Enhancing the privacy of electronic passports

We address in this paper the problem of privacy in the current architecture in electronic passports for the storage and transmission of biometric data such as fingerprints. The current architecture provides a good protection of biometric personal data but brute force attack could be used in the near future using cloud computing. We propose a new solution combining cryptographic protocols and cancellable biometrics to solve this problem. The biocode of an individual is protected by cryptographic keys exchanged by the PACE protocol. We put into obviousness the benefit of the proposed solution in terms of security and privacy.

[1]  Gérard D. Cohen,et al.  Optimal Iris Fuzzy Sketches , 2007, 2007 First IEEE International Conference on Biometrics: Theory, Applications, and Systems.

[2]  Tran Huy Dat,et al.  Heart sound as a biometric , 2008, Pattern Recognit..

[3]  David Chek Ling Ngo,et al.  Computation of Cryptographic Keys from Face Biometrics , 2003, Communications and Multimedia Security.

[4]  Christophe Rosenberger,et al.  Palm Vein Verification System Based on SIFT Matching , 2009, ICB.

[5]  Serge Vaudenay,et al.  The Extended Access Control for Machine Readable Travel Documents , 2009, BIOSIG.

[6]  Anil K. Jain,et al.  Securing Fingerprint Template: Fuzzy Vault with Helper Data , 2006, 2006 Conference on Computer Vision and Pattern Recognition Workshop (CVPRW'06).

[7]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[8]  Bernadette Dorizzi,et al.  Cancelable iris biometrics and using Error Correcting Codes to reduce variability in biometric data , 2009, 2009 IEEE Conference on Computer Vision and Pattern Recognition.

[9]  Huaxiong Wang,et al.  An On-Line Secure E-Passport Protocol , 2008, ISPEC.

[10]  Christophe Rosenberger,et al.  A Study on the Convergence of FingerHashing and a Secured Biometric System , 2009, CIIA.

[11]  Mohamed Abid,et al.  Secure E-Passport Protocol Using Elliptic Curve Diffie-Hellman Key Agreement Protocol , 2008, 2008 The Fourth International Conference on Information Assurance and Security.

[12]  Jean-Jacques Quisquater,et al.  ePassport: Securing International Contacts with Contactless Chips , 2008, Financial Cryptography.

[13]  Martin Hlavác,et al.  A Note on the Relay Attacks on e-passports: The Case of Czech e-passports , 2007, IACR Cryptol. ePrint Arch..

[14]  Tom Chothia,et al.  A Traceability Attack against e-Passports , 2010, Financial Cryptography.

[15]  Christophe Rosenberger,et al.  Keystroke dynamics with low constraints SVM based passphrase enrollment , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[16]  Loris Nanni,et al.  An improved BioHashing for human authentication , 2007, Pattern Recognit..

[17]  David A. Wagner,et al.  Security and Privacy Issues in E-passports , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[18]  Rishab Nithyanand A Survey on the Evolution of Cryptographic Protocols in ePassports , 2009, IACR Cryptol. ePrint Arch..

[19]  Terrance E. Boult,et al.  Revocable fingerprint biotokens: accuracy and security analysis , 2007, 2007 IEEE Conference on Computer Vision and Pattern Recognition.

[20]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.