Reasoning About Privacy Properties of Architectures Supporting Group Authentication and Application to Biometric Systems
This paper follows a recent line of work that advocates the use of formal methods to reason about privacy properties of system architectures. We propose an extension of an existing formal framework, motivated by the need to reason about properties of architectures including group authentication functionalities. By group authentication, we mean that a user can authenticate on behalf of a group of users, thereby keeping a form of anonymity within this set. Then we show that this extended framework can be used to reason about privacy properties of a biometric system in which users are authenticated through the use of group signatures.
KeywordsPrivacy by design Formal methods Biometric systems
This work has been partially funded by the French ANR-12-INSE-0013 project BIOPRIV. Part of this work has been conducted within the Inria Project Lab on Privacy CAPPRIS .
- 1.Antignac, T., Le Métayer, D.: Privacy architectures: reasoning about data minimisation and integrity. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 17–32. Springer, Heidelberg (2014)Google Scholar
- 2.Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: ACM Conference on Computer and Communications Security, CCS 2004, pp. 168–177. ACM Press (2004)Google Scholar
- 5.Canard, S., Girault, M.: Implementing group signature schemes with smart cards. In: Smart Card Research and Advanced Application, CARDIS 2002, pp. 1–10. USENIX (2002)Google Scholar
- 6.CAPPRIS. Collaborative Project on the Protection of Privacy Rights in the Information Society. Inria Project Lab on Privacy. https://cappris.inria.fr/
- 7.European Parliament. European Parliament legislative resolution of 12 March 2014 on the proposal for a regulation of the European Parliament, of the Council on the protection of individuals with regard to the processing of personal data, on the free movement of such data. General Data Protection Regulation, Ordinary legislative procedure: first reading (2014)Google Scholar
- 8.Govan, M., Buggy, T.: Acomputationally efficient fingerprint matching algorithm for implementation on smartcards. In: Biometrics: Theory, Applications, and Systems, BTAS 2007, pp. 1–6. IEEE (2007)Google Scholar
- 9.Halpern, J.Y., Pucella, R.: Dealing with logical omniscience. In: Conference on Theoretical Aspects of Rationality and Knowledge, TARK 2007, pp. 169–176 (2007)Google Scholar
- 11.National Institute of Standards and Technology (NIST). MINEXII - an assessment of Match-On-Card technology (2011). http://www.nist.gov/itl/iad/ig/minexii.cfm
- 12.International Standard Organization. International standard iso/iec 24787 information technology - identification cards - on-card biometric comparison (2010)Google Scholar
- 15.Ta, V.T., Antignac, T.: Privacy by design: on the conformance between protocols and architectures. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 65–81. Springer, Heidelberg (2015)Google Scholar
- 16.TURBINE. TrUsted Revocable Biometric IdeNtitiEs. Collaborative European project 216339 call FP7-ICT-2007-1 (2007). http://cordis.europa.eu/project/rcn/85447_en.html