Security and Efficiency Analysis of the Hamming Distance Computation Protocol Based on Oblivious Transfer

open access articleBringer et al. proposed two cryptographic protocols for the computation of Hamming distance. Their first scheme uses Oblivious Transfer and provides security in the semi-honest model. The other scheme uses Committed Oblivious Transfer and is claimed to provide full security in the malicious case. The proposed protocols have direct implications to biometric authentication schemes between a prover and a verifier where the verifier has biometric data of the users in plain form. In this paper, we show that their protocol is not actually fully secure against malicious adversaries. More precisely, our attack breaks the soundness property of their protocol where a malicious user can compute a Hamming distance which is different from the actual value. For biometric authentication systems, this attack allows a malicious adversary to pass the authentication without knowledge of the honest user's input with at most $O(n)$ complexity instead of $O(2^n)$, where $n$ is the input length. We propose an enhanced version of their protocol where this attack is eliminated. The security of our modified protocol is proven using the simulation-based paradigm. Furthermore, as for efficiency concerns, the modified protocol utilizes Verifiable Oblivious Transfer which does not require the commitments to outputs which improves its efficiency significantly

Smart cards: State-of-the-art to future directions

The evolution of smart card technology provides an interesting case study of the relationship and interactions between security and business requirements. This paper maps out the milestones for smart card technology, discussing at each step the opportunities and challenges. The paper reviews recently proposed innovative ownership/management models and the security challenges associated with them. The paper concludes with a discussion of possible future directions for the technology, and the challenges these present

Designing and generating prototype for E-Governance based election strategy using biometric authentication and smart card device

Not availabl

Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010

It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of ‘security’ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U

Watching You: Systematic Federal Surveillance of Ordinary Americans

To combat terrorism, Attorney General John Ashcroft has asked Congress to "enhance" the government's ability to conduct domestic surveillance of citizens. The Justice Department's legislative proposals would give federal law enforcement agents new access to personal information contained in business and school records. Before acting on those legislative proposals, lawmakers should pause to consider the extent to which the lives of ordinary Americans already are monitored by the federal government. Over the years, the federal government has instituted a variety of data collection programs that compel the production, retention, and dissemination of personal information about every American citizen. Linked through an individual's Social Security number, these labor, medical, education and financial databases now empower the federal government to obtain a detailed portrait of any person: the checks he writes, the types of causes he supports, and what he says "privately" to his doctor. Despite widespread public concern about preserving privacy, these data collection systems have been enacted in the name of "reducing fraud" and "promoting efficiency" in various government programs. Having exposed most areas of American life to ongoing government scrutiny and recording, Congress is now poised to expand and universalize federal tracking of citizen life. The inevitable consequence of such constant surveillance, however, is metastasizing government control over society. If that happens, our government will have perverted its most fundamental mission and destroyed the privacy and liberty that it was supposed to protect

Algorithmic Jim Crow

This Article contends that current immigration- and security-related vetting protocols risk promulgating an algorithmically driven form of Jim Crow. Under the “separate but equal” discrimination of a historic Jim Crow regime, state laws required mandatory separation and discrimination on the front end, while purportedly establishing equality on the back end. In contrast, an Algorithmic Jim Crow regime allows for “equal but separate” discrimination. Under Algorithmic Jim Crow, equal vetting and database screening of all citizens and noncitizens will make it appear that fairness and equality principles are preserved on the front end. Algorithmic Jim Crow, however, will enable discrimination on the back end in the form of designing, interpreting, and acting upon vetting and screening systems in ways that result in a disparate impact

Eavesdropping Whilst You're Shopping: Balancing Personalisation and Privacy in Connected Retail Spaces

Physical retailers, who once led the way in tracking with loyalty cards and `reverse appends', now lag behind online competitors. Yet we might be seeing these tables turn, as many increasingly deploy technologies ranging from simple sensors to advanced emotion detection systems, even enabling them to tailor prices and shopping experiences on a per-customer basis. Here, we examine these in-store tracking technologies in the retail context, and evaluate them from both technical and regulatory standpoints. We first introduce the relevant technologies in context, before considering privacy impacts, the current remedies individuals might seek through technology and the law, and those remedies' limitations. To illustrate challenging tensions in this space we consider the feasibility of technical and legal approaches to both a) the recent `Go' store concept from Amazon which requires fine-grained, multi-modal tracking to function as a shop, and b) current challenges in opting in or out of increasingly pervasive passive Wi-Fi tracking. The `Go' store presents significant challenges with its legality in Europe significantly unclear and unilateral, technical measures to avoid biometric tracking likely ineffective. In the case of MAC addresses, we see a difficult-to-reconcile clash between privacy-as-confidentiality and privacy-as-control, and suggest a technical framework which might help balance the two. Significant challenges exist when seeking to balance personalisation with privacy, and researchers must work together, including across the boundaries of preferred privacy definitions, to come up with solutions that draw on both technology and the legal frameworks to provide effective and proportionate protection. Retailers, simultaneously, must ensure that their tracking is not just legal, but worthy of the trust of concerned data subjects.Comment: 10 pages, 1 figure, Proceedings of the PETRAS/IoTUK/IET Living in the Internet of Things Conference, London, United Kingdom, 28-29 March 201

Biometric ID Cybersurveillance

The implementation of a universal digitalized biometric ID system risks normalizing and integrating mass cybersurveillance into the daily lives of ordinary citizens. ID documents such as driver’s licenses in some states and all U.S. passports are now implanted with radio frequency identification (RFID) technology. In recent proposals, Congress has considered implementing a digitalized biometric identification card—such as a biometric-based, “high-tech” Social Security Card—which may eventually lead to the development of a universal multimodal biometric database (e.g., the collection of the digital photos, fingerprints, iris scans, and/or DNA of all citizens and noncitizens). Such “hightech” IDs, once merged with GPS-RFID tracking technology, would facilitate exponentially a convergence of cybersurveillance-body tracking and data surveillance, or dataveillance-biographical tracking. Yet, the existing Fourth Amendment jurisprudence is tethered to a “reasonable expectation of privacy” test that does not appear to restrain the comprehensive, suspicionless amassing of databases that concern the biometric data, movements, activities, and other personally identifiable information of individuals. In this Article, I initiate a project to explore the constitutional and other legal consequences of big data cybersurveillance generally and mass biometric dataveillance in particular. This Article focuses on how biometric data is increasingly incorporated into identity management systems through bureaucratized cybersurveillance or the normalization of cybersurveillance through the daily course of business and integrated forms of governance

Three Factor Authentication Using Java Ring and Biometrics

Computer security is a growing field in the IT industry. One of the important aspects of the computer security is authentication. Using passwords (something you know) is one of the most common ways of authentications. But passwords have proven to provide weak level of security as they can be easily compromised. Some other ways of authenticating a user are using physical tokens, (something you possess) and biometrics, (something you are). Using any one of these techniques to secure a system always has its own set of threats. One way to make sure a system is secure is to use multiple factors to authenticate. One of the ways to use multiple factors is to use all the three factors of authentication, something you possess, something you are and something you know. This thesis discusses about different ways of authentication and implements a system using three factor authentication. It takes many security aspects of the system into consideration while implementing it, to make it secure

Opportunities and Challenges for Biometric Systems in Travel: a Review

As biometric technology provide superior levels of accuracy, security, and convenience, it is important to understand the extent to which they are applicable in travel. This research reviews the applicability of biometric technology in travel, emphasizing the most critical opportunities and challenges. The opportunities offered by biometric systems in travel can materialize in superior identity management, increased convenience, and better human resource management. Such opportunities can be achieved through specific biometric applications, such as identity management and immigration systems, registered traveler programs, biometric passports, hotel access systems, and payment/retail systems in hotels/restaurants/resorts. Although biometric applications are promising in travel, their large-scale deployment by organizations and adoption by travelers is hindered by a number of challenges. Such challenges include privacy, fear of harm resulting from using the system, and general user anxiety, which need to be addressed before large-scale deployment of biometrics in travel, to guarantee adoption and its associated benefits