Scientific knowledge map · Paper #48
SNUSE: A Secure Computation Approach for Large-Scale User Re-Enrollment in Biometric Authentication Systems
2019 · Future Generation Computer Systems, Volume 98
- Theory
- Applied
- protocol
Research question
What does the paper try to establish?
Can enterprise-scale biometric credentials be refreshed automatically after compromise, policy change, or helper-data loss without collecting users again and without centralizing their biometric templates?
Central answer
What is the proposed answer?
SNUSE stores threshold shares of each biometric template on mostly offline re-enrollment servers and MPC-computes new fuzzy-vault helper data on demand. Precomputing exponentiations shifts work to enrollment, enabling rapid bulk refresh; the fingerprint/iris prototype and security analysis expose both feasibility and collusion/reusability limits.
Full paper abstract
Abstract
Recent years have witnessed an increasing demand for biometrics based identification, authentication and access control (BIA) systems, which offer convenience, ease of use, and (in some cases) improved security. In contrast to other methods, such as passwords or pins, BIA systems face new unique challenges; chiefly among them is ensuring long-term confidentiality of biometric data stored in backends, as such data has to be secured for the lifetime of an individual. Cryptographic approaches such as Fuzzy Extractors (FE) and Fuzzy Vaults (FV) have been developed to address this challenge. FE/FV do not require storing any biometric data in backends, and instead generate and store helper data that enables BIA when a new biometric reading is supplied. Security of FE/FV ensures that an adversary obtaining such helper data cannot (efficiently) learn the biometric. Relying on such cryptographic approaches raises the following question: what happens when helper data is lost or destroyed (e.g., due to a failure, or malicious activity), or when new helper data has to be generated (e.g., in response to a breach or to update the system)? Requiring a large number of users to physically re-enroll is impractical, and the literature falls short of addressing this problem. In this paper we develop SNUSE, a secure computation based approach for non-interactive re-enrollment of a large number of users in BIA systems. We prototype SNUSE to illustrate its feasibility, and evaluate its performance and accuracy on two biometric modalities, fingerprints and iris scans. Our results show that thousands of users can be securely re-enrolled in seconds without affecting the accuracy of the system.
Provenance: Transcribed from the checked-in full-text PDF; only typography, discretionary hyphenation, and line-break artifacts were normalized.
Evidence profile
Six dimensions, kept separate
The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.
LowMediumHighN/A = not assessed
A smaller value means less documented support for that dimension, not that the paper is false or unimportant.
- Epistemic evidence High
-
The complete journal paper supplies protocols, optimization alternatives, a working prototype, public-dataset accuracy tests, performance/storage evaluation, and explicit security analysis and limits.
Enrollment, authentication, and re-enrollment protocols GAR/FAR experiments and public datasets Timing, scale, and storage evaluation Stored and execution confidentiality, collusion leakage, and reusability - Auditability High
-
A checked-in full author copy with SHA-256/page count, precise page anchors, and DOI makes the complete represented paper inspectable; code and raw results are not fixed here.
Problem, SNUSE contribution, enterprise setting, and claimed novelty Official journal publication identity - Production provenance Medium
-
Authors, journal, DOI, libraries, datasets, parameters, hardware, and experiment procedure are documented; roles, revisions, exact code version, and raw-run lineage are not.
Official journal publication identity NTL implementation and fingerprint/iris template extraction Timing, scale, and storage evaluation - External scrutiny Medium
-
Journal publication establishes external review, but public reports, artifact evaluation, and independent reproduction were not located.
Official journal publication identity - Reception Low
-
OpenAlex reported 6 citations on 2026-07-11; under the finalized rubric, 0 through 8 located citations is Low.
Dated citation-count snapshot - Contribution significance Medium
-
The work develops and validates a concrete response to a real deployment bottleneck, while security remains bounded by honest-but-curious MPC, collusion, and fuzzy-vault reusability.
Problem, SNUSE contribution, enterprise setting, and claimed novelty Stored and execution confidentiality, collusion leakage, and reusability Conclusion, measured result, and open directions
Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.
Top-down and bottom-up view
Hierarchical knowledge map
Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.
SNUSE journal paper
An expanded protocol, optimization, prototype, evaluation, and security treatment of large-scale non-interactive biometric re-enrollment.
Problem, SNUSE contribution, enterprise setting, and claimed novelty-
question Research question
research questionHow can an organization refresh many biometric-bound credentials while neither storing full templates centrally nor requiring every user to return?
Problem, SNUSE contribution, enterprise setting, and claimed novelty -
contribution Central answer
implementedStore Shamir shares at re-enrollment servers, keep only helper data at the authentication server, and MPC-generate new fuzzy vaults from those shares.
Parties, lifecycle, and data placement Enrollment, authentication, and re-enrollment protocols -
scope Deployment model
definedOne trusted reader samples templates, one AS serves routine authentication, and configurable RESs remain offline except during enrollment/re-enrollment; secure channels are assumed.
Parties, lifecycle, and data placement Enrollment, authentication, and re-enrollment protocols -
threat model Adversary and threshold
honest but curiousThe implementation targets honest-but-curious parties. A (K,N) sharing threshold protects stored templates against fewer than K RES compromises, with stronger simultaneous-compromise caveats during computation.
BIA, threshold sharing, MPC, and fuzzy-vault assumptions Stored and execution confidentiality, collusion leakage, and reusability -
assumption Required assumptions
cryptographic and operationalSecurity depends on Shamir privacy, fuzzy-vault security, authenticated channels, trustworthy sampling, correct implementations, and enough non-colluding RESs.
BIA, threshold sharing, MPC, and fuzzy-vault assumptions Stored and execution confidentiality, collusion leakage, and reusability -
protocol group Three-phase SNUSE protocol specified and implemented
Initial enrollment distributes template shares and creates helper data; routine authentication opens the vault locally; re-enrollment regenerates helper data without the user.
Enrollment, authentication, and re-enrollment protocols-
protocol Initial enrollment
implementedThe reader samples and shares BT; RESs choose credential material and MPC-compute helper-data shares; AS reconstructs helper data, never BT.
Enrollment, authentication, and re-enrollment protocols -
protocol Routine authentication
implementedA new biometric sample and stored helper data run fuzzy-vault opening at the reader; RESs are not online.
Enrollment, authentication, and re-enrollment protocols -
protocol Non-interactive re-enrollment
implementedRESs operate on their persistent shares to compute a vault for fresh credential material, then AS reconstructs the new helper data.
Enrollment, authentication, and re-enrollment protocols
-
-
algorithm MPC multiplication optimization
implemented and comparedThree strategies trade interactive multiplications against enrollment-time precomputation and share storage; precomputing template powers minimizes online rounds and enables fast bulk refresh.
MPC helper-data computation, three multiplication strategies, and secret handling -
implementation Two-modality prototype
prototypeNTL over GF(2^24), TCP processes, NBIS fingerprint minutiae, OSIRIS iris codes, polynomial fuzzy vaults, and configurable RES counts implement the full lifecycle.
NTL implementation and fingerprint/iris template extraction -
claim group Principal claims mixed
SNUSE protects backend template storage below threshold, keeps regular authentication simple, and makes server-side bulk credential refresh feasible without altering the base biometric matching decision.
Stored and execution confidentiality, collusion leakage, and reusability Timing, scale, and storage evaluation GAR/FAR experiments and public datasets-
claim Distributed biometric confidentiality
conditional security argumentCompromising AS yields helper data but not BT under fuzzy-vault security; fewer than K RESs yield insufficient shares; the template remains unreconstructed during normal execution.
Stored and execution confidentiality, collusion leakage, and reusability -
claim Large-scale refresh
experimentally supported and extrapolatedThe reported setup averages 13.2 ms for one re-enrollment and scales linearly; 100,000 users with nine RESs are projected under five minutes and one million under one hour.
Timing, scale, and storage evaluation -
claim Biometric matching behavior
dataset supportedThe prototype reports over 90% GAR and under 5% FAR for selected parameters; accuracy comes from feature/vault choices, while SNUSE's re-enrollment uses the same helper-data semantics.
GAR/FAR experiments and public datasets Conclusion, measured result, and open directions
-
-
evidence group Evidence stack
prototype experiments and analysisDetailed protocol algorithms, implementation parameters, three public biometric datasets, all-pairs GAR/FAR experiments, 100-run timings, scaling trials, storage calculations, and a dedicated security section support the paper.
Enrollment, authentication, and re-enrollment protocols NTL implementation and fingerprint/iris template extraction GAR/FAR experiments and public datasets Timing, scale, and storage evaluation Stored and execution confidentiality, collusion leakage, and reusability -
limitation group Security and scope limits
explicitAS plus one RES compromised simultaneously during a run can expose that run's BT when k is visible; ordinary fuzzy vaults are cross-instance linkable; malicious/covert MPC, other modalities, and reusable FE/FV support remain future work.
Stored and execution confidentiality, collusion leakage, and reusability Conclusion, measured result, and open directions -
artifact group Reproducibility resources
partialFull manuscript, algorithms, parameters, environment, and public dataset names are available. Version-pinned code, processed data, raw results, and independent reproduction were not located.
NTL implementation and fingerprint/iris template extraction Timing, scale, and storage evaluation -
scrutiny External scrutiny
journal reviewedFGCS journal publication provides external review exposure; reports, artifact evaluation, and independent replication are not represented.
Official journal publication identity -
lineage Relation to the CSCML paper
expanded versionThis journal article expands paper
Problem, SNUSE contribution, enterprise setting, and claimed novelty MPC helper-data computation, three multiplication strategies, and secret handling
Audit trail
Source index
Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.
- Problem, SNUSE contribution, enterprise setting, and claimed novelty Abstract and Sections 1-1.1, PDF pages 1-3
- BIA, threshold sharing, MPC, and fuzzy-vault assumptions Section 2, PDF pages 3-5
- Parties, lifecycle, and data placement Section 4, PDF page 6
- Enrollment, authentication, and re-enrollment protocols Sections 4.1-4.3, PDF pages 7-8
- MPC helper-data computation, three multiplication strategies, and secret handling Sections 4.4-4.5, PDF pages 8-10
- NTL implementation and fingerprint/iris template extraction Sections 5-5.2, PDF pages 10-12
- GAR/FAR experiments and public datasets Section 5.3 and Figure 6, PDF pages 12-13
- Timing, scale, and storage evaluation Section 6, Table 1 and Figure 7, PDF pages 13-15
- Stored and execution confidentiality, collusion leakage, and reusability Section 7, PDF pages 14-15
- Conclusion, measured result, and open directions Section 8, PDF page 15
- Official journal publication identity FGCS 98, DOI 10.1016/j.future.2019.03.051
- Dated citation-count snapshot OpenAlex reported 6 citing works on 2026-07-11