1. Introduction
The proliferation of attack vectors in the whole network infrastructure has a considerable impact on the entire spectrum of information security because it offers adversaries the opportunity to exploit device vulnerabilities and weaknesses for various purposes, including accessing, modifying, deleting, or releasing sensitive information; changing system configurations; installing malicious code; or denying system access to authorized users. Exploitation of software or hardware devices’ shortcomings determines the degradation of system resources and capabilities and also provides a great opportunity to compromise the confidentiality, integrity, and availability of an information system. These unfavorable circumstances determined the emergent need to develop and implement physical protective measures in order to improve authentication capabilities and avoid unauthorized release or disclosure of confidential information and potential escalation of user privileges.
To achieve the goal of strengthening authentication systems, a hybrid mechanism of authentication is designed and proposed, based on the complementary application of three main authentication factors, namely, the biometric component (“something you are”), the RFID, and the cryptographic component (“something you have”) [
1]. Systems that incorporate multi-factor authentication are considered to be more powerful and robust compared to those that use only one factor and have the role of increasing the degree of data security in the process of verifying the identity of an authorized user who tries to access a computer system. According to [
2], biometric factors and cryptographic algorithms are among the strongest factors of authentication that could ensure the highest level of protection for information and could be implemented and adopted in a wide variety of domains with strict requirements for maintaining user confidentiality, especially in military network architectures, as presented in
Figure 1.
The main objective of this research is to develop a comparative analysis between two homomorphic encryption algorithms, the Paillier partially homomorphic encryption algorithm and the BGV (Brakerski–Gentry–Vaikuntanathan) fully homomorphic encryption scheme, to identify the most efficient algorithm of encryption that can be tested on biometric templates extracted from the hybrid mechanism of authentication. More specifically, this tool intends to provide secure and reliable authentication in computer systems and network devices in order to counteract the limitations and vulnerabilities of the mentioned elements and also to prevent emerging computer attacks.
Homomorphic encryption is a special cryptographic construction, a niche structure of modern cryptography that builds on the concept of homomorphism and allows a third party (cloud, service provider) to execute certain operations over the encrypted data while maintaining function characteristics and encrypted data formats. The applicability of homomorphic encryption was demonstrated in several data privacy applications, such as healthcare systems, financial domains, surveillance systems, cloud-encrypted email storage, online retail, border control systems, e-voting systems, and privacy-preserving advertising systems. Depending on the type and number of operations that can be performed on them, homomorphic encryption schemes are classified into the following types: partially homomorphic encryption (PHE), somewhat homomorphic encryption (SHE), or fully homomorphic encryption (FHE) [
3].
Researchers developed early security assessments of the homomorphic encryption algorithms applied in biometric authentication, such as the PHE Paillier, ElGamal [
4,
5,
6,
7], and FHE [
8,
9,
10], to maintain the security and privacy of the biometric templates and to improve the performance of parameters like speed, security, dimension, and accuracy. Several representative techniques will be described using the examples above.
The authors of [
11] designed and launched a novel, effective, lightweight homomorphic cryptographic technique that contains two layers of encryption. The first layer uses a symmetric key algorithm and substitution/permutation structural approaches inspired by Feistel mixed with Shannon’s theory of diffusion/confusion by the participation of logical operations (such as XOR, XNOR, shifting, sapping), and the second layer uses a multiplicative homomorphic R.S.A. algorithm considered for improving information security in cloud computing.
The authors of [
12] suggested a method for the high-security level of information in cloud computing by using deployed data on the public cloud platform “Contabo” and testing it on real-world aviation data using a single keyword searchable encryption (SKSE) scheme, which is implemented using the Paillier encryption algorithm.
According to [
13], an optimized privacy-preserving bimodal authentication system is proposed, using the Brakerski/Fan–Vercauteren (BFV) HE scheme over the fused template generated by the combination of fingerprint and iris images of the user, to overcome the drawbacks of biometric cryptosystems and cancelable biometrics.
Some improvements and efficient achievements were submitted in [
14], where in-depth experimental examinations were carried out using bloom filters and fully homomorphic encryption to design hybrid biometric template protection schemes based on iris recognition that aim to obtain high recognition accuracy and to protect sensitive biometric information during storage.
A novel approach to FHE implementation was presented in [
15], which devised an Automated Speech Recognition (ASR) system based on voice feature verification and the Cheon–Kim–Kim–Song (CKKS) fully homomorphic encryption scheme to obtain a real-time and non-interactive solution that processes encrypted speech data suitable for real-time speaker verification systems.
Despite these various studies regarding the implementations of different homomorphic encryption techniques for securing behavioral or physiological biometrics that provide similar functionality with our approach based on PHE and FHE, we present a new perspective and a different technical solution for enhancing user security in the authentication process in order to maintain confidentiality, integrity, and availability of information, and also we propose newer scenarios for deployment.
In contrast to the biometric and cryptographic methods presented above, the main contributions of this present research are as follows:
Develop, install, and configure an authentic hybrid mechanism of authentication, three-structural-layered for standalone system and network devices, that is created by interconnecting several Arduino modules and designed specifically for fingerprint biometrics.
Enhance the storage security of user biometric information by encrypting the data using the Paillier homomorphic encryption algorithm or BGV fully homomorphic encryption algorithm.
Perform a comparative analysis between the selected homomorphic encryption algorithms using several statistical parameters, specific to the image processing field, in order to identify and evaluate the most efficient and convenient algorithm that can provide strong security while achieving good recognition performance.
Even if intense development and simulations have been carried out in these research areas, the originality of this work derives from the implementation level, because we have conducted an extensive analysis of the homomorphic encryption algorithms on a dedicated mechanism of authentication, specially designed for improving authentication capabilities.
The present study is organized as follows: in the Introduction, a brief description and state-of-the-art review of existing homomorphic cryptographic algorithms used to secure biometric information in the literature are provided;
Section 2 describes the structure of the homomorphic algorithms and the design of the hybrid authentication mechanism based on a biometric element combined with RFID technology;
Section 3 presents the experimental results and the research findings in detail, comparing and evaluating the performance of the proposed cryptographic algorithms, and is followed by the conclusion in
Section 4.
2. Materials and Methods
For the practical implementation of this work, a hybrid authentication system that has the smart capacity to perform biometric and RFID enrollment, verification, and identification with security guarantees, low cost, high performance, and a template protection warranty; to store data; and to transmit it over insecure channels is designed, as presented in
Figure 2.
The authentication mechanism represents an efficient technical solution that optimizes the authentication process and integrates secure and reliable Arduino components, such as an Arduino Pro Micro 5 V/16 MHz development board integrated with a Radio Frequency Identification (RFID) reader and a powerful biometric fingerprint sensor module. The fingerprint and ID card serial data enrollment and the authentication algorithm are realized through Arduino Software IDE and its additional libraries MFRC522 and FPS_GT511C3.
The biometric information taken by the fingerprint sensor is saved onsite. The retrieval of the database and the performance of various operations such as registration, verification, and identification are carried out through a USB connection with the fingerprint sensor software, as can be seen in the screenshot of the application presented in
Figure 3.
But the main focus of this paper consists in the biometric database encryption that is stored in the computer system. The encryption schemes used in this research are the partially homomorphic Paillier encryption algorithm and the fully homomorphic encryption algorithm BGV, special cases of asymmetric encryption that use a public key for encryption and a private key for decryption. The mentioned algorithms allow performing different operations on the encrypted data itself without the need to decrypt it, not only during transit and storage but also during computation.
The concept of homomorphic encryption presents a significant advantage because access to the encrypted information is restricted by the user, who is the only one who has total control over the information dissemination process. Personnel with administrative rights, such as the security administrator or system administrator, cannot access the original information stored in such encrypted databases. This advantage is determined by the fact that the user creates and manages his encryption keys and can restrict access to the original data. Similarly, the service providers that provide storage capacity for various cloud databases, such as Amazon Web Service (AWS), Oracle, Microsoft Azure, OpenStack, Google Drive, and MongoDB, cannot access the original information.
In the present research, we choose to implement and make a comparative analysis between two different homomorphic encryption algorithms because they represent an innovative technology that brings a major change in the way confidential information is protected, processed, and shared and fundamentally changes the course of the cryptographic process.
2.1. Homomorphic Encryption Using Paillier Algorithm
The Paillier encryption algorithm supports a partially homomorphic scheme based on addition operations that generates two types of keys for biometric data encryption: a public key (n, g), where n is the modulus and g is the encryption basis, that is publicly released and a private decryption key (λ, μ) that is kept secret.
This algorithm comprises the three main operations as specified in [
17], key generation, encryption, and decryption. For the initial setup, the algorithm takes as input several parameters, such as two random large prime numbers
p and
q,
n computed by using the formula
n =
p ×
q,
λ(
n) =
l cm (
p − 1,
q − 1), a random integer
g, and
calculated with the modular multiplicative mathematical formula
where function
L(
x) represents a quotient of (
x − 1) divided by
n.
The encryption phase generates a ciphertext using the formula
The number r is randomly selected for each message m, where 0 < r < n and , respecting the condition gcd (r, n) = 1.
Decryption assumes the existence of a ciphertext that needs to be decrypted,
, using a private key (
λ,
μ), from which the message
m = Decrypt(
c;
λ,
μ) results. The decryption process is carried out as follows:
Considering two ciphertexts according to the encryption scheme presented below, the addition and multiplication operations are defined by the following equations:
2.2. Homomorphic Encryption Using BGV (Brakerski–Gentry–Vaikuntanathan) Algorithm
The BGV fully homomorphic encryption algorithm is based on a learning-with-error (LWE/RLWE) scheme composed of polynomial rings, which allows both additive and multiplicative operations. Both plaintext and ciphertext are defined on rings, so homomorphic ciphertext encryption and decryption are closely related to operations on plaintext rings [
18].
Since the algorithm offers the possibility of processing data without being decrypted, it can be exploited in key areas with high-security requirements that require the adoption of optimized solutions for the protection of confidential information. Compared to the previous algorithm, characterized by the three operations of key generation, encryption, and decryption, the BGV algorithm involves an additional step that consists in evaluating the homomorphic circuit. The evaluation involves performing a function over the ciphertexts
without seeing the messages
, which takes as an input point the ciphertexts from which the evaluated ciphertexts result. The encryption scheme will be defined by Ɛ = (KeyGen, Encrypt, Decrypt, Evaluate) for a circuit
C, having the input parameter
t, the encryption key pair
generated via the KeyGen function, the plaintext messages
, and the encrypted texts
, so that the result will be concretized by the formulas [
19]
The specificity of the fully homomorphic encryption scheme BGV lies in the fact that it allows an arbitrary number of additive or multiplicative operations to be executed on the input ciphertexts without changing the content of the resulting ciphertext, in which the noise level expands simultaneously with the number of operations performed.
The addition operation increases noise considerably more slowly than the multiplication operation and does not involve refreshing the ciphertext after each operation is performed. Decryption operates correctly as long as this noise is below a certain bound, which limits the number of homomorphic operations one can accomplish.
This deficiency can be mitigated in the BGV encryption algorithm by implementing two additional procedures. The first procedure is called “Key Switching” or “Relinearization”, and the second is “Modulus Switching” or “Modulus Reduction”; their purpose is to reduce the noise within the ciphertext to a manageable level and realize the decryption operation in a timely and efficient manner [
20].
The phasing of the BGV encryption scheme can be rendered mathematically as follows:
2.2.1. Key Generation
This algorithm has as input the security parameter λ ∈ Z, a number representing the security level (128, 192, 256) of the algorithm; a vector n; an odd modulus q; a distribution noise χ over the ring A, which is usually chosen to be a Gaussian distribution, and output a double key (pk, sk), where pk is the public key used for encryption and sk is the secret key used for decryption. It should be emphasized that the encryption scheme used will be characterized by a set of parameters (q, d, n, N) and by a noise distribution value χ as small as possible. The ring size dj and the noise distribution χj are independent of L, which indicates the operation level and can be denoted as and , respectively.
The secret key
sk is a collection of randomly selected vectors
where each vector
and each
[
21].
Using the previously estimated parameters, a uniform matrix and an N-dimensional noise vector are generated, so that . Thus, the public key is given by the collection .
2.2.2. Encryption
Given the message intended to be encrypted and the generated public key A, we set the vector for the vector dimension n and modulus q defined in the parameter set in the previous sections. A random vector is usually chosen from a uniform distribution. After calculating the message vector , taking the randomly chosen vector , and given the public key A, we define the encrypted text by the formula , where denotes the transposition of the matrix A.
2.2.3. Decryption
To decrypt the ciphertext under a secret key
, an inner product is executed, followed by two modulo operations, first with the ciphertext modulo
q, followed by the plaintext modulo
p. The decryption formula produces a plaintext message:
2.2.4. Evaluation
During this phase, arithmetic operations that can be performed on ciphertexts are those of addition or multiplication, as follows:
—given two ciphertexts
and
, the operation of adding the two will result in a new ciphertext that will contain the sum of the previous ones:
that will contain a ciphertext with the product of the previous ones:
The BGV encryption algorithm is considered a secure encryption scheme because there are no known attacks published in the literature; the security comes from the hardness of the LWE/RLWE problem and the choice of optimal parameters that maximize results and respect security constraints.
3. Results and Discussion
In our comparative analysis, the proposed encryption homomorphic algorithms were tested using biometric fingerprints from ten different users who logged into computer systems with the Windows 10 operating system, generated by the hybrid mechanism of authentication, as presented in
Figure 4. For the performance and efficiency evaluation of each encryption algorithm, several statistical parameters were applied, such as histogram analysis, mean squared error (MSE), peak signal-to-noise ratio (PSNR), the structural similarity index measure (SSIM), the correlation coefficient, the number of pixel change rate (NPCR), the unified average changing intensity (UACI), ciphertext dimensions, and average encryption time. The experimental results are developed and implemented in Python software and its open-source libraries dedicated to image processing, using biometric images extracted from the Arduino dataset.
In the following part, both algorithms are thoroughly analyzed with different file sizes as well as time estimates for encryption and decryption.
3.1. Histogram Analysis
As a primary step in evaluating the efficiency and security provided by the homomorphic encryption algorithms applied to an encrypted image, the histogram is a widely used instrument for image processing that displays the frequency distribution of every pixel intensity of the image in a gray-scale graphical representation, by generating different personalized patterns.
By examining the appearance and structure of the histograms presented in
Figure 5 and
Figure 6, obvious differences regarding the pixel intensity and uniformity can be noted between the original image and its encrypted versions with the Paillier cryptosystem and the BGV fully homomorphic encryption algorithm. These three histograms highlight a significant difference in the gray level distribution, which is a mandatory condition for a perfectly secure algorithm, which must generate completely different and balanced histograms compared to the original image to avoid any suspicion concerning the clear template and to make it difficult or impossible for a potential attacker to distinguish and reconstruct the original.
Even though all three histograms display unimodal distributions because they have only one peak, the first plotting histogram of the original image, which has a right-skewed distribution in the graphic bar, indicates a bright and luminous pixel distribution, while the other two histograms of the encrypted images are roughly symmetric and characterized by a reasonable and uniform distribution. Also, in the histograms below, essential information is given by the X-axis, which represents the pixel intensity, and the Y-axis, which shows the frequency of occurrence and indicates the degree of data uncertainty and diffusion. In this case, the values of the X-axis are constant with the specific range bins between [0, 255], while the values of the Y-axis denote notably different values. Higher numbers on the Y-axis indicate better performance, and in this case, comparing the histograms of the encrypted images, slightly better values are obtained through the BGV encryption algorithm.
3.2. Mean Squared Error, Peak Signal-to-Noise Ratio, Structural Similarity Index Measure (SSIM), and Correlation Coefficient Analysis
Other reference parameters used for the statistical qualitative evaluation of an encrypted biometric image in digital image processing are the mean squared error (MSE), peak signal-to-noise ratio (PSNR), and the correlation coefficient, which can be represented mathematically as follows [
22]:
Preliminary research findings demonstrated that for obtaining a good image quality, the PSNR value increases gradually, satisfying the condition that the higher the value of the encrypted image, the better the image quality and the lower the errors. On the other hand, a small value of PSNR implies large numerical differences between images but suggests a good encryption algorithm. Also, lower MSE values approaching 0 indicate better accuracy and a lower level of errors between images. The values listed below provide significant results for image quality assessment, as illustrated in
Table 1. While the PSNR is used to measure the quality between the original image and the encrypted version in the presence of noise, with values that usually range between 30 to 50 dB for an 8-bit image, the MSE is a regression indicator that measures the amount of error between these types of images, calculated by averaging the squared intensity difference of the pixels.
One of the most precise and novel measures for image quality assessment, which has grown in popularity lately among research communities, is the structural similarity index measure (SSIM), which according to [
23] is based on a comparison between an original image
𝑥 and a potentially modified version of the same image
𝑦 and comprises three independent and highly structured components extracted at a single spatial scale (resolution): luminance (l), contrast (c), and structure (s). From a mathematical standpoint, these components can be calculated as described below:
The resulting values of the SSIM factor vary in the interval [0, 1], where values that are close to zero indicate low quality, no association, and noticeable differences between the analyzed images, in contrast to values that are approaching 1, which indicate perfect similarity and a high level of correspondence between images and mean that both images can be well perceived and distinguishable by the human visual system. Research paper [
24] reveals several interesting aspects regarding the relationship between MSE and SSIM, in the sense that although SSIM is considered to be a perception-based index, and MSE is not a perception-based metric, they have a close liaison and perform similarly, a fact demonstrated by the tests developed on a range of images using different values for the specific coefficients involved in their mathematical formulas.
The correlation coefficient, defined as well as the correlation between adjacent pixels, is a relevant parameter in the context of statistical analysis when measuring the similarities and differences between two variables, the original biometric image, and the encrypted image, because its values indicate the capability of a device to face certain statistical attacks [
25].
The correlation coefficient is distributed in the range [−1, 1], where the value −1 highlights a negative correlation and a considerable difference between the initial biometric image and its encryption, whereas the positive value of +1 illustrates a positive correlation and a perfect similarity and correlation between the images. Otherwise, if the correlation coefficient approaches 0, it indicates a lack of correlation and resemblance between the original image and its encrypted version, which emphasizes the strength of the encryption algorithm. Moreover, the achievement of higher efficiency for the implemented cryptographic algorithm applied to the designed system can be defined as low correlation coefficients between the raw and encrypted images but high correlation coefficients between the raw and decrypted images. We considered it necessary to extend the analysis of the correlation coefficient in these two categories (raw/encrypted, raw/decrypted), to observe the intervals in which the values vary and to have a clearer picture of the differences between the two algorithms, as shown in
Table 1.
When interpreting the PSNR values, it can be seen that both homomorphic algorithms are similar; the lower values indicate a good encryption scheme applied for HE Paillier and BGV. On the other side, a small difference can be noticed between the MSE values; better average values approaching 0 are obtained with the Paillier algorithm, which suggests better implementation efficiency and accuracy compared to the BGV algorithm.
As evidenced in
Table 1, the correlation coefficient between the original biometric image and the encrypted biometric image is close to 0, which means that there is no correlation between the two types of images, highlighting the encryption performance of the cryptographic algorithms chosen for implementation. Also, from the values generated by the cryptographic algorithms, it can be seen that the lower values are obtained through the BGV algorithm, which shows that this encryption scheme is better, providing an improved level of security. The correlation coefficient between the original biometric image and the decrypted biometric image is close to +1, which indicates that through the decryption process, the algorithm can practically achieve a similar image to the original without errors.
When comparing the SSIM values from
Table 1, it becomes clear that better values are obtained through the BGV algorithm, although the differences seem to be relatively small. The SSIM values in the table highlight the efficiency of the BGV homomorphic encryption algorithm, in addition to the fact that through this algorithm an image with a level of similarity equivalent to the original can be obtained through the decryption process.
The small difference between the values of the calculated parameters denotes the high precision, accuracy, and stability of the biometric sensor used to design the authentication mechanism, a fact presented in the technical description of the device and demonstrated in this present research.
3.3. Number of Pixel Change Rate and Unified Average Changing Intensity Analysis
Two representative factors for the quantitative evaluation of the encryption algorithms’ efficiency are the number of pixel change rate (NPCR) and the unified average changing intensity (UACI), used to measure the differences between two encrypted images
and
resulting from the application of cryptographic algorithms on plain templates. NPCR measures the number of different elements between the encrypted images
and
in percentage, with a percentage of 100% indicating that the images are totally different, while the UACI measures the average intensity of differences between the original encrypted image and the encrypted image resulting from the modification of the original image. Given two clear images,
—the biometric image obtained from the biometric sensor and
the image modified by changing one pixel, their encrypted forms
and
, UACI, and NPCR can be defined by the following mathematical formulas [
26]:
If the encryption process using the same encryption key generates different biometric images from similar clear images with a one-pixel difference between them, that algorithm is considered very sensitive to the original image. To simulate the values of the two factors, we used two simple templates with a difference of one pixel between them, encrypted with the Paillier encryption algorithm and the BGV, respectively. From the analysis of the parameters presented in
Table 2, slightly higher results for the Paillier algorithm compared to the BGV algorithm outline its higher sensitivity to small changes in the initial simple template.
Figure 7 conveys information in a graphical form related to the significant difference between the analyzed encryption algorithms determined by minor changes in the initial image structure, the parameters being dispersed widely but also concentrated upon two central set points.
3.4. Time and Dimension Analysis
In order to demonstrate the cryptographic algorithm’s efficiency as developed in this study, the two most representative factors can be considered the computational time and the dimension of the biometric template, whose values are influenced by the hardware and software characteristics of the system. Not only is the computational time that consists in the period of processing and transformation of the clear text into encrypted text through the use of specific keys important, but also the dimension of the encrypted image is an equally important factor to take into account when evaluating the strength of the cryptographic algorithm, which encompasses the storage size allocated during all the stages involved in the authentication process. An upgraded system involves choosing the appropriate parameters for the implementation of the encryption algorithm, so that the computational time and size for different operations should be minimal [
27]. The evaluation of these parameters, which are directly proportional, validates the strength and the speed performance of our algorithm, indicating that this scheme is suitable for real-time applications.
This experiment was realized using the biometric images of the users’ fingerprints extracted from the hybrid mechanism of authentication, and the execution time was generated using a Python script with its additional libraries.
Figure 8 displays the detailed time requirements while performing the encryption and decryption processes and also when generating the histograms of the original image and its encrypted version. Analyzing the graphs presented, on the axis of time, it can be observed that the operations of encryption and decryption of the biometric image, but also its histogram executed by means of the BGV algorithm, are much faster compared to the Paillier algorithm, because BGV spends up to 3 s for image encryption and 1 s for image decryption, while Paillier is more time-consuming and takes more than 6 s for image encryption and 2 s for image decryption. When speaking about the dimension of the encrypted templates, the situation is similar, because in the case of the BGV algorithm, the dimension approaches 70 Mb, while in the case of Paillier, the value approaches 75 Mb, as plotted in
Figure 9.
These results highlight the fact that the BGV algorithm takes less computational time and has a smaller encrypted size than the other algorithm, which means it is better and more convenient in the process of encryption, increases the performance and level of security, and also proves its resistance against the various vectors of attacks.
Although some of the homomorphic algorithms are mainly used for theoretical purposes and are regarded with reluctance when implemented in diverse operations due to memory and time usage, we demonstrated the practicality of these algorithms and their capabilities when performing user authentication. A few research studies analyzed the efficacy of these algorithms by their applicability in different scenarios, such as cloud computing, big data, IoT, and healthcare systems, as evidenced in [
28,
29,
30,
31], but in this paper, we propose a new approach related to the development, execution, and assessment of the homomorphic encryption algorithms on a new type of hybrid mechanism of authentication, specially created for IT systems with high-security requirements.
As a result, these homomorphic algorithms provide a secure framework for practical application and ensure the protection of personal data according to the security rules of European regulations, such as the GDPR (General Data Protection Regulation), which draw clear guidelines with respect to the protection and dissemination of personal information.
Future research should focus not only on optimizing the computation parameters and reducing the noise level after applying additive and multiplicative operations to the encrypted data but also on the study and deepening of other specific factors in image processing for qualitative and quantitative image assessment.