4,178 research outputs found

    THRIVE: Threshold Homomorphic encryption based secure and privacy preserving bIometric VErification system

    Get PDF
    In this paper, we propose a new biometric verification and template protection system which we call the THRIVE system. The system includes novel enrollment and authentication protocols based on threshold homomorphic cryptosystem where the private key is shared between a user and the verifier. In the THRIVE system, only encrypted binary biometric templates are stored in the database and verification is performed via homomorphically randomized templates, thus, original templates are never revealed during the authentication stage. The THRIVE system is designed for the malicious model where the cheating party may arbitrarily deviate from the protocol specification. Since threshold homomorphic encryption scheme is used, a malicious database owner cannot perform decryption on encrypted templates of the users in the database. Therefore, security of the THRIVE system is enhanced using a two-factor authentication scheme involving the user's private key and the biometric data. We prove security and privacy preservation capability of the proposed system in the simulation-based model with no assumption. The proposed system is suitable for applications where the user does not want to reveal her biometrics to the verifier in plain form but she needs to proof her physical presence by using biometrics. The system can be used with any biometric modality and biometric feature extraction scheme whose output templates can be binarized. The overall connection time for the proposed THRIVE system is estimated to be 336 ms on average for 256-bit biohash vectors on a desktop PC running with quad-core 3.2 GHz CPUs at 10 Mbit/s up/down link connection speed. Consequently, the proposed system can be efficiently used in real life applications

    Ensuring patients privacy in a cryptographic-based-electronic health records using bio-cryptography

    Get PDF
    Several recent works have proposed and implemented cryptography as a means to preserve privacy and security of patients health data. Nevertheless, the weakest point of electronic health record (EHR) systems that relied on these cryptographic schemes is key management. Thus, this paper presents the development of privacy and security system for cryptography-based-EHR by taking advantage of the uniqueness of fingerprint and iris characteristic features to secure cryptographic keys in a bio-cryptography framework. The results of the system evaluation showed significant improvements in terms of time efficiency of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the likelihood of imposters gaining successful access to the keys protecting patients protected health information. This result also justifies the feasibility of implementing fuzzy key binding scheme in real applications, especially fuzzy vault which demonstrated a better performance during key reconstruction

    State of the Art in Biometric Key Binding and Key Generation Schemes

    Get PDF
    Direct storage of biometric templates in databases exposes the authentication system and legitimate users to numerous security and privacy challenges. Biometric cryptosystems or template protection schemes are used to overcome the security and privacy challenges associated with the use of biometrics as a means of authentication. This paper presents a review of previous works in biometric key binding and key generation schemes. The review focuses on key binding techniques such as biometric encryption, fuzzy commitment scheme, fuzzy vault and shielding function. Two categories of key generation schemes considered are private template and quantization schemes. The paper also discusses the modes of operations, strengths and weaknesses of various kinds of key-based template protection schemes. The goal is to provide the reader with a clear understanding of the current and emerging trends in key-based biometric cryptosystems

    A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes

    Get PDF
    With their increasing popularity in cryptosystems, biometrics have attracted more and more attention from the information security community. However, how to handle the relevant privacy concerns remains to be troublesome. In this paper, we propose a novel security model to formalize the privacy concerns in biometric-based remote authentication schemes. Our security model covers a number of practical privacy concerns such as identity privacy and transaction anonymity, which have not been formally considered in the literature. In addition, we propose a general biometric-based remote authentication scheme and prove its security in our security model

    Fuzzy Vault scheme based on fixed-length templates applied to dynamic signature verification

    Get PDF
    As a consequence of the wide deployment of biometrics-based recognition systems, there are increasing concerns about the security of the sensitive information managed. Various techniques have been proposed in the literature for the biometric templates protection (BTP), having gained great popularity the crypto-biometric systems. In the present paper we propose the implementation of a Fuzzy Vault (FV) scheme based on fixed-length templates with application to dynamic signature verification (DSV), where only 15 global features of the signature are considered to form the templates. The performance of the proposed system is evaluated using three databases: a proprietary collection of signatures, and the publicly available databases MCYT and BioSecure. The experimental results show very similar verification performance compared to an equivalent unprotected system.This work was supported by the Spanish National Cybersecurity Institute (INCIBE) through the Excellence of Advanced Cybersecurity Research Teams Program

    Template protection for HMM-based on-line signature authentication

    Full text link
    Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. E. Maiorana, P. Campisi, M. MartĂ­nez-DĂ­az, J. Ortega-GarcĂ­a, A. Neri, "Template protection for HMM-based on-line signature authentication" in IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops CVPRW, Anchorage, AK (USA), 2008, pp. 1-6.The security of biometric data is a very important issue in the deployment of biometric-based recognition systems. In this paper, we propose a signature-based biometric authentication system, where signal processing techniques are applied to the acquired on-line signature in order to generate protected templates, from which retrieving the original data is computationally as hard as randomly guessing them. A hidden Markov model (HMM)-based matching strategy is employed to compare the transformed signatures. The proposed protected authentication system generates a score as the result of the matching process, thus allowing to implement protected multibiometric recognition systems, through the application of score-fusion techniques. The experimental results show that, at the cost of only a slight performance reduction, the desired protection for the employed biometric templates can be properly achieved

    Protection of privacy in biometric data

    Full text link
    Biometrics is commonly used in many automated veri cation systems offering several advantages over traditional veri cation methods. Since biometric features are associated with individuals, their leakage will violate individuals\u27 privacy, which can cause serious and continued problems as the biometric data from a person are irreplaceable. To protect the biometric data containing privacy information, a number of privacy-preserving biometric schemes (PPBSs) have been developed over the last decade, but they have various drawbacks. The aim of this paper is to provide a comprehensive overview of the existing PPBSs and give guidance for future privacy-preserving biometric research. In particular, we explain the functional mechanisms of popular PPBSs and present the state-of-the-art privacy-preserving biometric methods based on these mechanisms. Furthermore, we discuss the drawbacks of the existing PPBSs and point out the challenges and future research directions in PPBSs

    Biometrics for internet‐of‐things security: A review

    Get PDF
    The large number of Internet‐of‐Things (IoT) devices that need interaction between smart devices and consumers makes security critical to an IoT environment. Biometrics offers an interesting window of opportunity to improve the usability and security of IoT and can play a significant role in securing a wide range of emerging IoT devices to address security challenges. The purpose of this review is to provide a comprehensive survey on the current biometrics research in IoT security, especially focusing on two important aspects, authentication and encryption. Regarding authentication, contemporary biometric‐based authentication systems for IoT are discussed and classified based on different biometric traits and the number of biometric traits employed in the system. As for encryption, biometric‐cryptographic systems, which integrate biometrics with cryptography and take advantage of both to provide enhanced security for IoT, are thoroughly reviewed and discussed. Moreover, challenges arising from applying biometrics to IoT and potential solutions are identified and analyzed. With an insight into the state‐of‐the‐art research in biometrics for IoT security, this review paper helps advance the study in the field and assists researchers in gaining a good understanding of forward‐looking issues and future research directions
    • 

    corecore