4 research outputs found

    Oblivious Extractors and Improved Security in Biometric-based Authentication Systems

    Get PDF
    We study the problem of biometric-based authentication with template confidentiality. Typical schemes addressing this problem, such as Fuzzy Vaults (FV) and Fuzzy Extractors (FE), allow a server, aka Authenticator, to store “random looking” Helper Data (HD) instead of biometric templates in clear. HD hides information about the corresponding biometric while still enabling secure biometric-based authentication. Even though these schemes reduce the risk of storing biometric data, their correspondent authentication procedures typically require sending the HD (stored by the Authenticator) to a client who claims a given identity. The premise here is that only the identity owner - i.e., the person whose biometric was sampled to originally generate the HD - is able to provide the same biometric to reconstruct the proper cryptographic key from HD. As a side effect, the ability to freely retrieve HD, by simply claiming a given identity, allows invested adversaries to perform offline statistical attacks (a biometric analog for dictionary attacks on hashed passwords) or re-usability attacks (if the FE scheme is not reusable) on the HD to eventually recover the user’s biometric. In this work we develop Oblivious Extractors: a new construction that allows an Authenticator to authenticate a user without requiring neither the user to send a biometric to the Authenticator, nor the server to send the HD to the client. Oblivious Extractors provide concrete security advantages for biometric-based authentication systems. From the perspective of secure storage, an oblivious extractor is as secure as its non-oblivious fuzzy extractor counterpart. In addition, it enhances security against aforementioned statistical and re-usability attacks. To demonstrate the construction’s practicality, we implement and evaluate a biometric-based authentication prototype using Oblivious Extractors

    Challenges and Opportunities in Industry 4.0 for Mechatronics, Artificial Intelligence and Cybernetics

    Full text link
    Industry 4.0 has risen as an integrated digital manufacturing environment, and it has created a novel research perspective that has thrust research to interdisciplinarity and exploitation of ICT advances. This work presents and discusses the main aspects of Industry 4.0 and how intelligence can be embedded in manufacturing to create the smart factory. It briefly describes the main components of Industry 4.0, and it focuses on the security challenges that the fully interconnected ecosystem of Industry 4.0 has to meet and the threats for each component. Preserving security has a crucial role in Industry 4.0, and it is vital for its existence, so the main research directions on how to ensure the confidentiality and integrity of the information shared among the Industry 4.0 components are presented. Another view is in light of the security issues that come as a result of enabling new technologies. © 2021 by the authors. Licensee MDPI, Basel, Switzerland.Acknowledgements. We thank Dawn Ernstzen, Division of Physiotherapy, Stellenbosch University, for her contextualisation work for chronic pain management in SA used in the example in this article, and Michelle Galloway for her support in finalising the submission on behalf of the author team. Funding. The authors were funded, partially or in full, by the SAGE project, a 3-year (2014 - 2017) Flagship Grant from the South African Medical Research Council. The Flagship Grant programme was not involved in the conceptualisation or conduct of this study

    Big data-driven multimodal traffic management : trends and challenges

    Get PDF
    corecore