A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes

With their increasing popularity in cryptosystems, biometrics have attracted more and more attention from the information security community. However, how to handle the relevant privacy concerns remains to be troublesome. In this paper, we propose a novel security model to formalize the privacy concerns in biometric-based remote authentication schemes. Our security model covers a number of practical privacy concerns such as identity privacy and transaction anonymity, which have not been formally considered in the literature. In addition, we propose a general biometric-based remote authentication scheme and prove its security in our security model

An improved Framework for Biometric Database’s privacy

Security and privacy are huge challenges in biometric systems. Biometrics are sensitive data that should be protected from any attacker and especially attackers targeting the confidentiality and integrity of biometric data. In this paper an extensive review of different physiological biometric techniques is provided. A comparative analysis of the various sus mentioned biometrics, including characteristics and properties is conducted. Qualitative and quantitative evaluation of the most relevant physiological biometrics is achieved. Furthermore, we propose a new framework for biometric database privacy. Our approach is based on the use of the promising fully homomorphic encryption technology. As a proof of concept, we establish an initial implementation of our security module using JAVA programming language

Privacy-Preserving Facial Recognition Using Biometric-Capsules

Indiana University-Purdue University Indianapolis (IUPUI)In recent years, developers have used the proliferation of biometric sensors in smart devices, along with recent advances in deep learning, to implement an array of biometrics-based recognition systems. Though these systems demonstrate remarkable performance and have seen wide acceptance, they present unique and pressing security and privacy concerns. One proposed method which addresses these concerns is the elegant, fusion-based Biometric-Capsule (BC) scheme. The BC scheme is provably secure, privacy-preserving, cancellable and interoperable in its secure feature fusion design. In this work, we demonstrate that the BC scheme is uniquely fit to secure state-of-the-art facial verification, authentication and identification systems. We compare the performance of unsecured, underlying biometrics systems to the performance of the BC-embedded systems in order to directly demonstrate the minimal effects of the privacy-preserving BC scheme on underlying system performance. Notably, we demonstrate that, when seamlessly embedded into a state-of-the-art FaceNet and ArcFace verification systems which achieve accuracies of 97.18% and 99.75% on the benchmark LFW dataset, the BC-embedded systems are able to achieve accuracies of 95.13% and 99.13% respectively. Furthermore, we also demonstrate that the BC scheme outperforms or performs as well as several other proposed secure biometric methods

Revocable, Interoperable and User-Centric (Active) Authentication Across Cyberspace

This work addresses fundamental and challenging user authentication and universal identity issues and solves the problems of system usability, authentication data security, user privacy, irrevocability, interoperability, cross-matching attacks, and post-login authentication breaches associated with existing authentication systems. It developed a solid user-centric biometrics based authentication model, called Bio-Capsule (BC), and implemented an (active) authentication system. BC is the template derived from the (secure) fusion of a user’s biometrics and that of a Reference Subject (RS). RS is simply a physical object such as a doll or an artificial one, such as an image. It is users’ BCs, rather than original biometric templates, that are utilized for user authentication and identification. The implemented (active) authentication system will facilitate and safely protect individuals’ diffused cyber activities, which is particularly important nowadays, when people are immersed in cyberspace. User authentication is the first guard of any trustworthy computing system. Along with people’s immersion in the penetrated cyber space integrated with information, networked systems, applications and mobility, universal identity security& management and active authentication become of paramount importance for cyber security and user privacy. Each of three typical existing authentication methods, what you KNOW (Password/PIN), HAVE (SmartCard), and ARE (Fingerprint/Face/Iris) and their combinations, suffer from their own inherent problems. For example, biometrics is becoming a promising authentication/identification method because it binds an individual with his identity, is resistant to losses, and does not need to memorize/carry. However, biometrics introduces its own challenges. One serious problem with biometrics is that biometric templates are hard to be replaced once compromised. In addition, biometrics may disclose user’s sensitive information (such as race, gender, even health condition), thus creating user privacy concerns. In the recent years, there has been intensive research addressing biometric template security and replaceability, such as cancelable biometrics and Biometric Cryptosystems. Unfortunately, these approaches do not fully exploit biometric advantages (e.g., requiring a PIN), reduce authentication accuracy, and/or suffer from possible attacks. The proposed approach is the first elegant solution to effectively address irreplaceability, privacy-preserving, and interoperability of both login and after-login authentication. Our methodology preserves biometrics’ robustness and accuracy, without sacrificing system acceptability for the same user, and distinguishability between different users. Biometric features cannot be recovered from the user’s Biometric Capsule or Reference Subject, even when both are stolen. The proposed model can be applied at the signal, feature, or template levels, and facilitates integration with new biometric identification methods to further enhance authentication performance. Moreover, the proposed active, non-intrusive authentication is not only scalable, but also particularly suitable to emerging portable, mobile computing devices. In summary, the proposed approach is (i) usercentric, i.e., highly user friendly without additional burden on users, (ii) provably secure and resistant to attacks including cross-matching attacks, (iii) identity-bearing and privacy-preserving, (iv) replaceable, once Biometric Capsule is compromised, (v) scalable and highly adaptable, (vi) interoperable and single signing on across systems, and (vii) cost-effective and easy to use

Biometric Identification, Law and Ethics

This book undertakes a multifaceted and integrated examination of biometric identification, including the current state of the technology, how it is being used, the key ethical issues, and the implications for law and regulation. The five chapters examine the main forms of contemporary biometrics–fingerprint recognition, facial recognition and DNA identification– as well the integration of biometric data with other forms of personal data, analyses key ethical concepts in play, including privacy, individual autonomy, collective responsibility, and joint ownership rights, and proposes a raft of principles to guide the regulation of biometrics in liberal democracies.Biometric identification technology is developing rapidly and being implemented more widely, along with other forms of information technology. As products, services and communication moves online, digital identity and security is becoming more important. Biometric identification facilitates this transition. Citizens now use biometrics to access a smartphone or obtain a passport; law enforcement agencies use biometrics in association with CCTV to identify a terrorist in a crowd, or identify a suspect via their fingerprints or DNA; and companies use biometrics to identify their customers and employees. In some cases the use of biometrics is governed by law, in others the technology has developed and been implemented so quickly that, perhaps because it has been viewed as a valuable security enhancement, laws regulating its use have often not been updated to reflect new applications. However, the technology associated with biometrics raises significant ethical problems, including in relation to individual privacy, ownership of biometric data, dual use and, more generally, as is illustrated by the increasing use of biometrics in authoritarian states such as China, the potential for unregulated biometrics to undermine fundamental principles of liberal democracy. Resolving these ethical problems is a vital step towards more effective regulation.Ethics & Philosophy of Technolog

Biometrics in the hotel industry: Issues that impact customers\u27 acceptance

Loss from identity theft and related fraud is growing each year. Accordingly, customers are more open to new methods of identification verification. Biometrics, such as fingerprint identification, are good examples of innovative methods to increase not only convenience but also data security and physical security for hotel customers. However, there are concerns about customer behaviors toward this new technology. This study presented current uses of biometrics with special reference to fingerprint technology, addressed customer behaviors toward new technology, and identified factors that impact customer behaviors toward biometrics. Self-administrated questionnaires were provided using the interactive TV survey system of a major Las Vegas hotel. The study found (1) significant linear relationships between the four examined variables (convenience, physical security, data security, and personal privacy) and the dependent variable (acceptance level) and (2) significantly different responses based on the participants\u27 gender and type of hotel they usually stay in