Advertisement

Security and Privacy in Biometrics: Towards a Holistic Approach

  • Patrizio Campisi

Abstract

Security and privacy in biometric systems have been traditionally seen as two requirements hindering each other. Only in the recent past researchers have started investigating it as a joint optimization problem which needs to be tackled from both a legal, procedural, and a technological point of view. Therefore in this chapter we take a holistic approach and we introduce some basics about the privacy and the security issues which can affect a biometric system and some possible mitigation approaches, both procedural and technological, that can help in designing secure and privacy compliant biometric based recognition systems.

Keywords

Biometric Data Biometric System False Acceptance Rate Privacy Risk Biometric Template 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Privacy & biometrics building a conceptual foundation. NSTC, Committee on Technology, Committee on Homeland and National Security, Subcommittee on Biometrics. Tech rep, September 2006 Google Scholar
  2. 2.
    Woodward JJD (2008) The law and use of biometrics. In: Jain AK, Flynn P, Ross AA (eds) Handbook of Biometrics. Springer, New York Google Scholar
  3. 3.
    Guidelines on the protection of privacy and transborder flows of personal data. OECD (Organisation for Economic Co-operation and Development), Paris, France. Tech rep, 1980 (accessed in December 2012). [Online]. Available: www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html
  4. 4.
    Privacy technology implementation guide. Homeland security. Tech rep, 16 August 2007 (accessed in December 2012). [Online]. Available: http://www.dhs.gov/xlibrary/assets/privacy/privacy/guide/ptig.pdf
  5. 5.
    Article 29—data protection working party 2003, working document on biometrics 12168/02/en. Tech rep Google Scholar
  6. 6.
    Mordini E (2008) Biometrics, human body and medicine: a controversial history. In: Duquenoy P, George C, Kimppa K (eds) Ethical, Legal and Social Issues in Medical Informatics. Idea Group Inc, Hershey Google Scholar
  7. 7.
    Biometric security concerns. UK biometric working group. Tech rep, September 2003 Google Scholar
  8. 8.
    Ratha N, Connell J, Bolle R (2001) Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 40(3):614–634 CrossRefGoogle Scholar
  9. 9.
    Uludag U, Jain A (2003) Attacks on biometric systems: a case study in fingerprints. In: Proc SPIE-EI 2004, Security, Steganography and Watermarking of Multimedia Contents VI, 18–22 January 2003, pp 622–633 Google Scholar
  10. 10.
    Jain AK, Nandakumar K, Nagar A (2008) Biometric template security. EURASIP Journal on Advances in Signal Processing 2008 Google Scholar
  11. 11.
    Roberts C (2006) Biometric attack vectors and defences. Computers & Security 26(1) Google Scholar
  12. 12.
    INCITS-M1/07-0185rev, Study report on biometrics in e-authentication. InterNational Committee for Information Technology Standards, INCITS Secretariat, Information Technology Industry Council (ITI). Tech rep, 30 March 2007 (accessed in December 2012). [Online]. Available: http://standards.incits.org/apps/group_public/download.php/24528/m1070185rev.pdf
  13. 13.
    Adler A (2003) Can images be regenerated from biometric templates? In: Proc Biometrics Consortium Conference, September 2003 Google Scholar
  14. 14.
    Ross A, Nandakumar K, Jain AK (2006) Handbook of Multibiometrics. Springer, Berlin Google Scholar
  15. 15.
    Cavoukian BA, Stoianov A (2007) Biometric encryption: a positive-sum technology that achieves strong authentication, security and privacy, Toronto, Canada. Tech rep, 2007 (accessed in December 2012). [Online]. Available: www.ipc.on.ca
  16. 16.
    Tuyls P, Skoric B, Kevenaar T (2007) Security with Noisy Data. Privacy Biometrics, Secure Key Storage and Anti-counterfeiting. Springer, Berlin CrossRefGoogle Scholar
  17. 17.
    Ross A, Shah J, Jain AK (2007) From template to image: reconstructing fingerprints from minutiae points. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(4):544–560 CrossRefGoogle Scholar
  18. 18.
    Breebaart J, Busch C, Grave J, Kindt E (2008) A reference architecture for biometric template protection based on pseudo identities. In: BIOSIG, Darmstadt, Germany, September 2008 Google Scholar
  19. 19.
    Savvides M, Vijaya Kumar BVK, Khosla PK (2004) Cancelable biometric filters for face recognition. In: Proceedings of the 17th International Conference on Pattern Recognition, ICPR 2004, vol 3, Cambridge, UK, August 2004, pp 922–925 CrossRefGoogle Scholar
  20. 20.
    Ang R, Safavi-Naini R, McAven L (2005) Cancelable key-based fingerprint templates. In: ACISP. Lecture Notes on Computer Science, vol 3574, pp 242–252 Google Scholar
  21. 21.
    Ratha NK, Chikkerur S, Connell JH, Bolle RM (2007) Generating cancelable fingerprint templates. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(4):561–572 CrossRefGoogle Scholar
  22. 22.
    Quan F, Fei S, Anni C, Feifei Z (2008) Cracking cancelable fingerprint template of Ratha. In: International Symposium on Computer Science and Computational Technology, ISCSCT’08, Shanghai, China, December 2008, pp 572–575 CrossRefGoogle Scholar
  23. 23.
    Chikkerur S, Ratha N, Connell J, Bolle R (2008) Generating registration-free cancelable fingerprint templates. In: IEEE Second International Conference on Biometrics: Theory, Applications and Systems, BTAS’08, Washington, DC, USA, 28 September–1 October 2008 Google Scholar
  24. 24.
    Xu W, He Q, Li Y, Li T (2008) Cancelable voiceprint templates based on knowledge signatures. In: Proceedings of the 2008 International Symposium on Electronic Commerce and Security, ISECS’08, Guangzhou, China, August 2008 Google Scholar
  25. 25.
    Maiorana E, Martinez-Diaz M, Campisi P, Ortega-Garcia J, Neri A (2008) Template protection for hmm-based on-line signature authentication. In: IEEE Intl Conf on Computer Vision and Pattern Recognition, Anchorage, Alaska, USA, 23–28 June 2008 Google Scholar
  26. 26.
    Maiorana E, Campisi P, Fierrez J, Ortega-Garcia J, Neri A (2010) Cancelable templates for sequence based biometrics with application to on-line signature recognition. IEEE Transactions on Systems, Man and Cybernetics. Part A 40(3):525–538 CrossRefGoogle Scholar
  27. 27.
    Ballard L, Kamara S, Reiter M (2008) The practical subtleties of biometric key generation. In: 17th Annual USENIX Security Symposium, San Jose, CA, USA, 28 July–1 August 2008 Google Scholar
  28. 28.
    Monrose F, Reiter M, Li Q, Wetzel S (2001) Cryptographic key generation from voice. In: IEEE Symp on Security and Privacy, Oakland, CA, USA, May 2001 Google Scholar
  29. 29.
    Goh A, Ngo D (2003) Computation of cryptographic keys from face biometrics. In: International Federation for Information Processing. Lecture Notes on Computer Science, vol 2828 Google Scholar
  30. 30.
    Vielhauer C, Steinmetz R, Mayerhoefer A (2002) Biometric hash based on statistical features of online signatures. In: 21st International Conference on Pattern Recognition, ICPR 2012, Tsukuba Science City, Japan, November 2012 Google Scholar
  31. 31.
    Vielhauer C, Steinmetz R (2004) Handwriting: feature correlation analysis for biometric hashes. EURASIP Journal on Applied Signal Processing 4:542–558. Special issue on biometric signal processing Google Scholar
  32. 32.
    Feng H, Chan C (2002) Private key generation from on-line handwritten signatures. In: Information Management and Computer Security, pp 159–164 Google Scholar
  33. 33.
    Kuan Y, Goh A, Ngo D, Teoh A (2005) Cryptographic keys from dynamic hand-signatures with biometric secrecy preservation and replaceability. In: Proc Fourth IEEE Workshop on Automatic Identification Advanced Technologies, AUTO ID 2005, Buffalo, New York, USA, October 2005, pp 27–32 CrossRefGoogle Scholar
  34. 34.
    Freire M, Fierrez J, Galbally J, Ortega-Garcia J (2007) Biometric hashing based on genetic selection and its application to on-line signatures. In: Lecture Notes on Computer Science, vol 4642, pp 1134–1143 Google Scholar
  35. 35.
    Ballard L, Kamara S, Monrose F, Reiter MK (2008) Towards practical biometric key generation with randomized biometric templates. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS’08, Alexandria, VA, USA, October 2008 Google Scholar
  36. 36.
    Rathgeb C, Uhl A (2010) Privacy preserving key generation for iris biometrics. In: Proceedings of the 11th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security, CMS’10, Linz, Austria, 31 May–2 June 2010 Google Scholar
  37. 37.
    Juels A, Wattenberg M (1999) A fuzzy commitment scheme. In: Proc ACM Conf on Computer and Communications Security, CCS99, Singapore, November 1999, pp 28–36 Google Scholar
  38. 38.
    Davida G, Frankel Y, Matt B, Peralta R (1999) On the relation of error correction and cryptography to an off line biometric based identification scheme. In: Proceedings of WCC99, Workshop on coding and cryptography, Paris, France, January 1999 Google Scholar
  39. 39.
    Juels A, Sudan M (2002) A fuzzy vault scheme. In: IEEE Intl Symp on Information Theory, ISIT 2002, Lausanne, Switzerland, 30 June–5 July 2002 Google Scholar
  40. 40.
    Tuyls P, Verbitsky E, Ignatenko T, Schobben D, Akkermans A (2004) Privacy protected biometric templates: acoustic ear identification. In: Proceedings SPIE, Biometric Technology for Human Identification, vol 5404, Orlando, FL, USA, April 2004, pp 176–182 CrossRefGoogle Scholar
  41. 41.
    Tuyls P, Akkermans A, Kevenaar T, Schrijen G, Bazen A, Veldhuis R (2005) Practical biometric authentication with template protection. In: AVBPA, Rye Brook, NY, USA, pp 436–446 Google Scholar
  42. 42.
    Nandakumar K (2010) A fingerprint cryptosystem based on minutiae phase spectrum. In: IEEE International Workshop on Information Forensics and Security, WIFS10, Seattle, USA, December 2010 Google Scholar
  43. 43.
    Van der Veen M, Kevenaar T, Schrijen G-J, Akkermans T, Zuo F (2006) Face biometrics Brazil, with renewable templates. In: SPIE Proc on Security, Steganography, and Watermarking of Multimedia Contents, vol 6072, San Jose, CA, USA, January 2005 Google Scholar
  44. 44.
    Kelkboom E, Gökberk B, Kevenaar T, Akkermans AHM, Van der Veen M (2007) 3d face: biometrics template protection for 3d face recognition. In: Lecture Notes on Computer Science, vol 4642, pp 566–573 Google Scholar
  45. 45.
    Hao F, Anderson R, Daugman J (2006) Combining crypto with biometrics effectively. IEEE Transactions on Computers 55:1081–1088 CrossRefGoogle Scholar
  46. 46.
    Rathgeb C, Uhl A (2009) Systematic construction of iris-based fuzzy commitment schemes. In: Proceedings of the Third International Conference on Advances in Biometrics, ICB’09, Alghero, Italy, June 2009 Google Scholar
  47. 47.
    Maiorana E, Campisi P, Neri A (2008) User adaptive fuzzy commitment for signature templates protection and renewability. SPIE Journal of Electronic Imaging 17(1), January–March. Special section on biometrics: advances in security, usability and interoperability Google Scholar
  48. 48.
    Maiorana E, Campisi P (2010) Fuzzy commitment for function based signature template protection. IEEE Signal Processing Letters 17(3):249–252 CrossRefGoogle Scholar
  49. 49.
    Uludag U, Jain A (2004) Fuzzy fingerprint vault. In: Workshop on Biometrics: Challenges Arising from Theory to Practice, August 2004, pp 13–16 Google Scholar
  50. 50.
    Yang S, Verbauwhede I (2005) Automatic secure fingerprint verification system based on fuzzy vault scheme. In: IEEE Intl Conf on Acoustics, Speech, and Signal Processing, ICASSP 2005, Philadelphia, PA, USA, March 2005, pp 609–612 CrossRefGoogle Scholar
  51. 51.
    Nandakumar K, Jain A, Pankati S (2007) Fingerprint–based fuzzy vault: implementation and performance. IEEE Transactions on Information Forensics and Security 2(4):744–757 CrossRefGoogle Scholar
  52. 52.
    Freire M, Fierrez J, Martinez-Diaz M, Ortega-Garcia J (2007) On the applicability of off-line signatures to the fuzzy vault construction. In: Proc Intl Conf on Document Analysis and Recognition, ICDAR 2007, Brazil, September 2007 Google Scholar
  53. 53.
    Nyang D, Lee KH (2007) Fuzzy face vault: how to implement fuzzy vault with weighted features. In: Proceedings of the 4th International Conference on Universal Access in Human Computer Interaction: Coping with Diversity, UAHCI’07, Beijing, China Google Scholar
  54. 54.
    Lee Y, Bae K, Lee S, Park K, Kim J (2007) Biometric key binding: fuzzy vault based on iris images. In: Lecture Notes on Computer Science, vol 4642. Springer, Berlin, pp 800–808 Google Scholar
  55. 55.
    Kumar A, Kumar A (2009) Development of a new cryptographic construct using palmprint-based fuzzy vault. EURASIP Journal on Advances in Signal Processing 2009 Google Scholar
  56. 56.
    Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Eurocrypt. Lecture Notes on Computer Science, vol 3027. Springer, Berlin, pp 523–540 Google Scholar
  57. 57.
    Sutcu Y, Li Q, Memon N (2007) Protecting biometric templates with sketch: theory and practice. IEEE Transactions on Information Forensics and Security 2(3):503–512 CrossRefGoogle Scholar
  58. 58.
    Li Q, Guo M, Chang E-C (2008) Fuzzy extractors for asymmetric biometric representations. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, CVPRW’08, Anchorage, AK, USA, June 2008 Google Scholar
  59. 59.
    Buhan I, Doumen J, Hartel P, Veldhuis R (2007) Fuzzy extractors for continuous distributions. In: 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS), Singapore, March 2007, pp 353–355 CrossRefGoogle Scholar
  60. 60.
    Sutcu Y, Li Q, Memon N (2009) Design and analysis of fuzzy extractors for faces. In: Proc SPIE Optics and Photonics in Global Homeland Security V and Biometric Technology for Human Identification VI, vol 7306, Orlando, Florida, USA, April 2009 Google Scholar
  61. 61.
    Ignatenko T, Willems F (2010) Information leakage in fuzzy commitment schemes. IEEE Transactions on Information Forensics and Security 5(2):337–348 CrossRefGoogle Scholar
  62. 62.
    Zhou X, Kuijper A, Veldhuis R, Busch C (2011) Quantifying privacy and security of biometric fuzzy commitment. In: International Joint Conference on Biometrics, IJCB 11, Washington, DC, USA, October 2011 Google Scholar
  63. 63.
    Kelkboom E, Breebaart J, Kevenaar T, Buhan I, Veldhuis R (2011) Preventing the decodability attack based cross-matching in a fuzzy commitment scheme. IEEE Transactions on Information Forensics and Security 6(1):107–121 CrossRefGoogle Scholar
  64. 64.
    Zhou X, Kuijper A, Busch C (2012) Retrieving secrets from iris fuzzy commitment. In: International Conference on Biometrics, ICB 12, New Delhi, India, 29 March–1 April 2012 Google Scholar
  65. 65.
    Chang E-C, Shen R, Teo FW (2006) Finding the original point set hidden among chaff. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS’06, Taipei, Taiwan, March 2006, pp 182–188 CrossRefGoogle Scholar
  66. 66.
    Scheirer W, Boult T (2007) Cracking fuzzy vaults and biometric encryption. In: Biometrics Symposium, Baltimore, MD, USA, September 2007 Google Scholar
  67. 67.
    Kholmatov A, Yanikoglu B (2008) Realization of correlation attack against the fuzzy vault scheme. In: SPIE Symp Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, vol 6819, San Jose, CA, USA, January 2008 Google Scholar
  68. 68.
    Boyen X (2004) Reusable cryptographic fuzzy extractors. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, Washington, DC, USA, October 2004, pp 82–91 Google Scholar
  69. 69.
    Boyen X, Dodis Y, Katz J, Ostrovsky R, Smith A (2005) Secure remote authentication using biometric data. In: Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, vol 3494 Google Scholar
  70. 70.
    Dodis Y, Smith A (2005) Correcting errors without leaking partial information. In: STOC’05: Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 2005, pp 654–663 Google Scholar
  71. 71.
    Simoens K, Tuyls P, Preneel B (2009) Privacy weaknesses in biometric sketches. In: Proc IEEE Symp Security and Privacy, pp 188–203 Google Scholar
  72. 72.
    Wang Y, Rane S, Draper SC, Ishwar P (2012) A theoretical analysis of authentication, privacy, and reusability across secure biometric systems. IEEE Transactions on Information Forensics and Security 7(6):1825–1840 CrossRefGoogle Scholar
  73. 73.
    Sutcu Y, Li Q, Memon N (2007) Secure biometric templates from fingerprint-face features. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition. Workshop on biometrics, Minneapolis, MN, USA, June 2007 Google Scholar
  74. 74.
    Nandakumar K, Jain AK (2008) Multibiometric template security using fuzzy vault. In: 2nd IEEE International Conference on Biometrics: Theory, Applications and Systems, BTAS’08, Washington, DC, USA Google Scholar
  75. 75.
    Kelkboom E, Zhou X, Breebaart J, Veldhuis R, Busch C (2009) Multi-algorithm fusion with template protection. In: 3rd IEEE International Conference on Biometrics: Theory, Applications and Systems, BTAS’09, Washington, DC, USA Google Scholar
  76. 76.
    Kanade S, Petrovska-Delacretaz D, Dorizzi B (2010) Obtaining cryptographic keys using feature level fusion of iris and face biometrics for secure user authentication. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition. Workshop on biometrics, San Francisco, USA, June 2010 Google Scholar
  77. 77.
    Nagar A, Nandakumar K, Jain AK (2012) Multibiometric cryptosystems based on feature level fusion. IEEE Transactions on Information Forensics and Security 7(1):255–268 CrossRefGoogle Scholar
  78. 78.
    Biometric identification technology ethics (BITE). Tech rep (accessed in December 2012). [Online]. Available: http://www.biteproject.org
  79. 79.
    Homeland security, biometric identification & personal detection ethics (HIDE). Tech rep (accessed in December 2012). [Online]. Available: http://www.hideproject.org
  80. 80.
    IRISS (Increasing Resilience in Surveillance Societies) EU Project. [Online]. Available: http://irissproject.eu/
  81. 81.
    SURPRISE (Surveillance, Privacy and Security) EU Project. [Online]. Available: surprise-project.eu/
  82. 82.
    3DFace, 3DFace EU Project. [Online]. Available: http://www.3dface.org/home/welcome
  83. 83.
    TURBINE (TrUsted Revocable Biometric IdeNtitiEs) EU Project. [Online]. Available: http://www.turbine-project.eu/
  84. 84.
    BEAT (Biometrics Evaluation and Testing) EU Project. [Online]. Available: http://www.beat-eu.org/
  85. 85.
    TABULA RASA EU Project. [Online]. Available: http://www.tabularasa-euproject.org/project
  86. 86.
    Simoens K, Yang B, Zhou X, Beato F, Busch C, Newton E, Preneel B (2012) Criteria towards metrics for benchmarking template protection algorithms. In: 5th IAPR International Conference on Biometrics, ICB 12, New Delhi, India, 29 March–1 April 2012 Google Scholar

Copyright information

© Springer-Verlag London 2013

Authors and Affiliations

  1. 1.Section of Applied Electronics, Department of EngineeringUniversity of Roma TreRomeItaly

Personalised recommendations