Skip to main content
SpringerLink
Log in

Privacy, Security and Convenience: Biometric Encryption for Smartphone-Based Electronic Travel Documents

  • Chapter
  • First Online:
Recent Advances in Computational Intelligence in Defense and Security

Part of the book series: Studies in Computational Intelligence ((SCI,volume 621))

Abstract

We propose a new paradigm for issuing, storing and verifying travel documents that features entirely digital documents which are bound to the individual by virtue of a privacy–respecting biometrically derived key, and which make use of privacy-respecting digital credentials technology. Currently travel documentation rely either on paper documents or electronic systems requiring connectivity to core servers and databases at the time of verification. If biometrics are used in the traditional way, there are accompanying privacy implications. We present a smartphone-based approach which enables a new kind of biometric checkpoint to be placed at key points throughout the international voyage. These lightweight verification checkpoints would not require storage of biometric information, which can reduce the complexity and risk of implementing these systems from a policy and privacy perspective. Our proposed paradigm promises multiple benefits including increased security in airports, on airlines and at the border, increased traveller convenience, increased biometric privacy, and possibly, lower total cost of system ownership.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Given the range of terms used in the domain, we choose to follow ISO standard 24745 [41]. The concept of a RBR is described in Annex C of the 24745 standard as follows:

    Renewable biometric references (RBRs) are revocable/ renewable identifiers that represent an individual or data subject within a certain domain by means of a protected binary identity (re)constructed from a captured biometric sample. A renewable biometric reference does not allow access to the original biometric measurement data, biometric template or true identity of its owner. Furthermore, the renewable biometric reference has no meaning outside the service domain.

  2. 2.

    The following attacks against BE are known: Inverting the hash; False Acceptance (FAR) attack; Hill Climbing attack [3]; Nearest Impostors attack [59]; Running Error Correcting Code (ECC) in a soft decoding and/or erasure mode [59]; ECC Histogram attack [59]; Non-randomness attack against Fuzzy Vault [22]; Non-randomness attack against Mytec2 and Fuzzy Commitment schemes [59, 66]; Re-usability attack [11, 46, 54]; Blended Substitution attack [54]; and Linkage attack [21, 45, 57].

References

  1. Adams, C.: Achieving non-transferability in credential systems using hidden biometrics. Secur. Commun. Netw. 4(2), 195–206 (2011)

    Article  Google Scholar 

  2. Adjedj, M., Bringer, J., Chabanne, H., Kindarji, B.: Biometric identification over encrypted data made feasible. In: Prakash, A., Gupta, I.S. (eds.) Information Systems Security. LNCS, vol. 5905, pp. 86–100. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  3. Adler, A.: Vulnerabilities in biometric encryption systems. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) Audio- and Video-Based Biometric Person Authentication. 5th International Conference, AVBPA 2005, Hilton Rye Town, NY, USA, 20–22 July 2005. LNCS, vol. 3546, pp. 1100–1109. Springer, Heidelberg (2005)

    Google Scholar 

  4. Barni, M., Bianchi, T., Catalano, D., Raimondo, M.D., Labati, R.D., Failla, P., Fiore, D., Lazzeretti, R., Piuri, V., Scotti, F., Piva, A.: Privacy-preserving fingercode authentication. In: Proceedings of the 12th ACM Workshop on Multimedia and Security (MMSec 2010), pp. 231–240. ACM, New York (2010)

    Google Scholar 

  5. Bringer, J., Chabanne, H.: An authentication protocol with encrypted biometric data. In: Vaudenay, S. (ed.) Progress in Cryptology—AFRICACRYPT 2008. LNCS, vol. 5023, pp. 109–124. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  6. Bringer, J., Chabanne, H.: Two efficient architectures for handling biometric data while taking care of their privacy. In: Campisi, P. (ed.) Security and Privacy in Biometrics, Chapter 11, pp. 275–295. Springer, London (2013)

    Chapter  Google Scholar 

  7. Bringer, J., Chabanne, H., Kindarji, B.: Error-tolerant searchable encryption. In: IEEE International Conference on Communications, 2009. ICC 2009, pp. 1–6 (2009)

    Google Scholar 

  8. Bissessar, D., Gorodnichy, D.O., Stoianov, A., Thieme, M.: Assessment of privacy enhancing technologies for biometrics. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), pp. 1–9. Ottawa, ON, Canada, 11–13 July 2012

    Google Scholar 

  9. Bissessar, D.: Cryptographic credentials with privacy-preserving biometric bindings. Master’s thesis, School of Electrical Engineering and Computer Science, University of Ottawa (2013)

    Google Scholar 

  10. Bissessar, D., Adams, C., Liu, D.: Using biometric key commitments to prevent unauthorized lending of cryptographic credentials. In: 12th International Conference on Privacy, Security and Trust (PST2014), pp. 75–83. Toronto, Canada, 23–24 July (2014)

    Google Scholar 

  11. Boyen, X.: Reusable cryptographic fuzzy extractors. In: Proceedings of the 11th ACM Conference on Computer and Communications Security. ACM (2004)

    Google Scholar 

  12. Bellare, M., Rogaway, P.: Optimal asymmetric encryption—how to encrypt with RSA. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 341–358. Springer, Heidelberg (1995)

    Google Scholar 

  13. Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates. MIT Press, Cambridge (2000)

    Google Scholar 

  14. Bringer, J., Chabanne, H., Izabachène, M., Pointcheval, D., Tang, Q., Zimmer, S.: An application of the Goldwasser-Micali cryptosystem to biometric authentication. In: Information Security and Privacy. LNCS, vol. 4586, pp. 96–106. Springer, Heidelberg (2007)

    Google Scholar 

  15. Bringer, J., Favre, M., Chabanne, H., Patey, A.: Faster secure computation for biometric identification using filtering. In: The 5th IAPR International Conference on Biometrics. ICB, pp. 257–264. New Delhi, India, 29 March–1 April 2012

    Google Scholar 

  16. Bundesamt für Sicherheit in der Informationstechnik. Study of the Privacy and Accuracy of the Fuzzy Commitment Scheme. BioKeyS III-Final Report (2011)

    Google Scholar 

  17. Canetti, R., Charikar, M.S., Rajagopalan, S., Ravikumar, S., Sahai, A., Tomkins, A.S.: Nontransferable anonymous credentials. U.S. Patent 7,222,362 (2007)

    Google Scholar 

  18. CBP ESTA Webpage. http://www.cbp.gov/travel/international-visitors/esta. Accessed 19 July 2015

  19. Cavoukian, A., Chibba, M., Stoianov, A.: Advances in biometric encryption: taking privacy by design from academic research to deployment. Rev. Policy Res. 29(1), 37–61 (2012)

    Article  Google Scholar 

  20. Cavoukian, A., Marinelli, T., Stoianov, A., Martin, K., Plataniotis, K.N., Chibba, M., DeSouza, L., Frederiksen, S.: Biometric encryption: creating a privacy-preserving ‘Watch-List’ facial recognition system. In: Campisi, P. (ed.) Security and Privacy in Biometrics, Chapter 9, pp. 215–238. Springer, London (2013)

    Google Scholar 

  21. Cavoukian, A., Stoianov, A.: Biometric encryption: the new breed of untraceable biometrics. In: Boulgouris, N.V., Plataniotis, K.N., Micheli-Tzanakou, E. (eds.) Biometrics: Theory, Methods, and Applications, Chapter 26, pp. 655–718. Wiley, Hoboken (2009)

    Google Scholar 

  22. Chang, E.C., Shen, R., Teo, F.W. Finding the original point set hidden among chaff. In: Proceedings of the 2006 ACM Symposium on Information, computer and communications security, pp. 182–188. ACM (2006)

    Google Scholar 

  23. Chaum, D., Evertse, J.-H.: A secure and privacy-protecting protocol for transmitting personal information between organizations. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 118–167. Springer, Heidelberg (1987)

    Google Scholar 

  24. Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  25. Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Advances in Cryptology—CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)

    Google Scholar 

  26. Chen, L.: Access with pseudonyms. In: Cryptography: Policy and Algorithms, pp. 232–243. Springer, Heidelberg (1996)

    Google Scholar 

  27. Citizenship and Immigration Canada. eTAWebpage. http://www.cic.gc.ca/english/department/acts-regulations/forward-regulatory-plan/eta.asp. Accessed 19 July 2015

  28. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) Advances in Cryptology—EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    Google Scholar 

  29. Damgård, I.: Payment systems and credential mechanisms with provable security against abuse by individuals. In: Advances in Cryptology—CRYPTO88. LNCS, vol. 403, pp. 328–335. Springer, Heidelberg (1990)

    Google Scholar 

  30. Damgård, I.: Commitment schemes and zero-knowledge protocols. In: Damgård, I.B. (ed.) Lectures on Data Security. LNCS, vol. 1561, pp. 63–86 (1999)

    Google Scholar 

  31. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) Advances in cryptology—Eurocrypt 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)

    Google Scholar 

  32. Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., Toft, T.: Privacy-preserving face recognition. In: PETS 2009: Proceedings of the 9th International Symposium on Privacy Enhancing Technologies, Seattle, WA, USA, 5–7 Aug 2009. LNCS, vol. 5672, pp. 235–253. Springer, Heidelberg (2009)

    Google Scholar 

  33. Frontex: development of capabilities for passenger analysis units. In: Operational Heads of Airports Conference 2014, Warsaw, 04–07 Feb 2014

    Google Scholar 

  34. www.genkey.com

  35. www.genkey.com/en/news-archive/genkey-releases-biofinger-sdk

  36. Goldreich, O.: Foundations of Cryptography: Basic Tools, vol. 1. Cambridge University Press, New York (2001)

    Book  MATH  Google Scholar 

  37. Goldreich, O.: Foundations of Cryptography: Basic Applications, vol. 2. Cambridge University Press, New York (2004)

    Book  MATH  Google Scholar 

  38. Hao, F., Anderson, R., Daugman, J.: Combining crypto with biometrics effectively. IEEE Trans. Comput. 55(9), 1081–1088 (2006)

    Article  Google Scholar 

  39. International Civil Aviation Organization: machine readable travel documents—part 1–2. Technical report. ICAO Document 9303 (2006)

    Google Scholar 

  40. IBM Identity Governance web page. http://www.zurich.ibm.com/security/idemix/. Accessed 19 July 2015

  41. ISO/IEC IS 24745: Information Technology—Security techniques—Biometric Information Protection, June 2011

    Google Scholar 

  42. Jain, A.K., Nandakumar, K., Nagar, A.: Biometric template security. EURASIP J. Adv. Sig. Process. pp. 1–17 (2008). Article ID 579416

    Google Scholar 

  43. Juels, A., Sudan, M.: A fuzzy vault scheme. In: IEEE International Symposium on Information Theory (2002)

    Google Scholar 

  44. Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 28–36. ACM (1999)

    Google Scholar 

  45. Kelkboom, E.J.C., Breebaart, J., Kevenaar, T.A.M., Buhan, I., Veldhuis, R.N.J.: Preventing the decodability attack based cross-matching in a fuzzy commitment scheme. IEEE Trans. Inf. Forensics Secur. 6(1), 107–121 (2010)

    Article  Google Scholar 

  46. Kholmatov, A., Yanikoglu, B.: Realization of correlation attack against fuzzy vault scheme. In: Proceedings of SPIE, vol. 6819, pp. 681900-1–681900-7 (2008)

    Google Scholar 

  47. Lysyanskaya, A., Rivest, A., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H., Adams, C. (eds.) Selected Areas in Cryptography, pp. 184–199. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  48. Linnartz, J.-P., Tuyls, P.: New shielding functions to enhance privacy and prevent misuse of biometric templates. In: 4th International Conference on Audio and Video Based Biometric Person Authentication, pp. 393–402. Guildford, UK (2003)

    Google Scholar 

  49. Microsoft research U-Prove web page. http://research.microsoft.com/en-us/projects/u-prove/. Accessed 20 July 2015

  50. Nagar, A., Nandakumar, K., Jain, A.K.: Securing fingerprint template: fuzzy vault with minutiae descriptors. In: 19th International Conference on Pattern Recognition, ICPR 2008, pp. 1–4. IEEE (2008)

    Google Scholar 

  51. Privacy by Design Resolution of the 32nd International Conference of Data Protection and Privacy Commissioners, Jerusalem, 27–29 Oct 2010. http://www.ipc.on.ca/site_documents/pbd-resolution.pdf

  52. Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Advances in Cryptology—CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)

    Google Scholar 

  53. Rathgeb, C., Uhl, A.: A survey on biometric cryptosystems and cancelable biometrics. EURASIP J. Inf. Secur. 2011(3), 1–25 (2011)

    Google Scholar 

  54. Scheirer, W.J., Boult, T.E.: Cracking fuzzy vaults and biometric encryption. In: Biometric Consortium Conference, Baltimore. IEEE, Sept 2007

    Google Scholar 

  55. Sadeghi, A., Schneider, T., Wehrenberg, I.: Efficient privacy preserving face recognition. In: Lee, D., Hong, S. (eds.) ICISC 2009 Proceedings of the 12th Annual International Conference on Information Security and Cryptology. LNCS, vol. 5984, pp. 235–253 Springer, Heidelberg (2009)

    Google Scholar 

  56. Schoenmakers, B., Tuyls, P.: Computationally secure authentication with noisy data. In: Tuyls, P., Škorić, B., Kevenaar, T. (eds.) Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting, pp. 141–149. Springer, London (2007)

    Google Scholar 

  57. Simoens, K., Tuyls, P., Preneel, B.: Privacy weaknesses in biometric sketches. In: 30th IEEE Symposium on Security and Privacy, pp. 188–203. IEEE (2009)

    Google Scholar 

  58. Soutar, C., Roberge, D., Stoianov, A., Gilroy, R., Vijaya Kumar, B.V.K.: Biometric encryption using image processing. In: Optical Security and Counterfeit Deterrence Techniques II, 1 Apr 1998. Proceedings of SPIE, vol. 3314, pp. 178–188 (1998)

    Google Scholar 

  59. Stoianov, A., Kevenaar, T., Van der Veen, M.: Security issues of biometric encryption. In: Science and Technology for Humanity (TIC-STH), 2009 IEEE Toronto International Conference. IEEE (2009)

    Google Scholar 

  60. Stoianov, A.: Cryptographically secure biometrics. In: SPIE Defense, Security, and Sensing. Proceedings of SPIE, vol. 7667, pp. 76670C-1–76670C-12 (2010)

    Google Scholar 

  61. Sutcu, Y., Li, Q., Memon, N.: Design and analysis of fuzzy extractors for faces. In: Optics and Photonics in Global Homeland Security V and Biometric Technology for Human Identification VI, 73061X, 5 May 2009. Proceedings of SPIE, vol. 7306 (2009)

    Google Scholar 

  62. Tuyls, P., Akkermans, A.H.M., Kevenaar, T.A.M., Schrijen, G.-J., Bazen, A.M., and Veldhuis, R.N.J.: Practical biometric authentication with template protection. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) Audio- and Video-Based Biometric Person Authentication. 5th International Conference, AVBPA 2005, Hilton Rye Town, NY, USA, 20–22 July 2005. LNCS, vol. 3546, pp. 436–446. Springer, Heidelberg (2005)

    Google Scholar 

  63. Upmanyu, M., Namboodiri, A.M., Srinathan, K., Jawahar, C.V.: Blind authentication: a secure crypto-biometric verification protocol. IEEE Trans. Inf. Forensics Secur. 5(2), 255–268 (2010)

    Article  Google Scholar 

  64. Uludag, U., Pankanti, S., Jain, A.K.: Fuzzy vault for fingerprints. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) Audio- and Video-Based Biometric Person Authentication. 5th International Conference, AVBPA 2005, Hilton Rye Town, NY, USA, 20–22 July 2005. LNCS, vol. 3546, pp. 310–319. Springer, Heidelberg (2005)

    Google Scholar 

  65. Van der Veen, M., Kevenaar, T., Schrijen, G.-J., Akkermans, T.H., Zuo, F.: Face biometrics with renewable templates. In: Security, Steganography, and Watermarking of Multimedia Contents VIII, 60720 J, 15 Feb 2006. Proceedings OF SPIE, vol. 6072 (2006)

    Google Scholar 

  66. Zhou, X., Wolthusen, S.D., Busch, C., Kuijper, A.: A security analysis of biometric template protection schemes. In: Proceedings of ICIAR 2009, pp. 429–438 (2009)

    Google Scholar 

Download references

Acknowledgments

Special thanks to the CBSA for ongoing support. Financial support from the Canadian Safety and Security Program (CSSP) of Defence Research and Development Canada (DRDC), and the Natural Sciences and Engineering Research Council of Canada (NSERC) is gratefully acknowledged.

Dedication

Daniel Patrick Bissessar

March 11, 2007–Jan 1, 2012

To perseverance and making a difference… Danny, this work that we started together is growing… You continue to inspire me every day to build stuff and make things. You taught me happiness and have enriched my life forever. Love, Papa.

Author information

Authors and Affiliations

  1. Canada Border Services Agency, Ottawa, Canada

    David Bissessar

  2. University of Ottawa, Ottawa, Canada

    Carlisle Adams

  3. Office of the Information and Privacy Commissioner of Ontario, Toronto, Canada

    Alex Stoianov

Authors
  1. David Bissessar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Carlisle Adams
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alex Stoianov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Bissessar .

Editor information

Editors and Affiliations

  1. Larus Technologies Corporation, Ottawa, Ontario, Canada

    Rami Abielmona

  2. Larus Technologies Corporation, Ottawa, Ontario, Canada

    Rafael Falcon

  3. Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada

    Nur Zincir-Heywood

  4. School of Engineering and Information Technology, University of New South Wales, Canberra, Aust Capital Terr, Australia

    Hussein A. Abbass

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Bissessar, D., Adams, C., Stoianov, A. (2016). Privacy, Security and Convenience: Biometric Encryption for Smartphone-Based Electronic Travel Documents. In: Abielmona, R., Falcon, R., Zincir-Heywood, N., Abbass, H. (eds) Recent Advances in Computational Intelligence in Defense and Security. Studies in Computational Intelligence, vol 621. Springer, Cham. https://doi.org/10.1007/978-3-319-26450-9_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26450-9_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26448-6

  • Online ISBN: 978-3-319-26450-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation