5 research outputs found
Relations among Security Metrics for Template Protection Algorithms
Many biometric template protection algorithms have been proposed mainly in
two approaches: biometric feature transformation and biometric cryptosystem.
Security evaluation of the proposed algorithms are often conducted in various
inconsistent manner. Thus, it is strongly demanded to establish the common
evaluation metrics for easier comparison among many algorithms. Simoens et al.
and Nagar et al. proposed good metrics covering nearly all aspect of
requirements expected for biometric template protection algorithms. One
drawback of the two papers is that they are biased to experimental evaluation
of security of biometric template protection algorithms. Therefore, it was
still difficult mainly for algorithms in biometric cryptosystem to prove their
security according to the proposed metrics. This paper will give a formal
definitions for security metrics proposed by Simoens et al. and Nagar et al. so
that it can be used for the evaluation of both of the two approaches. Further,
this paper will discuss the relations among several notions of security
metrics
Establishing the digital chain of evidence in biometric systems
Traditionally, a chain of evidence or chain of custody refers to the chronological documentation, or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of evidence, physical or electronic. Whether in the criminal justice system, military applications, or natural disasters, ensuring the accuracy and integrity of such chains is of paramount importance. Intentional or unintentional alteration, tampering, or fabrication of digital evidence can lead to undesirable effects. We find despite the consequences at stake, historically, no unique protocol or standardized procedure exists for establishing such chains. Current practices rely on traditional paper trails and handwritten signatures as the foundation of chains of evidence.;Copying, fabricating or deleting electronic data is easier than ever and establishing equivalent digital chains of evidence has become both necessary and desirable. We propose to consider a chain of digital evidence as a multi-component validation problem. It ensures the security of access control, confidentiality, integrity, and non-repudiation of origin. Our framework, includes techniques from cryptography, keystroke analysis, digital watermarking, and hardware source identification. The work offers contributions to many of the fields used in the formation of the framework. Related to biometric watermarking, we provide a means for watermarking iris images without significantly impacting biometric performance. Specific to hardware fingerprinting, we establish the ability to verify the source of an image captured by biometric sensing devices such as fingerprint sensors and iris cameras. Related to keystroke dynamics, we establish that user stimulus familiarity is a driver of classification performance. Finally, example applications of the framework are demonstrated with data collected in crime scene investigations, people screening activities at port of entries, naval maritime interdiction operations, and mass fatality incident disaster responses
Security in a Distributed Processing Environment
Distribution plays a key role in telecommunication and computing systems today. It
has become a necessity as a result of deregulation and anti-trust legislation, which has
forced businesses to move from centralised, monolithic systems to distributed systems
with the separation of applications and provisioning technologies, such as the service
and transportation layers in the Internet. The need for reliability and recovery requires
systems to use replication and secondary backup systems such as those used in ecommerce.
There are consequences to distribution. It results in systems being implemented in
heterogeneous environment; it requires systems to be scalable; it results in some loss
of control and so this contributes to the increased security issues that result from
distribution. Each of these issues has to be dealt with. A distributed processing
environment (DPE) is middleware that allows heterogeneous environments to operate
in a homogeneous manner. Scalability can be addressed by using object-oriented
technology to distribute functionality. Security is more difficult to address because it
requires the creation of a distributed trusted environment.
The problem with security in a DPE currently is that it is treated as an adjunct service,
i.e. and after-thought that is the last thing added to the system. As a result, it is not
pervasive and therefore is unable to fully support the other DPE services. DPE
security needs to provide the five basic security services, authentication, access
control, integrity, confidentiality and non-repudiation, in a distributed environment,
while ensuring simple and usable administration.
The research, detailed in this thesis, starts by highlighting the inadequacies of the
existing DPE and its services. It argues that a new management structure was
introduced that provides greater flexibility and configurability, while promoting
mechanism and service independence. A new secure interoperability framework was
introduced which provides the ability to negotiate common mechanism and service
level configurations. New facilities were added to the non-repudiation and audit
services.
The research has shown that all services should be security-aware, and therefore
would able to interact with the Enhanced Security Service in order to provide a more
secure environment within a DPE. As a proof of concept, the Trader service was
selected. Its security limitations were examined, new security behaviour policies
proposed and it was then implemented as a Security-aware Trader, which could
counteract the existing security limitations.IONA TECHNOLOGIES PLC & ORANG
Cryptographic keys from dynamic hand-signatures with biometric secrecy preservation and replaceability
We propose a method of extracting cryptographic key from dynamic handwritten signatures that does not require storage of the biometric template or any statistical information that could be used to reconstruct the biometric data. Also, the keys produced are not permanently linked to the biometric hence, allowing them to be replaced in the event of key compromise. This is achieved by incorporating randomness which provides high-entropy to the naturally low-entropy biometric key using iterative inner-product method as in Goh-Ngo, and modified multiple-bit discretization that deters guessing from key statistics. Our proposed methodology follows the design principles of block ciphers to result in unpredictable key space and secure construction