Cryptanalysis of a privacy-preserving authentication scheme based on private set intersection

Continuous and context-aware authentication mechanisms have been proposed as complementary security mechanisms to password-based authentication for computer devices that are handled directly by humans, such as smart phones. Such authentication mechanisms incur some privacy issues as user-dependent features are revealed to the authentication server, which is assumed to be untrusted. Domingo-Ferrer et al. proposed a privacy-preserving protocol for context-aware user authentication on the basis of private set intersection and Paillier homomorphic encryption. This approach enables user authentication based on establishing the number of similarities between sampled user context data and reference context data, without revealing any plaintext data to either party. The authors claim that their scheme is secure against malicious adversaries. In this article, we show that Domingo-Ferrer et al.’s scheme is insecure by means of two undetectable attacks that reveal all user information despite the encryption. The Paillier encryption primitive has a homomorphic property that we observe not only lacks relevance but, indeed, incurs a vulnerability that is exploited in the proposed cryptanalysis. This means that special care needs to be taken considering homomorphic properties of cryptographic primitives used in cryptographic protocols. Our cryptanalysis may therefore have a general interest regarding the design of cryptographic protocols.