A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes

With their increasing popularity in cryptosystems, biometrics have attracted more and more attention from the information security community. However, how to handle the relevant privacy concerns remains to be troublesome. In this paper, we propose a novel security model to formalize the privacy concerns in biometric-based remote authentication schemes. Our security model covers a number of practical privacy concerns such as identity privacy and transaction anonymity, which have not been formally considered in the literature. In addition, we propose a general biometric-based remote authentication scheme and prove its security in our security model

Learning Character Strings via Mastermind Queries, with a Case Study Involving mtDNA

We study the degree to which a character string, $Q$, leaks details about itself any time it engages in comparison protocols with a strings provided by a querier, Bob, even if those protocols are cryptographically guaranteed to produce no additional information other than the scores that assess the degree to which $Q$ matches strings offered by Bob. We show that such scenarios allow Bob to play variants of the game of Mastermind with $Q$ so as to learn the complete identity of $Q$. We show that there are a number of efficient implementations for Bob to employ in these Mastermind attacks, depending on knowledge he has about the structure of $Q$, which show how quickly he can determine $Q$. Indeed, we show that Bob can discover $Q$ using a number of rounds of test comparisons that is much smaller than the length of $Q$, under reasonable assumptions regarding the types of scores that are returned by the cryptographic protocols and whether he can use knowledge about the distribution that $Q$ comes from. We also provide the results of a case study we performed on a database of mitochondrial DNA, showing the vulnerability of existing real-world DNA data to the Mastermind attack.Comment: Full version of related paper appearing in IEEE Symposium on Security and Privacy 2009, "The Mastermind Attack on Genomic Data." This version corrects the proofs of what are now Theorems 2 and 4

A Taxonomy of Privacy-Preserving Record Linkage Techniques

The process of identifying which records in two or more databases correspond to the same entity is an important aspect of data quality activities such as data pre-processing and data integration. Known as record linkage, data matching or entity resolution, this process has attracted interest from researchers in fields such as databases and data warehousing, data mining, information systems, and machine learning. Record linkage has various challenges, including scalability to large databases, accurate matching and classification, and privacy and confidentiality. The latter challenge arises because commonly personal identifying data, such as names, addresses and dates of birth of individuals, are used in the linkage process. When databases are linked across organizations, the issue of how to protect the privacy and confidentiality of such sensitive information is crucial to successful application of record linkage. In this paper we present an overview of techniques that allow the linking of databases between organizations while at the same time preserving the privacy of these data. Known as 'privacy-preserving record linkage' (PPRL), various such techniques have been developed. We present a taxonomy of PPRL techniques to characterize these techniques along 15 dimensions, and conduct a survey of PPRL techniques. We then highlight shortcomings of current techniques and discuss avenues for future research

Privacy-Preserving Authentication: A Homomorphic Encryption Approach

The importance of privacy for individuals has become increasingly evident in recent years as the amount of personal data being collected, stored and used by both private companies and government institutions has grown exponentially. The potential for this data to be misused or mishandled has led to widespread concern among individuals about the protection of their personal information. In response to these concerns, there has been a rise in the development of privacy-preserving technologies, which aim to protect personal data while still allowing it to be used for legitimate purposes. These technologies are necessary not only to address the concerns of individuals, but also to meet the legal requirements of institutions that handle personal information. Many applications using personal information as a commodity can benefit from privacy-preserving technologies. The research presented in this thesis targets a commonly used Internet application in which privacy-enhancing technologies can play a key role: biometric-based authentication. Authentication is the establishment of one party’s identity to the other. Biometric data, such as faces, fingerprints or iris, are used more and more commonly as a means of providing personal identification and authentication. However, authentication protocols using biometric data face serious privacy concerns, as the data involved is sensitive or personally-identifiable, which makes it necessary for data holders to protect its privacy. The widespread use of this application, and the need to protect user privacy, motivated us to examine how homomorphic encryption, a privacy-preserving technology, can be used and deployed to enhance privacy in such an application. Homomorphic encryption is a form of encryption that allows arbitrary computations to be performed on encrypted data, resulting in an encrypted result that, when decrypted, is the same as if the computation had been performed on the corresponding cleartext data. This means that entire computational processes can be executed on encrypted data without requiring the decryption key, thereby maintaining the privacy of the data involved. This can address both concerns from individuals regarding the protection of their personal and sensitive data, and legal requirements that institutions must meet. Homomorphic encryption can be used in an authentication protocol to allow a server to verify the authenticity of a client’s credentials without having access to the cleartext values of the credentials. In this thesis, we describe and prove secure two novel biometric-based authentication protocols that use homomorphic encryption to preserve the confidentiality of the biometric data both in storage and during use. These protocols ensure the privacy of the biometric information, while still allowing it to be used for authentication purposes. Users of the protocols encrypt their own biometric data and send it to a remote server that performs computations, including the biometric matching, solely on encrypted data. One of the protocols is designed to protect biometric data privacy against a honest-but-curious server and the other against a malicious server. Additionally, in both cases the user is securely authenticated by the server. For both the protocols, implementation and performance results using public homomorphic encryption libraries are presented along with a security and usability assessment, including an evaluation analysis against industry-standard biometric-based authentication schemes. In the most efficient implementation, the active authentication phase takes no more than three seconds to complete