Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010

It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of ‘security’ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U

Balancing Security and Democracy: The Politics of Biometric Identification in the European Union

What are the relations between security policies and democratic debate, oversight and rights? And what is the role of expertise in shaping such policies and informing the democratic process? The inquiry that follows tries to answer such questions in the context of the European Union and taking the case of biometric identification, an area where security considerations and the possible impacts on fundamental rights and rule of law are at stake, and where expertise is crucial. Some hypotheses are explored through the case study: that 'securitisation' and 'democratisation' are in tension but some hybrid strategies can emerge, that the plurality of 'authoritative actors' influences policy frames and outcomes, and that knowledge is a key asset in defining these authoritative actors. A counter-intuitive conclusion is presented, namely that biometrics-which seems prima facie an excellent candidate for technocratic decision making, sheltered from democratic debate and accountability-is characterised by intense debate by a plurality of actors. Such pluralism is limited to those actors who have the resources-including knowledge-that allow for inclusion in policy making at EU level, but is nevertheless significant in shaping policy. Tragic events were pivotal in pushing for action on grounds of security, but the chosen instruments were in store and specific actors were capable of proposing them as a solution to security problems; in particular, the strong role of executives is a key factor in the vigorous pursuit of biometric identification. However this is not the whole story, and limited pluralism-including plurality of expertise-explains specific features of the development of biometrics in the EU, namely the central role of the metaphor of 'balancing' security and democracy, and the 'competitive cooperation' between new and more consolidated policy areas. The EU is facing another difficult challenge in the attempt of establishing itself as a new security actor and as a supranational democratic polity: important choices are involved to assure that citizens' security is pursued on the basis of rule of law, respect of fundamental rights and democratic accountability.democracy; pluralism; security/internal

Biometric cryptosystem using online signatures

Biometric cryptosystems combine cryptography and biometrics to benefit from the strengths of both fields. In such systems, while cryptography provides high and adjustable security levels, biometrics brings in non-repudiation and eliminates the need to remember passwords or to carry tokens etc. In this work we present a biometric cryptosystems which uses online signatures, based on the Fuzzy Vault scheme of Jules et al. The Fuzzy Vault scheme releases a previously stored key when the biometric data presented for verification matches the previously stored template hidden in a vault. The online signature of a person is a behavioral biometric which is widely accepted as the formal way of approving documents, bank transactions, etc. As such, biometric-based key release using online signatures may have many application areas. We extract minutiae points (trajectory crossings, endings and points of high curvature) from online signatures and use those during the locking & unlocking phases of the vault. We present our preliminary results and demonstrate that high security level (128 bit encryption key length) can be achieved using online signatures

A schema for cryptographic keys generation using hybrid biometrics

Biometric identifiers refer to unique physical properties or behavioural attributes of individuals. Some of the well known biometric identifiers are voice, finger prints, retina or iris, facial structure etc. In our daily interaction with others directly or indirectly, we implicitly use biometrics to know, distinguish and trust people. Biometric identifiers represent the concept of "who a person is" by gathering vital characteristics that don't correspond to any other person. The human brain to some extent is able to ascertain disparities or variation in certain physical attributes and yet verify the authenticity of a person. But this is difficult to be implemented in electronic systems due to the intense requirements of artificial decision making and hard-coded logic. This paper examines the possibility of using a combination of biometric attributes to overcome common problems in having a single biometric scheme for authentication. It also investigates possible schemes and features to deal with variations in Biometric attributes. The material presented is related to ongoing research by the Computer Communications Research Group at Leeds Metropolitan University. We use this paper as a starting step and as a plan for advanced research. It offers ideas and proposition for implementing hybrid biometrics in conjunction with cryptography. This is work in progress and is in a very preliminary stage