Homomorphic Encryption for Speaker Recognition: Protection of Biometric Templates and Vendor Model Parameters

Data privacy is crucial when dealing with biometric data. Accounting for the latest European data privacy regulation and payment service directive, biometric template protection is essential for any commercial application. Ensuring unlinkability across biometric service operators, irreversibility of leaked encrypted templates, and renewability of e.g., voice models following the i-vector paradigm, biometric voice-based systems are prepared for the latest EU data privacy legislation. Employing Paillier cryptosystems, Euclidean and cosine comparators are known to ensure data privacy demands, without loss of discrimination nor calibration performance. Bridging gaps from template protection to speaker recognition, two architectures are proposed for the two-covariance comparator, serving as a generative model in this study. The first architecture preserves privacy of biometric data capture subjects. In the second architecture, model parameters of the comparator are encrypted as well, such that biometric service providers can supply the same comparison modules employing different key pairs to multiple biometric service operators. An experimental proof-of-concept and complexity analysis is carried out on the data from the 2013-2014 NIST i-vector machine learning challenge

Integrated Biometric Template Security using Random Rectangular Hashing

Large centralized biometric databases, accessible over networks in real time are especially used for identification purposes. Multimodal biometric systems which are more robust and accurate in human identification require multiple templates storage of the same user analogous to individual biometric sources. This may raises concern about their usage and security when these stored templates are compromised since each person is believed to have a unique biometric trait. Unlike passwords, the biometric templates cannot be revoked and switch to another set of uncompromised identifiers when compromised. Therefore, fool-proof techniques satisfying the requirements of diversity, revocability, security and performance are required to protect stored templates such that both the security of the application and the users2019; privacy are not compromised by the impostor attacks. Thus, this paper proposes a template protection scheme coined as random rectangular hashing to strengthen the multimodal biometric system. The performance of the proposed template protection scheme is measured using the fingerprint FVC2004 and PolyU palmprint database

State of the Art in Biometric Key Binding and Key Generation Schemes

Direct storage of biometric templates in databases exposes the authentication system and legitimate users to numerous security and privacy challenges. Biometric cryptosystems or template protection schemes are used to overcome the security and privacy challenges associated with the use of biometrics as a means of authentication. This paper presents a review of previous works in biometric key binding and key generation schemes. The review focuses on key binding techniques such as biometric encryption, fuzzy commitment scheme, fuzzy vault and shielding function. Two categories of key generation schemes considered are private template and quantization schemes. The paper also discusses the modes of operations, strengths and weaknesses of various kinds of key-based template protection schemes. The goal is to provide the reader with a clear understanding of the current and emerging trends in key-based biometric cryptosystems

THRIVE: Threshold Homomorphic encryption based secure and privacy preserving bIometric VErification system

In this paper, we propose a new biometric verification and template protection system which we call the THRIVE system. The system includes novel enrollment and authentication protocols based on threshold homomorphic cryptosystem where the private key is shared between a user and the verifier. In the THRIVE system, only encrypted binary biometric templates are stored in the database and verification is performed via homomorphically randomized templates, thus, original templates are never revealed during the authentication stage. The THRIVE system is designed for the malicious model where the cheating party may arbitrarily deviate from the protocol specification. Since threshold homomorphic encryption scheme is used, a malicious database owner cannot perform decryption on encrypted templates of the users in the database. Therefore, security of the THRIVE system is enhanced using a two-factor authentication scheme involving the user's private key and the biometric data. We prove security and privacy preservation capability of the proposed system in the simulation-based model with no assumption. The proposed system is suitable for applications where the user does not want to reveal her biometrics to the verifier in plain form but she needs to proof her physical presence by using biometrics. The system can be used with any biometric modality and biometric feature extraction scheme whose output templates can be binarized. The overall connection time for the proposed THRIVE system is estimated to be 336 ms on average for 256-bit biohash vectors on a desktop PC running with quad-core 3.2 GHz CPUs at 10 Mbit/s up/down link connection speed. Consequently, the proposed system can be efficiently used in real life applications

Facebook and Face Recognition: Kinda Cool, Kinda Creepy

Facebook has recently been subject to scrutiny by privacy regulators in Europe, as well as by the US Federal Trade Commission, in relation to the introduction of its 'tag suggest' feature. This feature uses face recognition technology to create a biometric template of users' faces, and had been introduced to Facebook users as a default (opt-out) setting. One outcome of the recent scrutiny has been the temporary deactivation of the tag suggest feature. However, there is every indication that Facebook intends to re-introduce the feature in the not too distant future. This article canvasses some of the privacy implications of face recognition technology, particularly as it is used by Facebook, and in the private sector generally. Legal implications of Facebook's use of biometric templates and the generation and use of biometric information are considered by reference to the Privacy Act 1988 (Cth) as recently amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). In particular, the threshold issue of the application of Australia's federal information privacy laws to overseas organisations that have no presence in Australia and do not have servers in the country is considered. Definitional issues around the fundamental terms 'collect' and 'receive', as used in the amended Privacy Act, are also discussed, along with an overview of possible compliance risks for F11cebook arising from Australia's information privacy regime. Finally, the article offers some reflections on the efficacy ofAustralian information privacy laws in regulating the creation and use of biometric face templates and associated information in the social media context

Pseudo Identities Based on Fingerprint Characteristics

This paper presents the integrated project TURBINE which is funded under the EU 7th research framework programme. This research is a multi-disciplinary effort on privacy enhancing technology, combining innovative developments in cryptography and fingerprint recognition. The objective of this project is to provide a breakthrough in electronic authentication for various applications in the physical world and on the Internet. On the one hand it will provide secure identity verification thanks to fingerprint recognition. On the other hand it will reliably protect the biometric data through advanced cryptography technology. In concrete terms, it will provide the assurance that (i) the data used for the authentication, generated from the fingerprint, cannot be used to restore the original fingerprint sample, (ii) the individual will be able to create different "pseudo-identities" for different applications with the same fingerprint, whilst ensuring that these different identities (and hence the related personal data) cannot be linked to each other, and (iii) the individual is enabled to revoke an biometric identifier (pseudo-identity) for a given application in case it should not be used anymore