Privacy-Preserving iVector-Based Speaker Verification

This paper introduces an efficient algorithm to develop a privacy-preserving voice verification based on iVector and linear discriminant analysis techniques. This research considers a scenario in which users enrol their voice biometric to access different services (i.e., banking). Once enrolment is completed, users can verify themselves using their voice print instead of alphanumeric passwords. Since a voice print is unique for everyone, storing it with a third-party server raises several privacy concerns. To address this challenge, this paper proposes a novel technique based on randomization to carry out voice authentication, which allows the user to enrol and verify their voice in the randomized domain. To achieve this, the iVector-based voice verification technique has been redesigned to work on the randomized domain. The proposed algorithm is validated using a well-known speech dataset. The proposed algorithm neither compromises the authentication accuracy nor adds additional complexity due to the randomization operations

Secure and Privacy-Preserving Average Consensus

Average consensus is fundamental for distributed systems since it underpins key functionalities of such systems ranging from distributed information fusion, decision-making, to decentralized control. In order to reach an agreement, existing average consensus algorithms require each agent to exchange explicit state information with its neighbors. This leads to the disclosure of private state information, which is undesirable in cases where privacy is of concern. In this paper, we propose a novel approach that enables secure and privacy-preserving average consensus in a decentralized architecture in the absence of any trusted third-parties. By leveraging homomorphic cryptography, our approach can guarantee consensus to the exact value in a deterministic manner. The proposed approach is light-weight in computation and communication, and applicable to time-varying interaction topology cases. A hardware implementation is presented to demonstrate the capability of our approach.Comment: 7 pages, 4 figures, paper is accepted to CPS-SPC'1

Flexible and Robust Privacy-Preserving Implicit Authentication

Implicit authentication consists of a server authenticating a user based on the user's usage profile, instead of/in addition to relying on something the user explicitly knows (passwords, private keys, etc.). While implicit authentication makes identity theft by third parties more difficult, it requires the server to learn and store the user's usage profile. Recently, the first privacy-preserving implicit authentication system was presented, in which the server does not learn the user's profile. It uses an ad hoc two-party computation protocol to compare the user's fresh sampled features against an encrypted stored user's profile. The protocol requires storing the usage profile and comparing against it using two different cryptosystems, one of them order-preserving; furthermore, features must be numerical. We present here a simpler protocol based on set intersection that has the advantages of: i) requiring only one cryptosystem; ii) not leaking the relative order of fresh feature samples; iii) being able to deal with any type of features (numerical or non-numerical). Keywords: Privacy-preserving implicit authentication, privacy-preserving set intersection, implicit authentication, active authentication, transparent authentication, risk mitigation, data brokers.Comment: IFIP SEC 2015-Intl. Information Security and Privacy Conference, May 26-28, 2015, IFIP AICT, Springer, to appea