Visible to the public Biometric Encryption and Privacy, 2014

SoS Newsletter- Advanced Book Block

SoS Logo

Biometric Encryption and Privacy


The use of biometric encryption to control access and authentication is well established. New concerns about privacy create new issues for biometric encryption, however. The increased use of Cloud architectures compounds the problem of providing continuous re-authentication. The research cited here examines these issues. All work was presented in 2014.

Omar, M.N.; Salleh, M.; Bakhtiari, M., “Biometric Encryption to Enhance Confidentiality in Cloud Computing,” Biometrics and Security Technologies (ISBAST), 2014 International Symposium on, vol., no., pp. 45, 50, 26-27 Aug. 2014. doi:10.1109/ISBAST.2014.7013092
Abstract: Virtualization technology is the base technology used in Cloud computing. Therefore, virtualization enables Cloud computing to provide hardware and software services to the users on demand. Actually, many companies migrates to the Cloud computing for many reasons such as capabilities of processor, bus speed, size of storage, memory and managed to reduce the cost of dedicated servers. However, virtualization and Cloud computing contain many security weaknesses that affects the biometric data confidentiality in the Cloud computing. Those security issues are VM ware escape, hopping, mobility, diversity monitoring and etc. Furthermore, the privacy of a particular user is an issue in biometric data i.e. the face reorganization data for a famous and important people. Therefore, this paper proposed biometric encryption to improve the confidentiality in Cloud computing for biometric data. Also, this paper discussed virtualization for Cloud computing, as well as biometrics encryption. Indeed, this paper overviewed the security weaknesses of Cloud computing and how biometric encryption can improve the confidentiality in Cloud computing environment. Apart from this, confidentiality is enhanced in Cloud computing by using biometric encryption for biometric data. The novel approach of biometric encryption is to enhance the biometric data confidentiality in Cloud computing.
Keywords: biometrics (access control); cloud computing; cryptography; virtualisation; VM ware; biometric data confidentiality; biometric encryption; cloud computing; face reorganization data; hardware services; software services; virtualization technology; Bioinformatics; Biometrics (access control); Cloud computing; Encryption; Hardware; Virtualization; Biometric Encryption; Cloud computing; Virtualization (ID#: 15-5994)


Valarmathi, R.; Sathiya Priya, S.S.; Kumar, P.K.; Sivamangai, N.M., “A Biometric Encryption Using Face Recognition System for Watch List,” Information Communication and Embedded Systems (ICICES), 2014 International Conference on, vol., no.,
pp. 1, 5, 27-28 Feb. 2014. doi:10.1109/ICICES.2014.7034018
Abstract: In recent years, it is necessary to protect individual privacy from unauthenticated persons. This paper presents a biometric encryption using face recognition system to identify known and unsuspected persons in watch list applications. The face recognition system is done by the Eigen face approach by PCA algorithm to simplify the authentication process, then to secure the Eigen faces generate the cryptographic key (RNG) and which key is bind that facial images. The faces are accepted as known or unknown face by after verification with present database.
Keywords: biometrics (access control); cryptography; data privacy; face recognition; principal component analysis; PCA algorithm; RNG; authentication process; biometric encryption; cryptographic key; eigen face approach; face recognition system; facial images; individual privacy protection; watch list; Databases; Encryption; Face; Face recognition; Feature extraction; Vectors; Biometric Encryption; Face Recognition; Privacy (ID#: 15-5995)


Sharma, S.; Balasubramanian, V., “A Biometric Based Authentication and Encryption Framework for Sensor Health Data in Cloud,” Information Technology and Multimedia (ICIMU), 2014 International Conference on, vol., no., pp. 49, 54, 18-20 Nov. 2014. doi:10.1109/ICIMU.2014.7066602
Abstract: Use of remote healthcare monitoring application (HMA) can not only enable healthcare seeker to live a normal life while receiving treatment but also prevent critical healthcare situation through early intervention. For this to happen, the HMA have to provide continuous monitoring through sensors attached to the patient's body or in close proximity to the patient. Owing to elasticity nature of the cloud, recently, the implementation of HMA in cloud is of intense research. Although, cloud-based implementation provides scalability for implementation, the health data of patient is super-sensitive and requires high level of privacy and security for cloud-based shared storage. In addition, protection of real-time arrival of large volume of sensor data from continuous monitoring of patient poses bigger challenge. In this work, we propose a self-protective security framework for our cloud-based HMA. Our framework enable the sensor data in the cloud from (1) unauthorized access and (2) self-protect the data in case of breached access using biometrics. The framework is detailed in the paper using mathematical formulation and algorithms.
Keywords: biometrics (access control); cloud computing; cryptography; data privacy; health care; medical information systems; message authentication; patient monitoring; biometric based authentication; cloud-based HMA; cloud-based shared storage; encryption framework; privacy; remote healthcare monitoring application; self-protective security framework; sensor health data; Authentication; Bismuth; Encryption; Fingerprint recognition; Fingers; Medical services; Monitoring; Biometric; Biosensor; Cloud; Data Protection; Healthcare; Sensor data; self-protective (ID#: 15-5996)


Sedenka, J.; Balagani, K.S.; Phoha, V.; Gasti, P., “Privacy-Preserving Population-Enhanced Biometric Key Generation from Free-Text Keystroke Dynamics,” Biometrics (IJCB), 2014 IEEE International Joint Conference on, vol., no., pp. 1, 8, Sept. 29 2014–Oct. 2 2014. doi:10.1109/BTAS.2014.6996244
Abstract: Biometric key generation techniques are used to reliably generate cryptographic material from biometric signals. Existing constructions require users to perform a particular activity (e.g., type or say a password, or provide a handwritten signature), and are therefore not suitable for generating keys continuously. In this paper we present a new technique for biometric key generation from free-text keystroke dynamics. This is the first technique suitable for continuous key generation. Our approach is based on a scaled parity code for key generation (and subsequent key reconstruction), and can be augmented with the use of population data to improve security and reduce key reconstruction error. In particular, we rely on linear discriminant analysis (LDA) to obtain a better representation of discriminable biometric signals. To update the LDA matrix without disclosing user's biometric information, we design a provably secure privacy-preserving protocol (PP-LDA) based on homomorphic encryption. Our biometric key generation with PP-LDA was evaluated on a dataset of 486 users. We report equal error rate around 5% when using LDA, and below 7% without LDA.
Keywords: biometrics (access control); cryptographic protocols; private key cryptography; LDA matrix update; PP-LDA; continuous key generation; cryptographic material generation; discriminable biometric signal representation; free-text keystroke dynamics; homomorphic encryption; key reconstruction; key reconstruction error reduction; linear discriminant analysis; population data; privacy-preserving population-enhanced biometric key generation; provably secure privacy-preserving protocol; scaled parity code; security improvement; user biometric information; Cryptography; Error correction codes; Feature extraction; Measurement; Protocols; Vectors (ID#: 15-5997)


Abidin, A.; Mitrokotsa, A., “Security Aspects of Privacy-Preserving Biometric Authentication Based on Ideal Lattices and Ring-LWE,” Information Forensics and Security (WIFS), 2014 IEEE International Workshop on, vol., no., pp. 60, 65, 3-5 Dec. 2014. doi:10.1109/WIFS.2014.7084304
Abstract: In this paper, we study the security of two recently proposed privacy-preserving biometric authentication protocols that employ packed somewhat homomorphic encryption schemes based on ideal lattices and ring-LWE, respectively. These two schemes have the same structure and have distributed architecture consisting of three entities: a client server, a computation server, and an authentication server. We present a simple attack algorithm that enables a malicious computation server to learn the biometric templates in at most 2N-τ queries, where N is the bit-length of a biometric template and τ the authentication threshold. The main enabler of the attack is that a malicious computation server can send an encryption of the inner product of the target biometric template with a bitstring of his own choice, instead of the securely computed Hamming distance between the fresh and stored biometric templates. We also discuss possible countermeasures to mitigate the attack using private information retrieval and signatures of correct computation.
Keywords: biometrics (access control); client-server systems; cryptographic protocols; message authentication; Hamming distance; attack algorithm; authentication server; authentication threshold; client server; distributed architecture; homomorphic encryption scheme; malicious computation server; privacy-preserving biometric authentication protocol; private information retrieval; ring-LWE; security aspects; target biometric template; Authentication; Encryption; Protocols; Public key; Servers; Privacy-preserving biometric authentication; hill climbing attack; lattices; ring-LWE; somewhat homomorphic encryption (ID#: 15-5998)


Barman, S.; Chattopadhyay, S.; Samanta, D., “An Approach to Cryptographic Key Distribution through Fingerprint Based Key Distribution Center,” Advances in Computing, Communications and Informatics (ICACCI), 2014 International Conference on, vol., no., pp. 1629, 1635, 24-27 Sept. 2014. doi:10.1109/ICACCI.2014.6968299
Abstract: In information and communication technology, security of information is provided with cryptography. In cryptography, key management is an important part of the whole system as the security lies on secrecy of cryptographic key. Symmetric cryptography uses same key (secret key) for message encryption as well as cipher text decryption. Distribution of the secret key is the main challenge in symmetric cryptography. In symmetric cryptography, key distribution center (KDC) takes the responsibility to distribute the secret key between the communicating parties to establish a secure communication among them. In the traditional KDC, a unique key is used between communicating parties for the purpose of distributing session keys. In this respect, our proposed approach uses fingerprint biometrics of communicating parties for the purpose of unique key generation and distribute session key with the fingerprint based key of user. As the key is generated from fingerprint of user, there is no scope of attacks to break the unique key. In this way, the unique key is associated with biometric data of communicating party and the key is not need to remember by that party. This approach converts the knowledge based authentication to biometric based authentication of KDC. At the same time, our approach protects the privacy of fingerprint identity as the identity of user is not disclosed even when the KDC is compromised.
Keywords: cryptography; data privacy; fingerprint identification; message authentication; biometric based authentication; cipher text decryption; cryptographic key distribution; fingerprint based key distribution center; fingerprint biometrics; fingerprint identity privacy; information security; key management; knowledge based authentication; message encryption; secret key distribution; symmetric cryptography; Bioinformatics; Biometrics (access control); Cryptography; Feature extraction; Fingerprint recognition; Image matching; Vectors; Cryptographic key; Cryptography; Fingerprint; Fingerprint based cryptographic key; Key Distribution Center; Secret key (ID#: 15-5999)


Yuan Tian; Al-Rodhaan, M.; Biao Song; Al-Dhelaan, A.; Ting Huai Ma, “Somewhat Homomorphic Cryptography for Matrix Multiplication Using GPU Acceleration,” Biometrics and Security Technologies (ISBAST), 2014 International Symposium on, vol., no., pp. 166, 170, 26-27 Aug. 2014. doi:10.1109/ISBAST.2014.7013115
Abstract: Homomorphic encryption has become a popular research topic since the cloud computing paradigm emerged. This paper discusses the design of a GPU-assisted homomorphic cryptograph for matrix operation. Our proposed scheme is based on an n*n matrix multiplication which are computationally homomorphic. We use more efficient GPU programming scheme with the extension of DGHV homomorphism, which prove the result of verification does not leak any information about the inputs or the output during the encryption and decryption. The performance results are obtained from the executions on a machine equipped with a GeForce GTX 765M GPU. We use three basic parallel algorithms to form efficient solutions which accelerate the speed of encryption and evaluation. Although fully homomorphic encryption is still not practical for real world applications in current stage, this work shows the possibility to improve the performance of homomorphic encryption and achieve this target one step closer.
Keywords: cryptography; graphics processing units; matrix multiplication; parallel algorithms; DGHV homomorphism; GPU acceleration; GPU programming; GeForce GTX 765M GPU; decryption; homomorphic cryptography; matrix multiplication; parallel algorithms; Acceleration; Educational institutions; Encryption; Graphics processing units; Public key; Cloud; Cryptography; GPU; Homomorphic encryption; Matrix multiplication; Privacy; Security (ID#: 15-6000)


Lakhera, M., “Enhancing Security of Stored Biometric Data,” Computational Intelligence on Power, Energy and Controls with their impact on Humanity (CIPECH), 2014 Innovative Applications of , vol., no., vol., no., pp. 515, 518, 28-29 Nov. 2014. doi:10.1109/CIPECH.2014.7019043
Abstract: A biometric system is weak to a different type of attacks targeted at undermining the reliability of the verification process. These attacks are either imposter or irrevocability. Imposter means information stored in database, can be abused to construction of artificial biometric and replace it for fake authentication and irrevocability means once compromised, biometric not be updated, reissued or destroyed. In this paper we present a general architecture with the help of Digital Signature that guarantees privacy protection of biometric data. We specifically focus on secure a biometric data at the time of authentication and storage.
Keywords: biometrics (access control); data privacy; security of data; artificial biometric; biometric data security; digital signature; privacy protection; verification process reliability; Bioinformatics; Biometrics (access control); Data mining; Databases; Feature extraction; Receivers; Security; Encryption; Password; Private Key; Public Key; Verification (ID#: 15-6001)


Bissessar, D.; Adams, C.; Dong Liu, “Using Biometric Key Commitments to Prevent Unauthorized Lending of Cryptographic Credentials,” Privacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on, vol., no., pp. 75, 83, 23-24 July 2014. doi:10.1109/PST.2014.6890926
Abstract: We present a technique that uses privacy enhancing technologies and biometrics to prevent the unauthorized lending of credentials. Current credential schemes suffer the weakness that issued credentials can be transferred between users. Our technique ensures the biometric identity of the individual executing the Issue and Show protocols of an existing credential system in a manner analogous to the enrollment and verification steps in traditional biometric systems. During Issue we create Pedersen commitments on biometrically derived keys obtained from fuzzy extractors. This issue-time commitment is sealed into the issued credential. During Show a verification-time commitment is generated. Correspondence of keys is verified using a zero-knowledge proof of knowledge. The proposed approach preserves the security of the underlying credential system, protects the privacy of the biometric, and generalizes to multiple biometric modalities. We illustrate the usage of our technique by showing how it can be incorporated into digital credentials and anonymous credentials.
Keywords: cryptography; data privacy; Pedersen commitments; anonymous credentials; biometric identity; biometric key commitments; biometric modalities; credential schemes; credential system; cryptographic credentials; digital credentials; fuzzy extractors; issue protocol; issue-time commitment;  show protocol; Data mining; Encryption; Measurement; Privacy; Protocols; biometrics; non-transferability; privacy enhancing technologies (ID#: 15-6002)


Uluagac, A.S.; Wenyi Liu; Beyah, R., “A Multi-Factor Re-Authentication Framework with User Privacy,” Communications and Network Security (CNS), 2014 IEEE Conference on, vol., no., pp. 504, 505, 29-31 Oct. 2014. doi:10.1109/CNS.2014.6997526
Abstract: Continuous re-authentication of users is a must to protect connections with long duration against any malicious activity. Users can be re-authenticated in numerous ways. One popular way is an approach that requires the presentation of two or more authentication factors (i.e., knowledge, possession, identity) called Multi-factor authentication (MFA). Given the market dominance of ubiquitous computing systems (e.g., cloud), MFA systems have become vital in re-authenticating users. Knowledge factor (i.e., passwords) is the most ubiquitous authentication factor; however, forcing a user to re-enter the primary factor, a password, at frequent intervals could significantly lower the usability of the system. Unfortunately, an MFA system with a possession factor (e.g., Security tokens) usually depends on the distribution of some specific device, which is cumbersome and not user-friendly. Similarly, MFA systems with an identity factor (e.g., physiological biometrics, keystroke pattern) suffer from a relatively low deployability and are highly intrusive and expose users sensitive information to untrusted servers. These servers can keep physically identifying elements of users, long after the user ends the relationship with the server. To address these concerns, in this poster, we introduce our initial design of a privacy-preserving multi-factor re-authentication framework. The first factor is a password while the second factor is a hybrid profile of user behavior with a large combination of host- and network-based features. Our initial results are very promising as our framework can successfully validate legitimate users while detecting impostors.
Keywords: authorisation; cryptography; data privacy; MFA system; authentication factor; knowledge factor; possession factor; privacy-preserving multifactor re-authentication framework; ubiquitous computing system; user privacy; Authentication; Cloud computing; Educational institutions; Encryption; Privacy; Servers; Usability; Fully Homomorphic Encryption; Fuzzy Hashing; Privacy-Preserving Reauthentication; Re-authentication in Cloud (ID#: 15-6003)


Al-Jaberi, M.F.; Zainal, A., “Data Integrity and Privacy Model in Cloud Computing,” Biometrics and Security Technologies (ISBAST), 2014 International Symposium on, vol., no., pp. 280, 284, 26-27 Aug. 2014. doi:10.1109/ISBAST.2014.7013135
Abstract: Cloud computing is the future of computing industry and it is believed to be the next generation of computing technology. Among the major concern in cloud computing is data integrity and privacy. Clients require their data to be safe and private from any tampering or unauthorized access. Various algorithms and protocols (MD5, AES, and RSA-based PHE) are implemented by the various components of this model to provide the maximum levels of integrity management and privacy preservation for data stored in public cloud such as Amazon S3. The impact of algorithms and protocols, used to ensure data integrity and privacy, is studied to test the performance of the proposed model. The prototype system showed that data integrity and privacy are ensured against unauthorized parties. This model reduces the burden of checking the integrity of data stored in cloud storage by utilizing a third party, integrity checking service, and applies security mechanism that ensure privacy and confidentiality of data stored in cloud computing. This paper proposes an architecture based model that provides data integrity verification and privacy preserving in cloud computing.
Keywords: authorisation; cloud computing; data integrity; data privacy; unauthorized access; Cloud computing; Computational modeling; Data models; Data privacy; Encryption; Amazon S3 (ID#: 15-6004)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.