Advertisement

Biometric Privacy Protection: Guidelines and Technologies

  • Ruggero Donida Labati
  • Vincenzo Piuri
  • Fabio Scotti
Part of the Communications in Computer and Information Science book series (CCIS, volume 314)

Abstract

Compared with traditional techniques used to establish the identity of a person, biometric systems offer a greater confidence level that the authenticated individual is not impersonated by someone else. However, it is necessary to consider different privacy and security aspects in order to prevent possible thefts and misuses of biometric data. The effective protection of the privacy must encompass different aspects, such as the perceived and real risks pertaining to the users, the specificity of the application, the adoption of correct policies, and data protection methods as well. This chapter focuses on the most important privacy issues related to the use of biometrics, it presents actual guidelines for the implementation of privacy-protective biometric systems, and proposes a discussion of the methods for the protection of biometric data.

Keywords

Biometrics Privacy Security Template protection 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    International Biometrics Group, http://www.ibgweb.com
  2. 2.
    Cancellable biometrics and annotations on biohash. Pattern Recognition 41(6), 2034–2044 (2008)Google Scholar
  3. 3.
    Barni, M., Bianchi, T., Catalano, D., Raimondo, M.D., Donida Labati, R., Failla, P., Fiore, D., Lazzeretti, R., Piuri, V., Scotti, F., Piva, A.: A privacy-compliant fingerprint recognition system based on homomorphic encryption and fingercode templates. In: IEEE Fourth International Conference on Biometrics: Theory, Applications and Systems (BTAS) (September 2010)Google Scholar
  4. 4.
    Barni, M., Bianchi, T., Catalano, D., Raimondo, M.D., Labati, R.D., Failla, P., Fiore, D., Lazzeretti, R., Piuri, V., Scotti, F., Piva, A.: Privacy-preserving fingercode authentication. In: 12th ACM Multimedia and Security Workshop (2010)Google Scholar
  5. 5.
    Bianchi, T., Turchi, S., Piva, A., Donida Labati, R., Piuri, V., Scotti, F.: Implementing fingercode-based identity matching in the encrypted domain. In: IEEE Workshop on Biometric Measurements and Systems for Security and Medical Applications (BIOMS), pp. 15–21 (September 2010)Google Scholar
  6. 6.
    Boult, T.: Robust distance measures for face-recognition supporting revocable biometric tokens. In: International Conference on Automatic Face and Gesture Recognition, pp. 560–566 (April 2006)Google Scholar
  7. 7.
    Boult, T., Schdrer, W., Woodworth, R.: Revocable fingerprint biotokens: Accuracy and security analysis. In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 1–8 (June 2007)Google Scholar
  8. 8.
    Bringer, J., Chabanne, H.: An Authentication Protocol with Encrypted Biometric Data. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 109–124. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Bringer, J., Chabanne, H., Cohen, G., Kindarji, B., Zemor, G.: Theoretical and practical boundaries of binary secure sketches. IEEE Transactions on Information Forensics and Security 3(4), 673–683 (2008)CrossRefGoogle Scholar
  10. 10.
    Bringer, J., Chabanne, H., Izabachène, M., Pointcheval, D., Tang, Q., Zimmer, S.: An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 96–106. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Cavoukian, A., Stoianov, A.: Biometric encryption. In: Encyclopedia of Cryptography and Security, 2nd edn., pp. 90–98 (2011)Google Scholar
  12. 12.
    Chin, C.S., Jin, A.T.B., Ling, D.N.C.: High security iris verification system based on random secret integration. Computer Vision and Image Understanding 102, 169–177 (2006)CrossRefGoogle Scholar
  13. 13.
    Cimato, S., Gamassi, M., Piuri, V., Sassi, R., Cimato, F.S., Scotti, F.: A biometric verification system addressing privacy concerns. In: International Conference on Computational Intelligence and Security, pp. 594–598 (December 2007)Google Scholar
  14. 14.
    Daugman, J.: How iris recognition works. In: Proceedings of the International Conference on Image Processing, vol. 1, pp. 33–36 (2002)Google Scholar
  15. 15.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM Journal on Computing 38(1), 97–139 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  16. 16.
    Draper, S., Khisti, A., Martinian, E., Vetro, A., Yedidia, J.: Using distributed source coding to secure fingerprint biometrics. In: IEEE International Conference on Acoustics, Speech and Signal Processing, vol. 2, pp. 29–132 (April 2007)Google Scholar
  17. 17.
    El Gamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  18. 18.
    Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., Toft, T.: Privacy-Preserving Face Recognition. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 235–253. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Faundez-Zanuy, M.: On the vulnerability of biometric security systems. IEEE Aerospace and Electronic Systems Magazine 19(6), 3–8 (2004)CrossRefGoogle Scholar
  20. 20.
    Fontaine, C., Galand, F.: A survey of homomorphic encryption for nonspecialists. EURASIP Journal on Information Security, 1–15 (2007)Google Scholar
  21. 21.
    Huixian, L., Man, W., Liaojun, P., Weidong, Z.: Key binding based on biometric shielding functions. In: International Conference on Information Assurance and Security, vol. 1, pp. 19–22 (August 2009)Google Scholar
  22. 22.
    Ignatenko, T., Willems, F.: Information leakage in fuzzy commitment schemes. IEEE Transactions on Information Forensics and Security 5(2), 337–348 (2010)CrossRefGoogle Scholar
  23. 23.
    Ignatenko, T., Willems, F.: Information leakage in fuzzy commitment schemes. IEEE Transactions on Information Forensics and Security 5(2), 337–348 (2010)CrossRefGoogle Scholar
  24. 24.
    Jain, A.K., Maltoni, D.: Handbook of Fingerprint Recognition. Springer-Verlag New York, Inc., Secaucus (2003)zbMATHGoogle Scholar
  25. 25.
    Jain, A.K., Nandakumar, K., Nagar, A.: Biometric template security. EURASIP Journal on Advances in Signal Processing, 1–17 (2008)Google Scholar
  26. 26.
    Jain, A.K., Prabhakar, S., Hong, L., Pankanti, S.: Filterbank-based fingerprint matching. IEEE Transactions on Image Processing 9, 846–859 (2000)CrossRefGoogle Scholar
  27. 27.
    Jin, A.T.B., Ling, D.N.C., Goh, A.: Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition 37(11), 2245–2255 (2004)CrossRefGoogle Scholar
  28. 28.
    Jin, Z., Teoh, A., Ong, T.S., Tee, C.: Generating revocable fingerprint template using minutiae pair representation. In: International Conference on Education Technology and Computer, vol. 5 (June 2010)Google Scholar
  29. 29.
    Juels, A., Sudan, M.: A fuzzy vault scheme. In: IEEE International Symposium on Information Theory, p. 408 (2002)Google Scholar
  30. 30.
    Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Sixth ACM Conference on Computer and Communications Security, pp. 28–36 (1999)Google Scholar
  31. 31.
    Lee, Y.J., Park, K.R., Lee, S.J., Bae, K., Kim, J.: A new method for generating an invariant iris private key based on the fuzzy vault system. IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics 38(5), 1302–1313 (2008)CrossRefGoogle Scholar
  32. 32.
    LLC International Biometric Group: Bioprivacy initiative (2003), http://www.bioprivacy.org/
  33. 33.
    Maiorana, E., Campisi, P.: Fuzzy commitment for function based signature template protection. IEEE Signal Processing Letters 17(3), 249–252 (2010)CrossRefGoogle Scholar
  34. 34.
    Maiorana, E., Campisi, P.: Fuzzy commitment for function based signature template protection. IEEE Signal Processing Letters 17(3), 249–252 (2010)CrossRefGoogle Scholar
  35. 35.
    Maiorana, E., Campisi, P., Fierrez, J., Ortega-Garcia, J., Neri, A.: Cancelable templates for sequence-based biometrics with application to on-line signature recognition. IEEE Transaction on Systems, Man and Cybernetic, Part A: Systems and Humans 40(3), 525–538 (2010)CrossRefGoogle Scholar
  36. 36.
    Makrushin, A., Scheidat, T., Vielhauer, C.: Towards robust biohash generation for dynamic handwriting using feature selection. In: International Conference on Digital Signal Processing, pp. 1–6 (July 2011)Google Scholar
  37. 37.
    Nagar, A., Jain, A.: On the security of non-invertible fingerprint template transforms. In: First IEEE International Workshop on Information Forensics and Security (WIFS), pp. 81–85 (2009)Google Scholar
  38. 38.
    Nandakumar, K., Jain, A., Pankanti, S.: Fingerprint-based fuzzy vault: Implementation and performance. IEEE Transactions on Information Forensics and Security 2(4), 744–757 (2007)CrossRefGoogle Scholar
  39. 39.
    Nanni, L., Lumini, A.: Empirical tests on biohashing. Neurocomputing 69, 2390–2395 (2006)CrossRefGoogle Scholar
  40. 40.
    Nichols, R.K.: Icsa Guide to Cryptography. McGraw-Hill Professional (1998)Google Scholar
  41. 41.
    Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  42. 42.
    Ratha, N.K., Connell, J.H., Bolle, R.M.: Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 40(3), 614–634 (2001)CrossRefGoogle Scholar
  43. 43.
    Ratha, N.K., Chikkerur, S., Connell, J.H., Bolle, R.M.: Generating cancelable fingerprint templates. IEEE Transaction on Pattern Analysis and Machine Intelligence 29(4), 561–572 (2007)CrossRefGoogle Scholar
  44. 44.
    Ratha, N.K., Connell, J.H., Bolle, R.M.: An Analysis of Minutiae Matching Strength. In: Bigun, J., Smeraldi, F. (eds.) AVBPA 2001. LNCS, vol. 2091, pp. 223–228. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  45. 45.
    Rathgeb, C., Uhl, A.: A survey on biometric cryptosystems and cancelable biometrics. EURASIP Journal on Information Security (1) (2011)Google Scholar
  46. 46.
    RNCOS (ed.): Electronics Security: Global Biometric Forecast to 2012 (2010)Google Scholar
  47. 47.
    Sabena, F., Dehghantanha, A., Seddon, A.: A review of vulnerabilities in identity management using biometrics. In: Second International Conference on Future Networks (CFN), pp. 42–49 (January 2010)Google Scholar
  48. 48.
    Sadeghi, A., Schneider, T., Wehrenberg, I.: Efficient Privacy-Preserving Face Recognition. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 229–244. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  49. 49.
    Savvides, M., Vijaya Kumar, B., Khosla, P.: Cancelable biometric filters for face recognition. In: International Conference on Pattern Recognition, vol. 3, pp. 922–925 (August 2004)Google Scholar
  50. 50.
    Schoenmakers, B., Tuyls, P.: Computationally Secure Authentication with Noisy Data, pp. 141–149. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  51. 51.
    Stoianov, A.: Cryptographically secure biometrics. In: Kumar, B.V.K.V., Prabhakar, S., Ross, A.A. (eds.) Biometric Technology for Human Identification VII, vol. 7667, p. 76670C. SPIE (2010)Google Scholar
  52. 52.
    Sutcu, Y., Li, Q., Memon, N.: Protecting biometric templates with sketch: Theory and practice. IEEE Transactions on Information Forensics and Security 2(3), 503–512 (2007)CrossRefGoogle Scholar
  53. 53.
    Teoh, A., Goh, A., Ngo, D.: Random multispace quantization as an analytic mechanism for biohashing of biometric and random identity inputs. IEEE Transactions on Pattern Analysis and Machine Intelligence 28(12), 1892–1901 (2006)CrossRefGoogle Scholar
  54. 54.
    Teoh, A., Jin, B., Connie, T., Ngo, D., Ling, C.: Remarks on biohash and its mathematical foundation. Information Processing Letters 100, 145–150 (2006)MathSciNetzbMATHCrossRefGoogle Scholar
  55. 55.
    Wang, Y., Hatzinakos, D.: On random transformations for changeable face verification. IEEE Transaction on Systems, Man and Cybernetic, Part B: Cybernetics 41(3), 840–854 (2011)CrossRefGoogle Scholar
  56. 56.
    Wang, Y., Plataniotis, K.N.: An analysis of random projection for changeable and privacy-preserving biometric verification. IEEE Transaction on Systems, Man and Cybernetic, Part B: Cybernetics 40, 1280–1293 (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Ruggero Donida Labati
    • 1
  • Vincenzo Piuri
    • 1
  • Fabio Scotti
    • 1
  1. 1.Department of Information TechnologyUniversit degli Studi di MilanoCremaItaly

Personalised recommendations