Mixing Biometric Data For Generating Joint Identities and Preserving Privacy

Biometrics is the science of automatically recognizing individuals by utilizing biological traits such as fingerprints, face, iris and voice. A classical biometric system digitizes the human body and uses this digitized identity for human recognition. In this work, we introduce the concept of mixing biometrics. Mixing biometrics refers to the process of generating a new biometric image by fusing images of different fingers, different faces, or different irises. The resultant mixed image can be used directly in the feature extraction and matching stages of an existing biometric system. In this regard, we design and systematically evaluate novel methods for generating mixed images for the fingerprint, iris and face modalities. Further, we extend the concept of mixing to accommodate two distinct modalities of an individual, viz., fingerprint and iris. The utility of mixing biometrics is demonstrated in two different applications. The first application deals with the issue of generating a joint digital identity. A joint identity inherits its uniqueness from two or more individuals and can be used in scenarios such as joint bank accounts or two-man rule systems. The second application deals with the issue of biometric privacy, where the concept of mixing is used for de-identifying or obscuring biometric images and for generating cancelable biometrics. Extensive experimental analysis suggests that the concept of biometric mixing has several benefits and can be easily incorporated into existing biometric systems

Loyalty cards and the problem of CAPTCHA: 2nd tier security and usability issues for senior citizens

Information Security often works in antipathy to access and useability in communities of older citizens. Whilst security features are required to prevent the disclosure of information, some security tools have a deleterious effect upon users, resulting in insecure practices. Security becomes unfit for purpose where users prefer to abandon applications and online benefits in favour of non-digital authentication and verification requirements. For some, the ability to read letters and symbols from a distorted image is a decidedly more difficult task than for others, and the resulting level of security from CAPTCHA tests is not consistent from person to person. This paper discusses the changing paradigm regarding second tier applications where non-essential benefits are forgone in order to avoid the frustration, uncertainty and humiliation of repeated failed attempts to access online software by means of CAPTCHA

Remotely Keyed CryptoGraphics - Secure Remote Display Access Using (Mostly) Untrusted Hardware - Extended Version

Software that covertly monitors user actions, also known as spyware, has become a first-level security threat due to its ubiquity and the difficulty of detecting and removing it. Such software may be inadvertently installed by a user that is casually browsing the web, or may be purposely installed by an attacker or even the owner of a system. This is particularly problematic in the case of utility computing, early manifestations of which are Internet cafes and thin-client computing. Traditional trusted computing approaches offer a partial solution to this by significantly increasing the size of the trusted computing base (TCB) to include the operating system and other software. We examine the problem of protecting a user accessing specific services in such an environment. We focus on secure video broadcasts and remote desktop access when using any convenient, and often untrusted, terminal as two example applications. We posit that, at least for such applications, the TCB can be confined to a suitably modified graphics processing unit (GPU). Specifically, to prevent spyware on untrusted clients from accessing the user's data, we restrict the boundary of trust to the client's GPU by moving image decryption into GPUs. We use the GPU in order to leverage existing capabilities as opposed to designing a new component from scratch. We discuss the applicability of GPU-based decryption in these two sample scenarios and identify the limitations of the current generation of GPUs. We propose straightforward modifications to future GPUs that will allow the realization of the full approach

Recent Advances in Biometric Technology for Mobile Devices

International audienceThe prevalent commercial deployment of mobile biometrics as a robust authentication method on mobile devices has fueled increasingly scientific attention. Motivated by this, in this work we seek to provide insight on recent development in mobile biometrics. We present parallels and dissimilarities of mobile biometrics and classical biometrics, enumerate related benefits and challenges. Further we provide an overview of recent techniques in mobile biometrics, as well as application systems adopted by industry. Finally, we discuss open research problems in this field

Remotely Keyed Cryptographics: Secure Remote Display Access Using (Mostly) Untrusted Hardware

Software that covertly monitors user actions, also known as spyware, has become a first-level security threat due to its ubiquity and the difficulty of detecting and removing it. Such software may be inadvertently installed by a user that is casually browsing the web, or may be purposely installed by an attacker or even the owner of a system. This is particularly problematic in the case of utility computing, early manifestations of which are Internet cafes and thin-client computing. Traditional trusted computing approaches offer a partial solution to this by significantly increasing the size of the trusted computing base (TCB) to include the operating system and other software. We examine the problem of protecting a user accessing specific services in such an environment. We focus on secure video broadcasts and remote desktop access when using any convenient, and often untrusted, terminal as two example applications. We posit that, at least for such applications, the TCB can be confined to a suitably modified graphics processing unit (GPU). Specifically, to prevent spyware on untrusted clients from accessing the user's data, we restrict the boundary of trust to the client's GPU by moving image decryption into GPUs. This allows us to leverage existing capabilities as opposed to designing a new component from scratch. We discuss the applicability of GPU-based decryption in the two scenarios. We identify limitations due to current GPU capabilities and propose straightforward modifications to GPUs that will allow the realization of our approach

Bio : A Mulrimodal biometric authentication system for person identification and verification

Not availabl

Secure Authentication for Mobile Users

RÉSUMÉ :L’authentification biométrique telle que les empreintes digitales et la biométrie faciale a changé la principale méthode d’authentification sur les appareils mobiles. Les gens inscrivent facilement leurs modèles d’empreintes digitales ou de visage dans différents systèmes d’authentification pour profiter de leur accès facile au smartphone sans avoir besoin de se souvenir et de saisir les codes PIN/mots de passe conventionnels. Cependant, ils ne sont pas conscients du fait qu’ils stockent leurs caractéristiques physiologiques ou comportementales durables sur des plates-formes non sécurisées (c’est-à-dire sur des téléphones mobiles ou sur un stockage en nuage), menaçant la confidentialité de leurs modèles biométriques et de leurs identités. Par conséquent, un schéma d’authentification est nécessaire pour préserver la confidentialité des modèles biométriques des utilisateurs et les authentifier en toute sécurité sans compter sur des plates-formes non sécurisées et non fiables.La plupart des études ont envisagé des approches logicielles pour concevoir un système d’authentification sécurisé. Cependant, ces approches ont montré des limites dans les systèmes d’authentification sécurisés. Principalement, ils souffrent d’une faible précision de vérification, en raison des transformations du gabarit (cancelable biometrics), de la fuite d’informations (fuzzy commitment schemes) ou de la réponse de vérification non en temps réel, en raison des calculs coûteux (homomorphic encryption).---------- ABSTRACT: Biometric authentication such as fingerprint and face biometrics has changed the main authentication method on mobile devices. People easily enroll their fingerprint or face template on different authentication systems to take advantage of their easy access to the smartphone with no need to remember and enter the conventional PINs/passwords. However, they are not aware that they store their long-lasting physiological or behavioral characteristics on insecure platforms (i.e., on mobile phones or on cloud storage), threatening the privacy of their biometric templates and their identities. Therefore, an authentication scheme is required to preserve the privacy of users’ biometric templates and securely authenticate them without relying on insecure and untrustworthy platforms. Most studies have considered software-based approaches to design a privacy-reserving authentication system. However, these approaches have shown limitations in secure authentication systems. Mainly, they suffer from low verification accuracy, due to the template transformations (in cancelable biometrics), information leakage (in fuzzy commitment schemes), or non real-time verification response, due to the expensive computations (in homomorphic encryption)

Fingerprint-based biometric recognition allied to fuzzy-neural feature classification.

The research investigates fingerprint recognition as one of the most reliable biometrics identification methods. An automatic identification process of humans-based on fingerprints requires the input fingerprint to be matched with a large number of fingerprints in a database. To reduce the search time and computational complexity, it is desirable to classify the database of fingerprints into an accurate and consistent manner so that the input fingerprint is matched only with a subset of the fingerprints in the database. In this regard, the research addressed fingerprint classification. The goal is to improve the accuracy and speed up of existing automatic fingerprint identification algorithms. The investigation is based on analysis of fingerprint characteristics and feature classification using neural network and fuzzy-neural classifiers.The methodology developed, is comprised of image processing, computation of a directional field image, singular-point detection, and feature vector encoding. The statistical distribution of feature vectors was analysed using SPSS. Three types of classifiers, namely, multi-layered perceptrons, radial basis function and fuzzy-neural methods were implemented. The developed classification systems were tested and evaluated on 4,000 fingerprint images on the NIST-4 database. For the five-class problem, classification accuracy of 96.2% for FNN, 96.07% for MLP and 84.54% for RBF was achieved, without any rejection. FNN and MLP classification results are significant in comparison with existing studies, which have been reviewed