"publisher","DOI":"10.1137\/S0097539705446846"},{"key":"ref028","doi-asserted-by":"crossref","unstructured":"N.\u00a0Li, F.\u00a0Guo, Y.\u00a0Mu, W.\u00a0Susilo and S.\u00a0Nepal, Fuzzy extractors for biometric identification, in: ICDCS, 2017, pp.\u00a0667\u2013677.","DOI":"10.1109\/ICDCS.2017.107"},{"key":"ref029","doi-asserted-by":"crossref","unstructured":"M.\u00a0Maas, E.\u00a0Love, E.\u00a0Stefanov, M.\u00a0Tiwari, E.\u00a0Shi, K.\u00a0Asanovic, J.\u00a0Kubiatowicz and D.\u00a0Song, Phantom: Practical oblivious computation in a secure processor, in: ACM CCS, 2013, pp.\u00a0311\u2013324.","DOI":"10.1145\/2508859.2516692"},{"key":"ref030","doi-asserted-by":"crossref","unstructured":"M.\u00a0Maffei, G.\u00a0Malavolta, M.\u00a0Reinert and D.\u00a0Schr\u00f6der, Privacy and access control for outsourced personal records, in: Security and Privacy (SP), 2015, pp.\u00a0341\u2013358.","DOI":"10.1109\/SP.2015.28"},{"key":"ref031","doi-asserted-by":"crossref","unstructured":"T.\u00a0Matsuda, K.\u00a0Takahashi, T.\u00a0Murakami and G.\u00a0Hanaoka, Fuzzy signatures: Relaxing requirements and a new construction, in: ACNS, 2016, pp.\u00a097\u2013116.","DOI":"10.1007\/978-3-319-39555-5_6"},{"key":"ref032","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2016.02.002"},{"key":"ref033","doi-asserted-by":"publisher","DOI":"10.1145\/1568318.1568324"},{"key":"ref034","unstructured":"L.\u00a0Ren, C.W.\u00a0Fletcher, A.\u00a0Kwon, E.\u00a0Stefanov, E.\u00a0Shi, M.\u00a0Van Dijk and S.\u00a0Devadas, Constants count: Practical improvements to oblivious RAM, in: USENIX, 2015, pp.\u00a0415\u2013430."},{"key":"ref035","doi-asserted-by":"crossref","unstructured":"C.\u00a0Sahin, V.\u00a0Zakhary, A.\u00a0El Abbadi, H.\u00a0Lin and S.\u00a0Tessaro, Taostore: Overcoming asynchronicity in oblivious data storage, in: Security and Privacy (SP), 2016, pp.\u00a0198\u2013217.","DOI":"10.1109\/SP.2016.20"},{"key":"ref036","doi-asserted-by":"crossref","unstructured":"C.P.\u00a0Schnorr, Efficient identification and signatures for smart cards, in: CRYPTO, 1989, pp.\u00a0239\u2013252.","DOI":"10.1007\/0-387-34805-0_22"},{"key":"ref037","doi-asserted-by":"crossref","unstructured":"E.\u00a0Shi, T.H.\u00a0Chan, E.\u00a0Stefanov and M.\u00a0Li, Oblivious RAM with\n O\n ((log\u00a0\n N\n )3) worst-case cost, in: ASIACRYPT, 2011, pp.\u00a0197\u2013214.","DOI":"10.1007\/978-3-642-25385-0_11"},{"key":"ref038","doi-asserted-by":"crossref","unstructured":"E.\u00a0Stefanov and E.\u00a0Shi, Oblivistore: High performance oblivious cloud storage, in: Security and Privacy (SP), 2013, pp.\u00a0253\u2013267.","DOI":"10.1109\/SP.2013.25"},{"key":"ref039","unstructured":"E.\u00a0Stefanov, E.\u00a0Shi and D.X.\u00a0Song, Towards practical oblivious RAM, in: NDSS, 2012."},{"key":"ref040","doi-asserted-by":"crossref","unstructured":"E.\u00a0Stefanov, M.\u00a0Van Dijk, E.\u00a0Shi, C.\u00a0Fletcher, L.\u00a0Ren, X.\u00a0Yu and S.\u00a0Devadas, Path ORAM: An extremely simple oblivious RAM protocol, in: ACM CCS, 2013, pp.\u00a0299\u2013310.","DOI":"10.1145\/2508859.2516660"},{"key":"ref041","doi-asserted-by":"crossref","unstructured":"K.\u00a0Takahashi, T.\u00a0Matsuda, T.\u00a0Murakami, G.\u00a0Hanaoka and M.\u00a0Nishigaki, A signature scheme with a fuzzy private key, in: ACNS, 2015, pp.\u00a0105\u2013126.","DOI":"10.1007\/978-3-319-28166-7_6"},{"key":"ref042","doi-asserted-by":"crossref","unstructured":"X.\u00a0Wang, H.\u00a0Chan and E.\u00a0Shi, Circuit ORAM: On tightness of the Goldreich\u2013Ostrovsky lower bound, in: ACM CCS, 2015, pp.\u00a0850\u2013861.","DOI":"10.1145\/2810103.2813634"},{"key":"ref043","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Wen and S.\u00a0Liu, Robustly reusable fuzzy extractor from standard assumptions, in: ASIACRYPT, 2018, pp.\u00a0459\u2013489.","DOI":"10.1007\/978-3-030-03332-3_17"},{"key":"ref044","doi-asserted-by":"crossref","unstructured":"F.\u00a0Zhang and K.\u00a0Kim, ID-based blind signature and ring signature from pairings, in: ASIACRYPT, 2002, pp.\u00a0533\u2013547.","DOI":"10.1007\/3-540-36178-2_33"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191336","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-191336","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191336","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:23Z","timestamp":1777495523000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-191336"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,4,8]]},"references-count":44,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020,6,19]]}},"alternative-id":["10.3233\/JCS-191336"],"URL":"https:\/\/doi.org\/10.3233\/jcs-191336","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,4,8]]}}}