Performance Impacts in Database Privacy-Preserving Biometric Authentication

Nowadays, biometric data are more and more used within authentication processes. These data are often stored in databases. However, these data underlie inherent privacy concerns. Therefore, special attention should be paid for handling of these data. We propose an extension of a similarity verification system with the help of the Paillier cryptosystem. In this paper, we use this system for signal processing in the encrypted domain for privacy-preserving biometric authentication. We adapt a biometric authentication system for enhancing privacy. We focus on performance issues with respect to database response time for our authentication process. Although encryption implicates computational effort, we show that only small computational overhead is required. Furthermore, we evaluate our implementation with respect to performance. However, the concept of verification of encrypted biometric data comes at the cost of increased computational effort in contrast to already available biometric systems. Nevertheless, currently available systems lack privacy enhancing technologies. Our findings emphasize that a focus on privacy in the context of user authentication is available. This solution leads to user-centric applications regarding authentication. As an additional benefit, results using data mining are more difficult to be obtained in the domain of user tracking.

[1]  K. Srinathan,et al.  Efficient Biometric Verification in Encrypted Domain , 2009, ICB.

[2]  Martin Schäler,et al.  Toward variability management to tailor high dimensional index implementations , 2014, 2014 IEEE Eighth International Conference on Research Challenges in Information Science (RCIS).

[3]  Craig Gentry,et al.  Computing arbitrary functions of encrypted data , 2010, CACM.

[4]  Gunter Saake,et al.  Privacy-Aware Multidimensional Indexing , 2013, BTW.

[5]  Jana Dittmann,et al.  Taxonomy for Computer Security Incidents , 2007 .

[6]  Gunter Saake,et al.  QuEval: Beyond high-dimensional indexing a la carte , 2013, Proc. VLDB Endow..

[7]  Carsten Binnig,et al.  Query Processing on Encrypted Data in the Cloud by , 2011 .

[8]  John Daugman How iris recognition works , 2004 .

[9]  Rudolf Bayer,et al.  Organization and maintenance of large ordered indexes , 1972, Acta Informatica.

[10]  Gunter Saake,et al.  Challenges in Finding an Appropriate Multi-Dimensional Index Structure with Respect to Specific Use Cases , 2012, Grundlagen von Datenbanken.

[11]  Arun Ross,et al.  Biometric template security: Challenges and solutions , 2005, 2005 13th European Signal Processing Conference.

[12]  Gerome Miklau,et al.  Threats to privacy in the forensic analysis of database systems , 2007, SIGMOD '07.

[13]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[14]  Hans-Peter Kriegel,et al.  The pyramid-technique: towards breaking the curse of dimensionality , 1998, SIGMOD '98.

[15]  Martin Schäler,et al.  Secure Deletion: Towards Tailor-Made Privacy in Database Systems , 2013, BTW Workshops.

[16]  Yücel Saygin,et al.  Privacy Preserving Clustering on Horizontally Partitioned Data , 2006, 22nd International Conference on Data Engineering Workshops (ICDEW'06).

[17]  Antonin Guttman,et al.  R-trees: a dynamic index structure for spatial searching , 1984, SIGMOD '84.

[18]  Stefan Katzenbeisser,et al.  Design Aspects of Secure Biometric Systems and Biometrics in the Encrypted Domain , 2013, Security and Privacy in Biometrics.

[19]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[20]  Douglas Comer,et al.  Ubiquitous B-Tree , 1979, CSUR.

[21]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[22]  Divyakant Agrawal,et al.  Privacy preserving decision tree learning over multiple parties , 2007, Data Knowl. Eng..

[23]  Sheng Zhong,et al.  Two methods for privacy preserving data mining with malicious participants , 2007, Inf. Sci..

[24]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[25]  Claus Vielhauer Biometric User Authentication for it Security - From Fundamentals to Handwriting , 2006, Advances in Information Security.