Biometric Identity Trust: Toward Secure Biometric Enrollment in Web Environments

The nonrepudiation of a biometric authentication depends on the authenticity of the corresponding biometric profile. If the enrollment process is not controlled by some trusted entity, a user’s biometric data might be misleadingly linked to another person’s digital identity. To secure the biometric enrollment in open Web-based environments, we propose the biometric observer principle: An arbitrary trustworthy person observes an individual’s enrollment at a biometric identity provider and confirms this to the system. The concept rests on a specified trust model, which assesses the trustworthiness of both the observer and the authenticity of an observed biometric profile. Trust relations between observer and observed persons are managed by the authentication system. We implemented a cloud-based biometric identity provider to validate and demonstrate the proposed concept.

[1]  Arun Ross,et al.  Handbook of Biometrics , 2007 .

[2]  Alberto Martelli,et al.  Rule-based Policy Specification : State of the Art and Future Work , 2004 .

[3]  Yolanda Gil,et al.  A survey of trust in computer science and the Semantic Web , 2007, J. Web Semant..

[4]  Terence Sim,et al.  Keystroke Dynamics in a General Setting , 2007, ICB.

[5]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[6]  Matthias Dorfner Evaluation und Weiterentwicklung von Zertifizierungsverfahren für biometrische Systeme: eine exemplarische Betrachtung von Zertifizierungsverfahren mit dem Schwerpunkt IT-Sicherheit , 2012 .

[7]  Sergey Brin,et al.  The Anatomy of a Large-Scale Hypertextual Web Search Engine , 1998, Comput. Networks.

[8]  Mark S. Fox,et al.  Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet , 2006 .

[9]  Henry H. Emurian,et al.  An overview of online trust: Concepts, elements, and implications , 2005, Comput. Hum. Behav..

[10]  Claudia Picardi,et al.  User authentication through keystroke dynamics , 2002, TSEC.

[11]  Félix Gómez Mármol,et al.  State of the Art in Trust and Reputation Models in P2P networks , 2010 .

[12]  Alice Bob,et al.  The PGP Trust Model , 2005 .

[13]  Mark S. Fox,et al.  An ontology of trust: formal semantics and transitivity , 2006, ICEC '06.

[14]  Emiliano Lorini,et al.  A logic of trust and reputation , 2010, Log. J. IGPL.

[15]  Florian Dotzler Datenschutzrechtliche Aspekte und der Einsatz biometrischer Systeme in Unternehmen: Eine exemplarische Betrachtung von Systemen auf der Grundlage des biometrischen Merkmals Tippverhalten , 2010 .

[16]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[17]  Michael Achatz,et al.  On the Design of an Authentication System Based on Keystroke Dynamics Using a Predefined Input Text , 2007, Int. J. Inf. Secur. Priv..

[18]  Christian Senk,et al.  Biometric authentication as a service for enterprise identity management deployment: a data protection perspective , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[19]  Idir Bakdi Benutzerauthentifizierung anhand des Tippverhaltens bei Verwendung fester Eingabetexte , 2007 .

[20]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..