Digest: A Biometric Authentication Protocol in Wireless Sensor Network

Since the security of biometric information may be threatened by network attacks, presenting individual’s information without a suitable protection is not suitable for authorization. In traditional cryptographic systems, security was done using individual’s password(s) or driving some other data from primary information as secret key(s). However, encryption and decryption algorithms are slow and contain time-consuming operations for transferring data in network. Thus, it is better that we have no need to decrypt an encrypted trait of an enrolled person, and the system can encrypt the user trait with the user’s passwords and then compare the results with the enrolled persons’ encrypted data stored in database. In this chapter, by considering wireless sensor networks and authenticating server, we introduce a new concept called “digest” and deal with its efficiency in dealing with the security problem. A “digest” can be derived from any kind of information trait through which nobody can capture any information of primary biometric traits. We show that this concept leads to the increase of the accuracy and accessibility of a biometric system

Privacy in Biometric Systems

Biometrics are physiological and/or behavioral characteristics of a person that have been used to provide an automatic proof of identity in a growing list of applications including crime/terrorism fighting, forensics, access and border control, securing e-/m-commerce transactions and service entitlements. In recent years, a great deal of research into a variety of new and traditional biometrics has widened the scope of investigations beyond improving accuracy into mechanisms that deal with serious concerns raised about the potential misuse of collected biometric data. Despite the long list of biometrics’ benefits, privacy concerns have become widely shared due to the fact that every time the biometric of a person is checked, a trace is left that could reveal personal and confidential information. In fact, biometric-based recognition has an inherent privacy problem as it relies on capturing, analyzing, and storing personal data about us as individuals. For example, biometric systems deal with data related to the way we look (face, iris), the way we walk (gait), the way we talk (speaker recognition), the way we write (handwriting), the way we type on a keyboard (keystroke), the way we read (eye movement), and many more. Privacy has become a serious concern for the public as biometric systems are increasingly deployed in many applications ranging from accessing our account on a Smartphone or computer to border control and national biometric cards on a very large scale. For example, the Unique Identification Authority of India (UIDAI) has issued 56 million biometric cards as of January 2014 [1], where each biometric card holds templates of the 10 fingers, the two irises and the face. An essential factor behind the growing popularity of biometrics in recent years is the fact that biometric sensors have become a lot cheaper as well as easier to install and handle. CCTV cameras are installed nearly everywhere and almost all Smartphones are equipped with a camera, microphone, fingerprint scanner, and probably very soon, an iris scanner

Protection of privacy in biometric data

Biometrics is commonly used in many automated veri cation systems offering several advantages over traditional veri cation methods. Since biometric features are associated with individuals, their leakage will violate individuals\u27 privacy, which can cause serious and continued problems as the biometric data from a person are irreplaceable. To protect the biometric data containing privacy information, a number of privacy-preserving biometric schemes (PPBSs) have been developed over the last decade, but they have various drawbacks. The aim of this paper is to provide a comprehensive overview of the existing PPBSs and give guidance for future privacy-preserving biometric research. In particular, we explain the functional mechanisms of popular PPBSs and present the state-of-the-art privacy-preserving biometric methods based on these mechanisms. Furthermore, we discuss the drawbacks of the existing PPBSs and point out the challenges and future research directions in PPBSs

Securing Birth Certificate Documents with DNA Profiles

The birth certificate is a document used by a person to obtain identification and licensing documents throughout their lifetime. For identity verification, the birth certificate provides limited information to support a person’s claim of identity. Authentication to the birth certificate is strictly a matter of possession. DNA profiling is becoming a commodity analysis that can be done accurately in under two hours with little human intervention. The DNA profile is a superior biometric to add to a birth record because it is stable throughout a person’s life and beyond. Acceptability of universal DNA profiling will depend heavily on privacy and safety concerns. This paper uses the U.S. FBI CODIS profile as a basis to discuss the effectiveness of DNA profiling and to provide a practical basis for a discussion of potential privacy and authenticity controls. As is discussed, adopting DNA profiles to improve document security should be done cautiously

Exploiting Multimodal Biometrics in E-Privacy Scheme for Electronic Health Records

Existing approaches to protect the privacy of Electronic Health Records (EHR) are either insufficient for existing medical laws or they are too restrictive in their usage. For example, smartcard-based encryption systems require the patient to be always present to authorize access to medical records. A major issue in EHR is how patient’s privacy and confidentiality can be maintained because there are known scenarios where patients’ health data have been abused and misused by those seeking to gain selfish interest from it. Another issue in EHR is how to provide adequate treatment and have access to the necessary information especially in pre-hospital care settings. Questionnaires were administered by 50 medical practitioners to identify and categorize different EHR attributes. The system was implemented using multimodal biometrics (fingerprint and iris) of patients to access patient record in pre-hospital care. The software development tools employed were JAVA and MySQL database. The system provides applicable security when patients’ records are shared either with other practitioners, employers, organizations or research institutes. The result of the system evaluation shows that the average response time of 6seconds and 11.1 seconds for fingerprint and iris respectively after ten different simulations. The system protects privacy and confidentiality by limiting the amount of data exposed to users. The system also enables emergency medical technicians to gain easy and reliable access to necessary attributes of patients’ EHR while still maintaining the privacy and confidentiality of the data using the patient’s fingerprint and iris. Keywords: Electronic Health Record, Privacy, Biometric

EsPRESSo: Efficient Privacy-Preserving Evaluation of Sample Set Similarity

Electronic information is increasingly often shared among entities without complete mutual trust. To address related security and privacy issues, a few cryptographic techniques have emerged that support privacy-preserving information sharing and retrieval. One interesting open problem in this context involves two parties that need to assess the similarity of their datasets, but are reluctant to disclose their actual content. This paper presents an efficient and provably-secure construction supporting the privacy-preserving evaluation of sample set similarity, where similarity is measured as the Jaccard index. We present two protocols: the first securely computes the (Jaccard) similarity of two sets, and the second approximates it, using MinHash techniques, with lower complexities. We show that our novel protocols are attractive in many compelling applications, including document/multimedia similarity, biometric authentication, and genetic tests. In the process, we demonstrate that our constructions are appreciably more efficient than prior work.Comment: A preliminary version of this paper was published in the Proceedings of the 7th ESORICS International Workshop on Digital Privacy Management (DPM 2012). This is the full version, appearing in the Journal of Computer Securit

A Bio-Crypto Protocol for Password Protection Using ECC

In  information  security the  following security parameters like, integrity , non repudiation and confidentiality , authentication   must be satisfied.  To avoid thievery of organization resources  it needs be secured in more efficient way  and there is always demand  for different levels of security attacks include virus , brute force and Eveadroper  in business that  organizations make use of voice biometrics an attractive low-cost. Voice biometrics is the  cheapest  among the  other biometrics and used all levels for management to buy readily available metric and it is the way of  identifying individuals remotely  with high level of accuracy . In this work, we have been designed a  new  password- authentication approach  that provides security  using voice biometrics for authentication and uses the device  itself into an authenticator which uses  voice itself as its passwords and we are primarily interested in keys that can be temporally reproduced on the same device from the same user’s voice. Public and private keys are generated  randomly from the user's voice  and stored in the voice file(.wav).This Method uses voice recognition , include the operation of  register( recording feature ) or voice prints  and  storing of one or more voice passwords into the  database. It uses ECDSA to perform the authentication process that matching the  voice sample  with the database. The recognition, entity makes the database  to decide that  the sample is matched to perform an operation or not. Our proposed approach  generates cryptographic keys from voice input itself and this algorithm developed an adhoc basis. It can effectively defend  attacks specially brute force attack in system networks

Mixing Biometric Data For Generating Joint Identities and Preserving Privacy

Biometrics is the science of automatically recognizing individuals by utilizing biological traits such as fingerprints, face, iris and voice. A classical biometric system digitizes the human body and uses this digitized identity for human recognition. In this work, we introduce the concept of mixing biometrics. Mixing biometrics refers to the process of generating a new biometric image by fusing images of different fingers, different faces, or different irises. The resultant mixed image can be used directly in the feature extraction and matching stages of an existing biometric system. In this regard, we design and systematically evaluate novel methods for generating mixed images for the fingerprint, iris and face modalities. Further, we extend the concept of mixing to accommodate two distinct modalities of an individual, viz., fingerprint and iris. The utility of mixing biometrics is demonstrated in two different applications. The first application deals with the issue of generating a joint digital identity. A joint identity inherits its uniqueness from two or more individuals and can be used in scenarios such as joint bank accounts or two-man rule systems. The second application deals with the issue of biometric privacy, where the concept of mixing is used for de-identifying or obscuring biometric images and for generating cancelable biometrics. Extensive experimental analysis suggests that the concept of biometric mixing has several benefits and can be easily incorporated into existing biometric systems