Ensuring patients privacy in a cryptographic-based-electronic health records using bio-cryptography

Several recent works have proposed and implemented cryptography as a means to preserve privacy and security of patients health data. Nevertheless, the weakest point of electronic health record (EHR) systems that relied on these cryptographic schemes is key management. Thus, this paper presents the development of privacy and security system for cryptography-based-EHR by taking advantage of the uniqueness of fingerprint and iris characteristic features to secure cryptographic keys in a bio-cryptography framework. The results of the system evaluation showed significant improvements in terms of time efficiency of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the likelihood of imposters gaining successful access to the keys protecting patients protected health information. This result also justifies the feasibility of implementing fuzzy key binding scheme in real applications, especially fuzzy vault which demonstrated a better performance during key reconstruction

Biometrics for internet‐of‐things security: A review

The large number of Internet‐of‐Things (IoT) devices that need interaction between smart devices and consumers makes security critical to an IoT environment. Biometrics offers an interesting window of opportunity to improve the usability and security of IoT and can play a significant role in securing a wide range of emerging IoT devices to address security challenges. The purpose of this review is to provide a comprehensive survey on the current biometrics research in IoT security, especially focusing on two important aspects, authentication and encryption. Regarding authentication, contemporary biometric‐based authentication systems for IoT are discussed and classified based on different biometric traits and the number of biometric traits employed in the system. As for encryption, biometric‐cryptographic systems, which integrate biometrics with cryptography and take advantage of both to provide enhanced security for IoT, are thoroughly reviewed and discussed. Moreover, challenges arising from applying biometrics to IoT and potential solutions are identified and analyzed. With an insight into the state‐of‐the‐art research in biometrics for IoT security, this review paper helps advance the study in the field and assists researchers in gaining a good understanding of forward‐looking issues and future research directions

Biomove: Biometric user identification from human kinesiological movements for virtual reality systems

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. Virtual reality (VR) has advanced rapidly and is used for many entertainment and business purposes. The need for secure, transparent and non-intrusive identification mechanisms is important to facilitate users’ safe participation and secure experience. People are kinesiologically unique, having individual behavioral and movement characteristics, which can be leveraged and used in security sensitive VR applications to compensate for users’ inability to detect potential observational attackers in the physical world. Additionally, such method of identification using a user’s kinesiological data is valuable in common scenarios where multiple users simultaneously participate in a VR environment. In this paper, we present a user study (n = 15) where our participants performed a series of controlled tasks that require physical movements (such as grabbing, rotating and dropping) that could be decomposed into unique kinesiological patterns while we monitored and captured their hand, head and eye gaze data within the VR environment. We present an analysis of the data and show that these data can be used as a biometric discriminant of high confidence using machine learning classification methods such as kNN or SVM, thereby adding a layer of security in terms of identification or dynamically adapting the VR environment to the users’ preferences. We also performed a whitebox penetration testing with 12 attackers, some of whom were physically similar to the participants. We could obtain an average identification confidence value of 0.98 from the actual participants’ test data after the initial study and also a trained model classification accuracy of 98.6%. Penetration testing indicated all attackers resulted in confidence values of less than 50% (\u3c50%), although physically similar attackers had higher confidence values. These findings can help the design and development of secure VR systems

Securing Inter-Organizational Workflows in Highly Dynamic Environments through Biometric Authentication

High flexibility demands of business processes in an inter-organizational context potentially conflict with existing security needs, mainly implied by regulative and legal requirements. In order to comply with these it has to be ensured that access to information within the workflow is restricted to authorized participants. Furthermore, the system might be required to prove this retrospectively. In highly flexible environments, particularly when documents leave the owner’s security domain, the scope of trust must be expendable throughout the workflow. Usage control provides practical concepts. However, user authentication remains a major vulnerability. In order to ensure effective access control the possibility of process-wide enforcement of strong authentication is needed. Inherently, strong user authentication can be realized applying biometrics, though practical reasons still slow the broad application of biometric authentication methods in common workflow scenarios. This work proposes the combination of usage control and typing biometrics to secure interorganizational workflows in highly dynamic environments. On the one hand, usage control provides high flexibility for document-centric workflows but relies on the enforcement of strong authentication. On the other hand, authentication based on typing is flexible in both deployment and application. Furthermore, the inherent privacy problem of biometrics is significantly weakened by the proposed approach

A Framework to Detect Presentation Attacks

Biometric-based authentication systems are becoming the preferred choice to replace password-based authentication systems. Among several variations of biometrics (e.g., face, eye, fingerprint), iris-based authentication is commonly used in every day applications. In iris-based authentication systems, iris images from legitimate users are captured and certain features are extracted to be used for matching during the authentication process. Literature works suggest that iris-based authentication systems can be subject to presentation attacks where an attacker obtains printed copy of the victim’s eye image and displays it in front of an authentication system to gain unauthorized access. Such attacks can be performed by displaying static eye images on mobile devices or iPad (known as screen attacks). As iris features are not changed, once an iris feature is compromised, it is hard to avoid this type of attack. Existing approaches relying on static features of the iris are not suitable to prevent presentation attacks. Feature from live Iris (or liveness detection) is a promising approach. Further, additional layer of security from iris feature can enable hardening the security of authentication system that existing works do not address. To address these limitations, this thesis proposed iris signature generation based on the area between the pupil and the cornea . Our approach relies on capturing iris images using near infrared light. We train two classifiers to capture the area between the pupil and the cornea. The image of iris is then stored in the database. This approach generates a QR code from the iris. The code acts as a password (additional layer of security) and a user is iii required to provide it during authentication. The approach has been tested using samples obtained from publicly available iris database. The initial results show that the proposed approach has lower false positive and false negative rates

The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions

For the past 20 years, researchers have investigated the use of eye tracking in security applications. We present a holistic view on gaze-based security applications. In particular, we canvassed the literature and classify the utility of gaze in security applications into a) authentication, b) privacy protection, and c) gaze monitoring during security critical tasks. This allows us to chart several research directions, most importantly 1) conducting field studies of implicit and explicit gaze-based authentication due to recent advances in eye tracking, 2) research on gaze-based privacy protection and gaze monitoring in security critical tasks which are under-investigated yet very promising areas, and 3) understanding the privacy implications of pervasive eye tracking. We discuss the most promising opportunities and most pressing challenges of eye tracking for security that will shape research in gaze-based security applications for the next decade

A new algorithm for minutiae extraction and matching in fingerprint

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.A novel algorithm for fingerprint template formation and matching in automatic fingerprint recognition has been developed. At present, fingerprint is being considered as the dominant biometric trait among all other biometrics due to its wide range of applications in security and access control. Most of the commercially established systems use singularity point (SP) or ‘core’ point for fingerprint indexing and template formation. The efficiency of these systems heavily relies on the detection of the core and the quality of the image itself. The number of multiple SPs or absence of ‘core’ on the image can cause some anomalies in the formation of the template and may result in high False Acceptance Rate (FAR) or False Rejection Rate (FRR). Also the loss of actual minutiae or appearance of new or spurious minutiae in the scanned image can contribute to the error in the matching process. A more sophisticated algorithm is therefore necessary in the formation and matching of templates in order to achieve low FAR and FRR and to make the identification more accurate. The novel algorithm presented here does not rely on any ‘core’ or SP thus makes the structure invariant with respect to global rotation and translation. Moreover, it does not need orientation of the minutiae points on which most of the established algorithm are based. The matching methodology is based on the local features of each minutiae point such as distances to its nearest neighbours and their internal angle. Using a publicly available fingerprint database, the algorithm has been evaluated and compared with other benchmark algorithms. It has been found that the algorithm has performed better compared to others and has been able to achieve an error equal rate of 3.5%

Biometrics

Biometrics uses methods for unique recognition of humans based upon one or more intrinsic physical or behavioral traits. In computer science, particularly, biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance. The book consists of 13 chapters, each focusing on a certain aspect of the problem. The book chapters are divided into three sections: physical biometrics, behavioral biometrics and medical biometrics. The key objective of the book is to provide comprehensive reference and text on human authentication and people identity verification from both physiological, behavioural and other points of view. It aims to publish new insights into current innovations in computer systems and technology for biometrics development and its applications. The book was reviewed by the editor Dr. Jucheng Yang, and many of the guest editors, such as Dr. Girija Chetty, Dr. Norman Poh, Dr. Loris Nanni, Dr. Jianjiang Feng, Dr. Dongsun Park, Dr. Sook Yoon and so on, who also made a significant contribution to the book

Large-scale Biometrics Deployment in Europe: Identifying Challenges and Threats

With large-scale biometrics deployment in the EU still in its infancy and with stakeholders racing to position themselves in view of the lucrative market that is forecasted, a study to identify challenges and threats that need to be dealt with was launched. This is the result: a report on Biometrics large-scale Deployment in Europe. The report tackles three main issues namely, the status, security / privacy and testing / certification processes. A survey was launched so as to help reveal the actual status of Biometrics large-scale Deployment initiatives in EU. The main outcome of the survey was that an open dissemination of implementation results policy is needed mainly on deployment plans, strategies, barriers and best practices. The security/ privacy challenges study identified a number of issues, the most important of which were related to proportionality and compliance to the existing regulatory framework while at the same time it revealed an important number of related actions aiming at ensuring both data security and privacy. The aim of the Bio Testing Europe study was double: to identify and collect comparable and certified results under different technologies, vendors and environments situations and to feed in this information to animate discussion among the members of a European network which would enhance the European testing and certification capacity. The study presents an integrated picture of the identified issues as well as a number of recommendations. With some of the systems that are being implemented involving millions of individuals as target users it is important for policy makers to adopt some of the options presented so as to address the identified through the study challengesJRC.J.4-Information Societ