An Overview on Privacy Preserving Biometrics

The Internet has consolidated itself as a very powerful platform that has changed the communication and business way. Nowadays, the number of users navigating through Internet is about 1,552 millions according to Internet World Stats. This large audience demands online commerce, e-government, knowledge sharing, social networks, online gaming . . . which grew exponentially over the past few years. The security of these transactions is very important considering the number of information that could be intercepted by an attacker. Within this context, authentication is one of the most important challenges in computer security. Indeed, the authentication step is often considered as the weakest link in the security of electronic transactions. In general, the protection of the message content is achieved by using cryptographic protocols that are well known and established. The well-known ID/password is far the most used authentication method, it is widely spread despite its obvious lack of security. This is mainly due to its implementation ease and to its ergonomic feature: the users are used to this system, which enhances its acceptance and deployment. Many more sophisticated solutions exist in the state of the art to secure logical access control (one time passwords tokens, certificates . . . ) but none of them are used by a large community of users for a lack of simplicity usage (O'Gorman, 2003)...

[1]  Andy Adler,et al.  Biometric System Security , 2008 .

[2]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[3]  Julien Bringer,et al.  An Authentication Protocol with Encrypted Biometric Data , 2008, AFRICACRYPT.

[4]  Sharath Pankanti,et al.  Biometrics: a tool for information security , 2006, IEEE Transactions on Information Forensics and Security.

[5]  Andrew Beng Jin Teoh,et al.  Cancellable biometerics featuring with tokenised random number , 2005, Pattern Recognit. Lett..

[6]  Andrew Beng Jin Teoh,et al.  An Integrated Dual Factor Authenticator Based on the Face Data and Tokenised Random Number , 2004, ICBA.

[7]  Bruce Schneier,et al.  Inside risks: the uses and abuses of biometrics , 1999, CACM.

[8]  Christoph Schaffer,et al.  The benefit of using SIM application toolkit in the context of near field communication applications , 2007, International Conference on the Management of Mobile Business (ICMB 2007).

[9]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[10]  Baptiste Hemery,et al.  A study of users' acceptance and satisfaction of biometric systems , 2010, 44th Annual 2010 IEEE International Carnahan Conference on Security Technology.

[11]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[12]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[13]  Marina Blanton,et al.  Secure and Efficient Protocols for Iris and Fingerprint Identification , 2011, ESORICS.

[14]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[15]  Baptiste Hemery,et al.  Authentification révocable pour la vérification basée texture d'empreintes digitales , 2010 .

[16]  Alessandra Lumini,et al.  Fake fingertip generation from a minutiae template , 2008, 2008 19th International Conference on Pattern Recognition.

[17]  Louis D. Brandeis,et al.  The Right to Privacy , 1890 .

[18]  Qiang Tang,et al.  An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication , 2007, ACISP.

[19]  Anupam Gupta,et al.  An elementary proof of the Johnson-Lindenstrauss Lemma , 1999 .

[20]  Anton H. M. Akkermans,et al.  Face recognition with renewable and privacy preserving binary templates , 2005, Fourth IEEE Workshop on Automatic Identification Advanced Technologies (AutoID'05).

[21]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[22]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[23]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[24]  Sharath Pankanti,et al.  On the Individuality of Fingerprints , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[25]  Andrew Beng Jin Teoh,et al.  PalmHashing: a novel approach for dual-factor authentication , 2004, Pattern Analysis and Applications.

[26]  Alessandra Lumini,et al.  Fingerprint Image Reconstruction from Standard Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[27]  Nalini K. Ratha,et al.  Biometric perils and patches , 2002, Pattern Recognit..

[28]  Gérard D. Cohen,et al.  Optimal Iris Fuzzy Sketches , 2007, 2007 First IEEE International Conference on Biometrics: Theory, Applications, and Systems.

[29]  Michael G. Strintzis,et al.  Face Recognition , 2008, Encyclopedia of Multimedia.

[30]  Andrew Beng Jin Teoh,et al.  Personalised cryptographic key generation based on FaceHashing , 2004, Comput. Secur..

[31]  Samuel Kaski,et al.  Dimensionality reduction by random mapping: fast similarity computation for clustering , 1998, 1998 IEEE International Joint Conference on Neural Networks Proceedings. IEEE World Congress on Computational Intelligence (Cat. No.98CH36227).

[32]  Raymond N. J. Veldhuis,et al.  Practical Biometric Authentication with Template Protection , 2005, AVBPA.

[33]  Christophe Rosenberger,et al.  Biohashing for Securing Minutiae Template , 2010, 2010 20th International Conference on Pattern Recognition.

[34]  John Daugman How iris recognition works , 2004 .

[35]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[36]  Vincenzo Piuri,et al.  A privacy-compliant fingerprint recognition system based on homomorphic encryption and Fingercode templates , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[37]  Witold Pedrycz,et al.  Face recognition: A study in information fusion using fuzzy integral , 2005, Pattern Recognit. Lett..

[38]  E. Mordini,et al.  Body, Biometrics and Identity , 2008, Bioethics.

[39]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[40]  Benny Pinkas,et al.  SCiFI - A System for Secure Face Identification , 2010, 2010 IEEE Symposium on Security and Privacy.

[41]  David Chek Ling Ngo,et al.  Computation of Cryptographic Keys from Face Biometrics , 2003, Communications and Multimedia Security.

[42]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[43]  Loris Nanni,et al.  Empirical tests on BioHashing , 2006, Neurocomputing.

[44]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[45]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[46]  Anil K. Jain,et al.  FM Model Based Fingerprint Reconstruction from Minutiae Template , 2009, ICB.

[47]  David Zhang,et al.  An analysis of BioHashing and its variants , 2006, Pattern Recognit..

[48]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets , 2006, CRYPTO.

[49]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[50]  Andrew Beng Jin Teoh,et al.  Cancellable biometrics and annotations on BioHash , 2008, Pattern Recognit..

[51]  David Chek Ling Ngo,et al.  PalmHashing: A novel approach for dual-factor authentication , 2004, Pattern Analysis and Applications.

[52]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[53]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.