Abstract
The nonrepudiation of a biometric authentication depends on the authenticity of the corresponding biometric profile. If the enrollment process is not controlled by some trusted entity, a user’s biometric data might be misleadingly linked to another person’s digital identity. To secure the biometric enrollment in open Web-based environments, we propose the biometric observer principle: An arbitrary trustworthy person observes an individual’s enrollment at a biometric identity provider and confirms this to the system. The concept rests on a specified trust model, which assesses the trustworthiness of both the observer and the authenticity of an observed biometric profile. Trust relations between observer and observed persons are managed by the authentication system. We implemented a cloud-based biometric identity provider to validate and demonstrate the proposed concept.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdul-Rahman, A.: The PGP Trust Model. EDI-Forum: The Journal of Electronic Commerce 10(3), 27–31 (1997)
Artz, D., Gil, Y.: A survey of trust in computer science and the semantic web. Web Semant. 5(2), 58–71 (2007)
Bakdi, I.: Benutzerauthentifizierung anhand des Tippverhaltens bei Verwendung fester Eingabetexte. Universitäts Verlag, Regensburg (2007)
Bartmann, D., Bakdi, I., Achatz, M.: On the Design of an Authentication System Based on Keystroke Dynamics Using a Predefined Input Text. International Journal of Information Security and Privacy 1(2), 1–12 (2007)
Bergando, F., Gunetti, D., Picardi, C.: User Authentication through Keystroke Dynamics. ACM TISSEC 5(4), 367–397 (2002)
Bless, R., Mink, S., Blaß, E.-O., Conrad, M., Hof, H.-J., Kutzner, K., Schöller, M.: Sichere Netzwerkkommunikation: Grundlagen, Protokolle und Architekturen. Springer, Berlin (2005)
Brin, S., Page, L.: The anatomy of a large-scale hypertextual web search engine. Comput. Netw. ISDN Syst. 30(1-7), 107–117 (1998)
Dorfner, M.: Evaluation und Weiterentwicklung von Zertifizierungsverfahren für biometrische Systeme: Eine exemplarische Betrachtung von Zertifizierungsverfahren mit dem Schwerpunkt IT-Sicherheit. Schriftenreihe Studien zur Wirtschaftsinformatik, Kovač (2012)
Dotzler, F.: Datenschutzrechtliche Aspekte und der Einsatz biometrischer Systeme in Unternehmen: Eine exemplarische Betrachtung von Systemen auf der Grundlage des biometrischen Merkmals Tippverhalten. Kölner Wissenschaftsverlag, Köln (2010)
Eckert, C.: IT-Sicherheit: Konzepte, Verfahren, Protokolle, 6th edn. Oldenbourg, München (2009)
Gómez Mármol, F., Martínez Pérez, G.: State of the art in trust and reputation models in P2P networks. In: Handbook of Peer-to-Peer Networking, pp. 761–784. Springer (2010)
Grandison, T., Sloman, M.: A survey of trust in internet applications. IEEE Communications Surveys Tutorials 3(4), 2–16 (2000)
Herzig, A., Lorini, E., Huebner, J.F., Vercouter, L.: A logic of trust and reputation. Logic Journal of IGPL 18(1), 214–244 (2010)
Huang, J., Fox, M.S.: An ontology of trust: formal semantics and transitivity. In: Proceedings of the 8th International Conference on Electronic Commerce: The New e-commerce: Innovations for Conquering Current Barriers, Obstacles and Limitations to Conducting Successful Business on the Internet, ICEC 2006, pp. 259–270. ACM, New York (2006)
Jain, A., Flynn, P., Ross, A. (eds.): Handbook of Biometrics. Springer, New York (2007)
Janakiraman, R., Sim, T.: Keystroke Dynamics in a General Setting. In: Lee, S.-W., Li, S.Z. (eds.) ICB 2007. LNCS, vol. 4642, pp. 584–593. Springer, Heidelberg (2007)
Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007)
Mather, T., Kumaraswamy, S., Latif, S.: Cloud security and privacy (an enterprise perspective on risks and compliance), 1st edn. Theory in practice. O’Reilly, Sebastopol (2009)
Oxford Dictionaries (visited on April 15, 2012)
Senk, C., Dotzler, F.: Biometric Authentication as a Service for Enterprise Identity Management Deployment: A Data Protection Perspective. In: Sixth International Conference on Availability, Reliability and Security, ARES 2011, Vienna, Austria, pp. 43–50. IEEE (2011)
Wang, Y.D., Emurian, H.H.: An overview of online trust: Concepts, elements, and implications. Computers in Human Behavior 21, 105–125 (2005)
Work, F., Bonatti, P.A., Shahmehri, N., Duma, C., Olmedilla, D., Nejdl, W., Baldoni, M., Baroglio, C., Martelli, A., Coraggio, P., Antoniou, G., Peer, J., Fuchs, N.E.: Rule-based policy specification: State of the art and future work (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Obergrusberger, F., Baloglu, B., Sänger, J., Senk, C. (2013). Biometric Identity Trust: Toward Secure Biometric Enrollment in Web Environments. In: Yousif, M., Schubert, L. (eds) Cloud Computing. CloudComp 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 112. Springer, Cham. https://doi.org/10.1007/978-3-319-03874-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-03874-2_13
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03873-5
Online ISBN: 978-3-319-03874-2
eBook Packages: Computer ScienceComputer Science (R0)