Reasoning About Privacy Properties of Architectures Supporting Group Authentication and Application to Biometric Systems

  • Julien Bringer
  • Hervé Chabanne
  • Daniel Le Métayer
  • Roch Lescuyer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9766)


This paper follows a recent line of work that advocates the use of formal methods to reason about privacy properties of system architectures. We propose an extension of an existing formal framework, motivated by the need to reason about properties of architectures including group authentication functionalities. By group authentication, we mean that a user can authenticate on behalf of a group of users, thereby keeping a form of anonymity within this set. Then we show that this extended framework can be used to reason about privacy properties of a biometric system in which users are authenticated through the use of group signatures.


Privacy by design Formal methods Biometric systems 



This work has been partially funded by the French ANR-12-INSE-0013 project BIOPRIV. Part of this work has been conducted within the Inria Project Lab on Privacy CAPPRIS [6].


  1. 1.
    Antignac, T., Le Métayer, D.: Privacy architectures: reasoning about data minimisation and integrity. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 17–32. Springer, Heidelberg (2014)Google Scholar
  2. 2.
    Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: ACM Conference on Computer and Communications Security, CCS 2004, pp. 168–177. ACM Press (2004)Google Scholar
  3. 3.
    Bringer, J., Chabanne, H., Le Métayer, D., Lescuyer, R.: Privacy by design in practice: reasoning about privacy properties of biometric system architectures. In: Bjørner, N., Boer, F. (eds.) FM 2015. LNCS, vol. 9109, pp. 90–107. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  4. 4.
    Bringer, J., Chabanne, H., Pointcheval, D., Zimmer, S.: An application of the Boneh and Shacham group signature scheme to biometric authentication. In: Matsuura, K., Fujisaki, E. (eds.) IWSEC 2008. LNCS, vol. 5312, pp. 219–230. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Canard, S., Girault, M.: Implementing group signature schemes with smart cards. In: Smart Card Research and Advanced Application, CARDIS 2002, pp. 1–10. USENIX (2002)Google Scholar
  6. 6.
    CAPPRIS. Collaborative Project on the Protection of Privacy Rights in the Information Society. Inria Project Lab on Privacy.
  7. 7.
    European Parliament. European Parliament legislative resolution of 12 March 2014 on the proposal for a regulation of the European Parliament, of the Council on the protection of individuals with regard to the processing of personal data, on the free movement of such data. General Data Protection Regulation, Ordinary legislative procedure: first reading (2014)Google Scholar
  8. 8.
    Govan, M., Buggy, T.: Acomputationally efficient fingerprint matching algorithm for implementation on smartcards. In: Biometrics: Theory, Applications, and Systems, BTAS 2007, pp. 1–6. IEEE (2007)Google Scholar
  9. 9.
    Halpern, J.Y., Pucella, R.: Dealing with logical omniscience. In: Conference on Theoretical Aspects of Rationality and Knowledge, TARK 2007, pp. 169–176 (2007)Google Scholar
  10. 10.
    Jain, A.K., Ross, A., Prabhakar, S.: An introduction to biometric recognition. IEEE Trans. Circuits Syst. Video Techn. 14(1), 4–20 (2004)CrossRefGoogle Scholar
  11. 11.
    National Institute of Standards and Technology (NIST). MINEXII - an assessment of Match-On-Card technology (2011).
  12. 12.
    International Standard Organization. International standard iso/iec 24787 information technology - identification cards - on-card biometric comparison (2010)Google Scholar
  13. 13.
    Pucella, R.: Deductive algorithmic knowledge. J. Log. Comput. 16(2), 287–309 (2006)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 552. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Ta, V.T., Antignac, T.: Privacy by design: on the conformance between protocols and architectures. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 65–81. Springer, Heidelberg (2015)Google Scholar
  16. 16.
    TURBINE. TrUsted Revocable Biometric IdeNtitiEs. Collaborative European project 216339 call FP7-ICT-2007-1 (2007).

Copyright information

© IFIP International Federation for Information Processing 2016

Authors and Affiliations

  • Julien Bringer
    • 1
  • Hervé Chabanne
    • 1
    • 2
  • Daniel Le Métayer
    • 3
  • Roch Lescuyer
    • 1
  1. 1.MorphoIssy-Les-MoulineauxFrance
  2. 2.Télécom ParisTechParisFrance
  3. 3.INRIAUniversité de LyonLyonFrance

Personalised recommendations