4,388 research outputs found
Coding Solutions for the Secure Biometric Storage Problem
The paper studies the problem of securely storing biometric passwords, such
as fingerprints and irises. With the help of coding theory Juels and Wattenberg
derived in 1999 a scheme where similar input strings will be accepted as the
same biometric. In the same time nothing could be learned from the stored data.
They called their scheme a "fuzzy commitment scheme". In this paper we will
revisit the solution of Juels and Wattenberg and we will provide answers to two
important questions: What type of error-correcting codes should be used and
what happens if biometric templates are not uniformly distributed, i.e. the
biometric data come with redundancy. Answering the first question will lead us
to the search for low-rate large-minimum distance error-correcting codes which
come with efficient decoding algorithms up to the designed distance. In order
to answer the second question we relate the rate required with a quantity
connected to the "entropy" of the string, trying to estimate a sort of
"capacity", if we want to see a flavor of the converse of Shannon's noisy
coding theorem. Finally we deal with side-problems arising in a practical
implementation and we propose a possible solution to the main one that seems to
have so far prevented real life applications of the fuzzy scheme, as far as we
know.Comment: the final version appeared in Proceedings Information Theory Workshop
(ITW) 2010, IEEE copyrigh
Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data
We provide formal definitions and efficient secure techniques for
- turning noisy information into keys usable for any cryptographic
application, and, in particular,
- reliably and securely authenticating biometric data.
Our techniques apply not just to biometric information, but to any keying
material that, unlike traditional cryptographic keys, is (1) not reproducible
precisely and (2) not distributed uniformly. We propose two primitives: a
"fuzzy extractor" reliably extracts nearly uniform randomness R from its input;
the extraction is error-tolerant in the sense that R will be the same even if
the input changes, as long as it remains reasonably close to the original.
Thus, R can be used as a key in a cryptographic application. A "secure sketch"
produces public information about its input w that does not reveal w, and yet
allows exact recovery of w given another value that is close to w. Thus, it can
be used to reliably reproduce error-prone biometric inputs without incurring
the security risk inherent in storing them.
We define the primitives to be both formally secure and versatile,
generalizing much prior work. In addition, we provide nearly optimal
constructions of both primitives for various measures of ``closeness'' of input
data, such as Hamming distance, edit distance, and set difference.Comment: 47 pp., 3 figures. Prelim. version in Eurocrypt 2004, Springer LNCS
3027, pp. 523-540. Differences from version 3: minor edits for grammar,
clarity, and typo
On Burst Error Correction and Storage Security of Noisy Data
Secure storage of noisy data for authentication purposes usually involves the
use of error correcting codes. We propose a new model scenario involving burst
errors and present for that several constructions.Comment: to be presented at MTNS 201
Pseudo Identities Based on Fingerprint Characteristics
This paper presents the integrated project TURBINE which is funded under the EU 7th research framework programme. This research is a multi-disciplinary effort on privacy enhancing technology, combining innovative developments in cryptography and fingerprint recognition. The objective of this project is to provide a breakthrough in electronic authentication for various applications in the physical world and on the Internet. On the one hand it will provide secure identity verification thanks to fingerprint recognition. On the other hand it will reliably protect the biometric data through advanced cryptography technology. In concrete terms, it will provide the assurance that (i) the data used for the authentication, generated from the fingerprint, cannot be used to restore the original fingerprint sample, (ii) the individual will be able to create different "pseudo-identities" for different applications with the same fingerprint, whilst ensuring that these different identities (and hence the related personal data) cannot be linked to each other, and (iii) the individual is enabled to revoke an biometric identifier (pseudo-identity) for a given application in case it should not be used anymore
Fuzzy Authentication using Rank Distance
Fuzzy authentication allows authentication based on the fuzzy matching of two
objects, for example based on the similarity of two strings in the Hamming
metric, or on the similiarity of two sets in the set difference metric. Aim of
this paper is to show other models and algorithms of secure fuzzy
authentication, which can be performed using the rank metric. A few schemes are
presented which can then be applied in different scenarios and applications.Comment: to appear in Cryptography and Physical Layer Security, Lecture Notes
in Electrical Engineering, Springe
Privacy-Aware Processing of Biometric Templates by Means of Secure Two-Party Computation
The use of biometric data for person identification and access control is gaining more and more popularity. Handling biometric data, however, requires particular care, since biometric data is indissolubly tied to the identity of the owner hence raising important security and privacy issues. This chapter focuses on the latter, presenting an innovative approach that, by relying on tools borrowed from Secure Two Party Computation (STPC) theory, permits to process the biometric data in encrypted form, thus eliminating any risk that private biometric information is leaked during an identification process. The basic concepts behind STPC are reviewed together with the basic cryptographic primitives needed to achieve privacy-aware processing of biometric data in a STPC context. The two main approaches proposed so far, namely homomorphic encryption and garbled circuits, are discussed and the way such techniques can be used to develop a full biometric matching protocol described. Some general guidelines to be used in the design of a privacy-aware biometric system are given, so as to allow the reader to choose the most appropriate tools depending on the application at hand
Rising stars in information and communication technology
The quest for more efficiency and security is reflected in the economy as a whole, but especially in the product and process innovations in information and communication technology (ICT). We examine the ten concepts considered to have the brightest prospects in the business segment in terms of their potential to gain widespread use during this decade. Out of these, the three most promising ICT approaches are biometrics, open-source software and radio tagging (RFID).internet telephony (VoIP), advanced mobile radio technology (WLAN, UMTS, WiMax), biometrics, quantum cryptography, Model information and communication technology (ICT), Driven Archi-tecture (MDA), decentralised storage (ILM), decentralised data process-ing (grid computing), open-source software, outsourcing, and radio tag-ging (RFID)
Privacy Protection in Distributed Fingerprint-based Authentication
Biometric authentication is getting increasingly popular due to the
convenience of using unique individual traits, such as fingerprints, palm
veins, irises. Especially fingerprints are widely used nowadays due to the
availability and low cost of fingerprint scanners. To avoid identity theft or
impersonation, fingerprint data is typically stored locally, e.g., in a trusted
hardware module, in a single device that is used for user enrollment and
authentication. Local storage, however, limits the ability to implement
distributed applications, in which users can enroll their fingerprint once and
use it to access multiple physical locations and mobile applications
afterwards.
In this paper, we present a distributed authentication system that stores
fingerprint data in a server or cloud infrastructure in a privacy-preserving
way. Multiple devices can be connected and perform user enrollment or
verification. To secure the privacy and integrity of sensitive data, we employ
a cryptographic construct called fuzzy vault. We highlight challenges in
implementing fuzzy vault-based authentication, for which we propose and compare
alternative solutions. We conduct a security analysis of our biometric
cryptosystem, and as a proof of concept, we build an authentication system for
access control using resource-constrained devices (Raspberry Pis) connected to
fingerprint scanners and the Microsoft Azure cloud environment. Furthermore, we
evaluate the fingerprint matching algorithm against the well-known FVC2006
database and show that it can achieve comparable accuracy to widely-used
matching techniques that are not designed for privacy, while remaining
efficient with an authentication time of few seconds.Comment: This is an extended version of the paper with the same title which
has been accepted for publication at the Workshop on Privacy in the
Electronic Society (WPES 2019
Security Optimization for Distributed Applications Oriented on Very Large Data Sets
The paper presents the main characteristics of applications which are working with very large data sets and the issues related to security. First section addresses the optimization process and how it is approached when dealing with security. The second section describes the concept of very large datasets management while in the third section the risks related are identified and classified. Finally, a security optimization schema is presented with a cost-efficiency analysis upon its feasibility. Conclusions are drawn and future approaches are identified.Security, Optimization, Very Large Data Sets, Distributed Applications
- …