Privacy-Aware Processing of Biometric Templates by Means of Secure Two-Party Computation

The use of biometric data for person identification and access control is gaining more and more popularity. Handling biometric data, however, requires particular care, since biometric data is indissolubly tied to the identity of the owner hence raising important security and privacy issues. This chapter focuses on the latter, presenting an innovative approach that, by relying on tools borrowed from Secure Two Party Computation (STPC) theory, permits to process the biometric data in encrypted form, thus eliminating any risk that private biometric information is leaked during an identification process. The basic concepts behind STPC are reviewed together with the basic cryptographic primitives needed to achieve privacy-aware processing of biometric data in a STPC context. The two main approaches proposed so far, namely homomorphic encryption and garbled circuits, are discussed and the way such techniques can be used to develop a full biometric matching protocol described. Some general guidelines to be used in the design of a privacy-aware biometric system are given, so as to allow the reader to choose the most appropriate tools depending on the application at hand

Improved fuzzy hashing technique for biometric template protection

Biometrics provides a new dimension of security to modern automated applications since each user will need to prove his identity when attempting an access. However, if a stored biometric template is compromised, then the conventional biometric recognition system becomes vulnerable to privacy invasion. This invasion is a permanent one because the biometric template is not replaceable. In this paper, we introduce an improved FuzzyHashing technique for biometric template protection purpose. We demonstrate our implementation in the context of fingerprint biometrics. The experimental results and the security analysis on FVC 2004 DB1 and DB2 fingerprint datasets suggest that the technique is highly feasible in practice