0 An Overview on Privacy Preserving Biometrics

The Internet has consolidated itself as a very powerful platform that has changed the communication and business way. Nowadays, the number of users navigating through Internet is about 1,552 millions according to Internet World Stats. This large audience demands online commerce, e-government, knowledge sharing, social networks, online gaming . . . which grew exponentially over the past few years. The security of these transactions is very important considering the number of information that could be intercepted by an attacker. Within this context, authentication is one of the most important challenges in computer security. Indeed, the authentication step is often considered as the weakest link in the security of electronic transactions. In general, the protection of the message content is achieved by using cryptographic protocols that are well known and established. The well-known ID/password is far the most used authentication method, it is widely spread despite its obvious lack of security. This is mainly due to its implementation ease and to its ergonomic feature: the users are used to this system, which enhances its acceptance and deployment. Many more sophisticated solutions exist in the state of the art to secure logical access control (one time passwords tokens, certificates . . . ) but none of them are used by a large community of users for a lack of simplicity usage (O’Gorman, 2003). Among the different authentication methods of an individual, biometrics is often presented as a promising solution. Few people know that biometrics has been used for ages for identification or signature purposes. Fingerprints were already used as a signature for commercial exchanges in Babylon (-3000 before JC). Alphonse Bertillon proposed in 1879 to use anthropometric information for police investigation. Nowadays, all police forces in the world use this kind of information to solve crimes. The first prototypes of terminals providing an automatic processing of the voice and digital fingerprints have been defined in the middle of the years 1970. Today, a large number of biometric systems are used for logical and physical access control applications. This technology possesses many favorable properties. First, there is a strong link between the user and its authenticator. As for example, it is not possible to loose its fingerprint as it could be the case for a token. Second, this solution is very usable: indeed, it is very convenient for a user to authenticate himself/herself by putting his/her finger on a sensor or making a capture of the face. Last, biometrics is an interesting candidate to be a unique user’s authenticator. A study done by NTA group in 2002 (Monitor, 2002) on 500 users showed that there was approximately 21 passwords per user, 81% of them use 4

[1]  Andy Adler,et al.  Biometric System Security , 2008 .

[2]  Vincenzo Piuri,et al.  A privacy-compliant fingerprint recognition system based on homomorphic encryption and Fingercode templates , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[3]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[4]  Sharath Pankanti,et al.  Biometrics: a tool for information security , 2006, IEEE Transactions on Information Forensics and Security.

[5]  Andrew Beng Jin Teoh,et al.  An Integrated Dual Factor Authenticator Based on the Face Data and Tokenised Random Number , 2004, ICBA.

[6]  John Daugman How iris recognition works , 2004 .

[7]  Baptiste Hemery,et al.  Authentification révocable pour la vérification basée texture d'empreintes digitales , 2010 .

[8]  Marina Blanton,et al.  Secure and Efficient Protocols for Iris and Fingerprint Identification , 2011, ESORICS.

[9]  Christoph Schaffer,et al.  The benefit of using SIM application toolkit in the context of near field communication applications , 2007, International Conference on the Management of Mobile Business (ICMB 2007).

[10]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[11]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets , 2006, CRYPTO.

[12]  David Chek Ling Ngo,et al.  PalmHashing: A novel approach for dual-factor authentication , 2004, Pattern Analysis and Applications.

[13]  Anupam Gupta,et al.  An elementary proof of the Johnson-Lindenstrauss Lemma , 1999 .

[14]  Andrew Beng Jin Teoh,et al.  Cancellable biometrics and annotations on BioHash , 2008, Pattern Recognit..

[15]  Andrew Beng Jin Teoh,et al.  Cancellable biometerics featuring with tokenised random number , 2005, Pattern Recognit. Lett..

[16]  David Zhang,et al.  An analysis of BioHashing and its variants , 2006, Pattern Recognit..

[17]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[18]  E. Mordini,et al.  Body, Biometrics and Identity , 2008, Bioethics.

[19]  Andrew Beng Jin Teoh,et al.  Personalised cryptographic key generation based on FaceHashing , 2004, Comput. Secur..

[20]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[21]  Bruce Schneier,et al.  Inside risks: the uses and abuses of biometrics , 1999, CACM.

[22]  Nalini K. Ratha,et al.  Biometric perils and patches , 2002, Pattern Recognit..

[23]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[24]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[25]  Alessandra Lumini,et al.  Fingerprint Image Reconstruction from Standard Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[26]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[27]  Baptiste Hemery,et al.  A study of users' acceptance and satisfaction of biometric systems , 2010, 44th Annual 2010 IEEE International Carnahan Conference on Security Technology.

[28]  Gérard D. Cohen,et al.  Optimal Iris Fuzzy Sketches , 2007, 2007 First IEEE International Conference on Biometrics: Theory, Applications, and Systems.

[29]  Julien Bringer,et al.  An Authentication Protocol with Encrypted Biometric Data , 2008, AFRICACRYPT.

[30]  Benny Pinkas,et al.  SCiFI - A System for Secure Face Identification , 2010, 2010 IEEE Symposium on Security and Privacy.

[31]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[32]  Samuel Kaski,et al.  Dimensionality reduction by random mapping: fast similarity computation for clustering , 1998, 1998 IEEE International Joint Conference on Neural Networks Proceedings. IEEE World Congress on Computational Intelligence (Cat. No.98CH36227).

[33]  Sonali Patil,et al.  Enhancing Security and Privacy in Biometrics Based Authentication System Using Multiple Secret Sharing , 2015, 2015 International Conference on Computing Communication Control and Automation.

[34]  Christophe Rosenberger,et al.  Biohashing for Securing Minutiae Template , 2010, 2010 20th International Conference on Pattern Recognition.

[35]  Anil K. Jain,et al.  FM Model Based Fingerprint Reconstruction from Minutiae Template , 2009, ICB.

[36]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[37]  Michael G. Strintzis,et al.  Face Recognition , 2008, Encyclopedia of Multimedia.

[38]  Alessandra Lumini,et al.  Fake fingertip generation from a minutiae template , 2008, 2008 19th International Conference on Pattern Recognition.

[39]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[40]  Anton H. M. Akkermans,et al.  Face recognition with renewable and privacy preserving binary templates , 2005, Fourth IEEE Workshop on Automatic Identification Advanced Technologies (AutoID'05).

[41]  Loris Nanni,et al.  Empirical tests on BioHashing , 2006, Neurocomputing.

[42]  Qiang Tang,et al.  An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication , 2007, ACISP.

[43]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.