Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

zhu jianxin,yang xiaohu,dong jinxiang,cao zhexin

DOI: https://doi.org/10.3321/j.issn:1002-8331.2002.10.030

2002-01-01

Abstract:The reliable identity authentication will ensure the security of information system firstly.The technology of biometric authentication will provide a more reliable and more secure method to protect the security of information system.This paper analyzes a generalized biometric identification system reference model,then point s out that this model will help the design of architecture in the biometric authentication system.The paper also analyzes the main issues that must be considered in the design of biometric authentication system,then introduces an example -the design of fingerprint-based authentication system in network environment.

YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Abhilasha Bhargav-Spantzel,Anna Squicciarini,Elisa Bertino,Xiangwei Kong,Weike Zhang

DOI: https://doi.org/10.1145/1750389.1750401

2010-01-01

Abstract:We present algorithms to reliably generate biometric identifiers from a user's biometric image which in turn is used for identity verification possibly in conjunction with cryptographic keys. The biometric identifier generation algorithms employ image hashing functions using singular value decomposition and support vector classification techniques. Our algorithms capture generic biometric features that ensure unique and repeatable biometric identifiers. We provide an empirical evaluation of our techniques using 2569 images of 488 different individuals for three types of biometric images; namely fingerprint, iris and face. Based on the biometric type and the classification models, as a result of the empirical evaluation we can generate biometric identifiers ranging from 64 bits up to 214 bits. We provide an example use of the biometric identifiers in privacy preserving multi-factor identity verification based on zero knowledge proofs. Therefore several identity verification factors, including various traditional identity attributes, can be used in conjunction with one or more biometrics of the individual to provide strong identity verification. We also ensure security and privacy of the biometric data. More specifically, we analyze several attack scenarios. We assure privacy of the biometric using the one-way hashing property, in that no information about the original biometric image is revealed from the biometric identifier.

姚琳,范庆娜,孔祥维

DOI: https://doi.org/10.3969/j.issn.1001-3695.2010.01.079

2010-01-01

Abstract:Traditional authorization with a variety of secure and privacy limitations,cannot satisfy the security needs of the internet environment,this paper proposed an identity authentication scheme based on biometric encryption.By adopting the biometric encryption,protected the biometric and key of the user well.The scheme could prevent unauthorized users from accessing and avoid unauthorized use of resources.The experiment results show that the scheme can distinguish the genuine users from imitated users though the face expressions very much.The scheme provided perfect authentication,and secure the communication well.

Julien Bringer,Herve Chabanne,Daniel Le Metayer,Roch Lescuyer

DOI: https://doi.org/10.48550/arXiv.1702.08301

2017-03-02

Abstract:This work aims to show the applicability, and how, of privacy by design approach to biometric systems and the benefit of using formal methods to this end. Starting from a general framework that has been introduced at STM in 2014, that enables to define privacy architectures and to formally reason about their properties, we explain how it can be adapted to biometrics. The choice of particular techniques and the role of the components (central server, secure module, biometric terminal, smart card, etc.) in the architecture have a strong impact on the privacy guarantees provided by a biometric system. In the literature, some architectures have already been analysed in some way. However, the existing proposals were made on a case by case basis, which makes it difficult to compare them and to provide a rationale for the choice of specific options. In this paper, we describe, on different architectures with various levels of protection, how a general framework for the definition of privacy architectures can be used to specify the design options of a biometric systems and to reason about them in a formal way.

Cryptography and Security,Logic in Computer Science

Shiraz Ahmad,Zhe-Ming Lu

DOI: https://doi.org/10.1109/cisw.2007.4425586

2007-01-01

Abstract:In this paper we present a novel framework employing biometric recognition and robust water- marking technique to achieve a number of media privacy and security objectives. Scheme description and presented test results support and prove the claims of practicability and effectiveness of the model for a number of privacy and security related applications.

Shuang Wang,Xiaoqian Jiang,Lucila Ohno-Machado,Lijuan Cui,Samuel Cheng,Hongkai Xiong

DOI: https://doi.org/10.1109/hisb.2012.53

2012-01-01

Abstract:Privacy is an important concern when biometrics are used in authentication systems for accessing Electronic Health Records (EHR) or other biomedical research data repositories involving human subjects. Biometrics of individuals deserve careful protection because they contain sensitive information closely related to personal privacy (e.g., personal health, ethnic group, etc.) and the leakage of such information can be used to re-identify individuals. More importantly, biometrics are unique and they are not easily revocable. Existing secure biometric systems prevent attackers from collecting unprotected biometrics in databases, however, they cannot guarantee confidentiality in probing and transmitting biometrics.

Jesús García-Rodríguez,Stephan Krenn,Daniel Slamanig

DOI: https://doi.org/10.1016/j.cose.2023.103566

IF: 5.105

2024-01-01

Computers & Security

Abstract:Anonymous or attribute-based credential (ABC) systems are a versatile and important cryptographic tool to achieve strong access control guarantees while simultaneously respecting the privacy of individuals. A major problem in the practical adoption of ABCs is their transferability, i.e., such credentials can easily be duplicated, shared or lent. One way to counter this problem is to tie ABCs to biometric features of the credential holder and to require biometric verification on every use. While this is certainly not a viable solution for all ABC use-cases, there are relevant and timely use-cases, such as vaccination credentials as widely deployed during the COVID-19 pandemic. In such settings, ABCs that are tied to biometrics, which we call Biometric-Bound Attribute-Based Credentials (bb-ABC ), allow to implement scalable and privacy-friendly systems to control physical access to (critical) infrastructure and facilities. While there are some previous works on bb-ABC in the literature, the state of affairs is not satisfactory. Firstly, in existing work the problem is treated in a very abstract way when it comes to the actual type of biometrics. Thus, it does not provide concrete solutions which allow for assessing their practicality when deployed in a real-world setting. Secondly, there is no formal model which rigorously captures bb-ABC systems and their security requirements, making it hard to assess their security guarantees. With this work we overcome these limitations and provide a rigorous formalization of bb-ABC systems. Moreover, we introduce two generic constructions which offer different trade-offs between efficiency and trust assumptions, and provide benchmarks from a concrete instantiation of such a system using facial biometrics. The latter represents a contact-less biometric feature that provides acceptable accuracy and seems particularly suitable to the above use-case.

computer science, information systems

Marta Gomez-Barrero,Javier Galbally,Christian Rathgeb,Christoph Busch

DOI: https://doi.org/10.1109/TIFS.2017.2788000

2023-11-08

Abstract:The wide deployment of biometric recognition systems in the last two decades has raised privacy concerns regarding the storage and use of biometric data. As a consequence, the ISO/IEC 24745 international standard on biometric information protection has established two main requirements for protecting biometric templates: irreversibility and unlinkability. Numerous efforts have been directed to the development and analysis of irreversible templates. However, there is still no systematic quantitative manner to analyse the unlinkability of such templates. In this paper we address this shortcoming by proposing a new general framework for the evaluation of biometric templates' unlinkability. To illustrate the potential of the approach, it is applied to assess the unlinkability of four state-of-the-art techniques for biometric template protection: biometric salting, Bloom filters, Homomorphic Encryption and block re-mapping. For the last technique, the proposed framework is compared with other existing metrics to show its advantages.

Computer Vision and Pattern Recognition

Bryce Allen Bagley

2024-04-20

Abstract:The rapid advancement in neurotechnology in recent years has created an emerging critical intersection between neurotechnology and security. Implantable devices, non-invasive monitoring, and non-invasive therapies all carry with them the prospect of violating the privacy and autonomy of individuals' cognition. A growing number of scientists and physicians have made calls to address this issue, but applied efforts have been relatively limited. A major barrier hampering scientific and engineering efforts to address Cognitive Security is the lack of a clear means of describing and analyzing relevant problems. In this paper we develop Cognitive Security, a mathematical framework which enables such description and analysis by drawing on methods and results from multiple fields. We demonstrate certain statistical properties which have significant implications for Cognitive Security, and then present descriptions of the algorithmic problems faced by attackers attempting to violate privacy and autonomy, and defenders attempting to obstruct such attempts.

Cryptography and Security,Computers and Society,Emerging Technologies,Machine Learning,Neurons and Cognition

Marcos Faundez-Zanuy

DOI: https://doi.org/10.1109/MAES.2006.1662038

2022-02-23

Abstract:This paper presents an overview of the main topics related to biometric security technology, with the main purpose to provide a primer on this subject. Biometrics can offer greater security and convenience than traditional methods for people recognition. Even if we do not want to replace a classic method (password or handheld token) by a biometric one, for sure, we are potential users of these systems, which will even be mandatory for new passport models. For this reason, to be familiarized with the possibilities of biometric security technology is useful.

Cryptography and Security,Machine Learning

Maryna Kapitonova,Philipp Kellmeyer,Simon Vogt,Tonio Ball

DOI: https://doi.org/10.48550/arXiv.2209.09653

2022-09-19

Cryptography and Security

Abstract:Brain-Computer Interfaces (BCIs) comprise a rapidly evolving field of technology with the potential of far-reaching impact in domains ranging from medical over industrial to artistic, gaming, and military. Today, these emerging BCI applications are typically still at early technology readiness levels, but because BCIs create novel, technical communication channels for the human brain, they have raised privacy and security concerns. To mitigate such risks, a large body of countermeasures has been proposed in the literature, but a general framework is lacking which would describe how privacy and security of BCI applications can be protected by design, i.e., already as an integral part of the early BCI design process, in a systematic manner, and allowing suitable depth of analysis for different contexts such as commercial BCI product development vs. academic research and lab prototypes. Here we propose the adoption of recent systems-engineering methodologies for privacy threat modeling, risk assessment, and privacy engineering to the BCI field. These methodologies address privacy and security concerns in a more systematic and holistic way than previous approaches, and provide reusable patterns on how to move from principles to actions. We apply these methodologies to BCI and data flows and derive a generic, extensible, and actionable framework for brain-privacy-preserving cybersecurity in BCI applications. This framework is designed for flexible application to the wide range of current and future BCI applications. We also propose a range of novel privacy-by-design features for BCIs, with an emphasis on features promoting BCI transparency as a prerequisite for informational self-determination of BCI users, as well as design features for ensuring BCI user autonomy. We anticipate that our framework will contribute to the development of privacy-respecting, trustworthy BCI technologies.

Guomin Yang,Jing Chen,Duncan S. Wong,Xiaotie Deng,Dongsheng Wang

DOI: https://doi.org/10.1016/j.tcs.2008.07.001

IF: 1.002

2008-01-01

Theoretical Computer Science

Abstract:Constructing an identification scheme is one of the fundamental problems in cryptography, and is very useful in practice. An identity-based identification (IBI) scheme allows a prover to identify himself to a public verifier who knows only the claimed identity of the prover and some public information. In this paper, we propose a new framework for both the design and analysis of IBI schemes. Our approach works in an engineering way. We first identify an IBI scheme as the composition of two building blocks, and then show that, with different security properties of these building blocks, the corresponding IBI schemes can achieve security against impersonation under different levels of attacks, namely, passive attack (id-imp-pa), active attack (id-imp-aa) or concurrent attack (id-imp-ca). In particular, we show that an id-imp-pa secure IBI scheme can be built if there exists a trapdoor weak-one-more relation and an honest verifier zero-knowledge proof with special soundness, while an id-imp-aa and id-imp-ca secure IBI scheme can be built if there exists a trapdoor strong-one-more relation and a Witness Dualism proof with Special Soundness (WD-SS). This new framework can capture IBI construction techniques that are not captured by other known frameworks. It also helps to construct new and efficient schemes. We demonstrate this by proposing two new IBI schemes, one achieving id-imp-pa, and the other one achieving both id-imp-aa and id-imp-ca, and neither of them can be captured by existing frameworks.

Xuechun Mao,Ying Chen,Cong Deng,Xiaqing Zhou

DOI: https://doi.org/10.1371/journal.pone.0286215

IF: 3.7

2023-05-25

PLoS ONE

Abstract:Most existing secure biometric authentication schemes are server-centric, and users must fully trust the server to store, process, and manage their biometric data. As a result, users' biometric data could be leaked by outside attackers or the service provider itself. This paper first constructs the EDZKP protocol based on the inner product, which proves whether the secret value is the Euclidean distance of the secret vectors. Then, combined with the Cuproof protocol, we propose a novel user-centric biometric authentication scheme called BAZKP. In this scheme, all the biometric data remain encrypted during authentication phase, so the server will never see them directly. Meanwhile, the server can determine whether the Euclidean distance of two secret vectors is within a pre-defined threshold by calculation. Security analysis shows BAZKP satisfies completeness, soundness, and zero-knowledge. Based on BAZKP, we propose a privacy-preserving biometric authentication system, and its evaluation demonstrates that it provides reliable and secure authentication.

Guomin Yang,Jing Chen,Duncan S. Wong,Xiaotie Deng,Dongsheng Wang

DOI: https://doi.org/10.1007/978-3-540-72738-5_20

2007-01-01

Abstract:Constructing identification schemes is one of the fundamental problems in cryptography, and is very useful in practice. An identity-based identification (IBI) scheme allows a prover to identify itself to a public verifier who knows only the claimed identity of the prover and some common information. In this paper, we propose a simple and efficient framework for constructing IBI schemes. Unlike some related framework which constructs IBI schemes from some standard identification schemes, our framework is based on some more fundamental assumptions on intractable problems. Depending on the features of the underlying intractable problems presumed in our framework, we can derive IBI schemes secure against passive, active and concurrent adversaries. We show that the framework can capture a large class of schemes currently proposed, and also has the potential to cover many newly constructed schemes. As an example, based on the Katz-Wang standard signature scheme, we propose a new IBI scheme that is secure against active adversaries in a concurrent manner. It can be seen that our framework also help simplify the security proofs for new IBI schemes. Finally, and of independent interest, we define a new notion for proof systems called Witness Dualism. This notion is weaker than that of witness indistinguishable and we show that it is enough for constructing an IBI scheme secure against the most powerful type of adversaries defined.

Mingming Jiang,Shengli Liu,You Lyu,Yu Zhou

DOI: https://doi.org/10.1109/tmc.2022.3207830

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:Biometric features are quite suitable for identity authentication due to its inherent properties – universality, uniqueness and persistence. In fact, biometric authentication has been widely used in our daily life, especially in mobile devices. However, biometric features are quite sensitive, and once a feature is leaked to an evil adversary, it cannot be used in authentication any more. This leads to a push on research of biometric privacy protection. In this paper, we propose a face-based authentication system with the help of a computational secure sketch. The computational secure sketch takes charge of error tolerance on the face samplings. Then the face features of the same user are used to extract an authentication key, which is in turn used to do the identity authentication for the user. The computational security of the computational secure sketch makes sure that the public information obtained by the adversary does not affect the pseudorandomness of the authentication key, hence the privacy of face features is guaranteed. Moreover, the privacy protection technique in our face-based authentication system can be extended to other biometric-based authentication.

computer science, information systems,telecommunications

Marcos Faundez-Zanuy

DOI: https://doi.org/10.1109/MAES.2005.9740719

2022-02-23

Abstract:In the XXIth century there is a strong interest on privacy issues. Technology permits obtaining personal information without individuals consent, computers make it feasible to share and process this information, and this can bring about damaging implications. In some sense, biometric information is personal information, so it is important to be conscious about what is true and what is false when some people claim that biometrics is an attempt to individuals privacy. In this paper, key points related to this matter are dealt with.

Cryptography and Security,Machine Learning

Jinyang Shi,Zhiyang You,Ming Gu,Kwok-yan Lam

DOI: https://doi.org/10.1109/icpr.2008.4761874

2008-01-01

Abstract:Biometric authentication and privacy protection are conflicting issues in a practical system. Since biometrics cannot be revoked or canceled if compromised duo to the permanent association with the user, privacy-preserving biometric recognition is desired. However, the recently proposed template protection schemes are not yet sufficiently mature. Specially, the popular noninvertible transform approach will result in an obvious decrease of GAR for a fixed FAR. In this paper, we put forward a novel anonymous fingerprint recognition scheme, Biomapping, as the first approach to integrate the feature extraction, noninvertible transform, and anonymous query as a whole. Biomapping extracts the fingerprint feature utilizing a minutiae-centered region encoding, then performs anonymous enrollment and verification using the noninvertible and discriminable constructions. Experiments on the public domain database show Biomapping can provide better recognition accuracy along with the ability to protect the biometric template, thus becomes a promising solution for privacy trustworthy biometric applications.

SrinivasaRao SubramanyaRao,Enrique Argones Rua

DOI: https://doi.org/10.48550/arXiv.1910.01446

2019-10-03

Cryptography and Security

Abstract:In this paper, we show that a recently published lightweight adaptation of a Fingerprint matching algorithm called the Minutia Cylinder-Code may not be secure as intruders may be able to illegitimately yet successfully authenticate themselves to the system under consideration. We also show that the lightweight adaptation has other privacy related vulnerabilities that make it unsuitable for use in Biometrics. We make it clear that we are neither investigating nor commenting on the security of the original Minutia Cylinder-Code algorithm by itself, rather we highlight the vulnerabilities of the lightweight adaptation. In the process of doing this, we provide a high-level overview of the role of one-way functions in cryptography and biometrics to provide a context to the aforementioned lightweight algorithm and its deficiencies.