This document summarizes a research presentation on privacy-preserving biometrics-based authentication. It outlines the challenges with traditional biometrics schemes, including security and privacy concerns when biometric templates and identifiers are stored. The proposed approach generates unique, repeatable and revocable biometric identifiers (BIDs) using image hashing, classification and error correction. It also describes a user-centric, privacy-preserving authentication protocol using these BIDs and zero-knowledge proofs to authenticate users without revealing sensitive biometric data. Performance analysis shows the approach can generate commitments and run the authentication protocol efficiently. The work aims to address privacy and security issues while enabling convenient biometric authentication.
Security for Future Networks: A Prospective Study of AAIsidescitation
The future Internet will rely heavily on virtualization and Cloud networking.
The project Security for Future Networks (SecFuNet)1 proposes the design of a framework
providing secure identification and authentication, secure data transfer and secure
virtualized infrastructure.
In this paper, we present some of the most important ones currently available and we
present a comparative study should examine some models and frameworks of Identity
Management. Initially, we had identified OpenID, Higgins and Shibboleth frameworks as
those providing facilities that are the closest to our proposals and our requirements.
However, with the literature prospection more frameworks have being included in our
study, which has allowed to expand our state of the art on IdM. In our study, some features
are highlighted and related with our objectives.
In most networks and distributed systems, security
has always been of a major concern and authentication is the core
issue as it provides protection from unauthorized use and ensures
proper functioning of the system. This paper investigates and
proposes DS-NIZKP, an approach for authenticating users by
three factors, (namely password, smart-card and biometrics)
based on the concept of Zero Knowledge Proof (ZKP), so that no
sensitive information can be revealed during a communication.
The proposal employs the concept of digital signature (DS) to
authenticate the identity of the sender or the signer within a
single communication. Given that DS employs asymmetric
encryption, a one-way hash of the user’s identity is created then
signed using the private key. Hashing prevents from revealing
information about the user while signing provides authentication,
non-repudiation and integrity. This approach not only saves time
since just a single message between the prover and the verifier is
necessary but also defends privacy of the user in distributed
systems.
Database Security Two Way Authentication Using Graphical PasswordIJERA Editor
As data represent a key asset for today's organizations. The problem is that how to protect this data from
attackers, theft and misuse is at the forefront of any organization’s mind. Even though today several data
security techniques are available to protect database and computing infrastructure, many such as network
security and firewalls tools are unable to prevent attacks from insider. Insider is a person working in
organization who can try to access the sensitive data. This paper proposes a two-way authentication method
which fuses knowledge-based secret and personal trait information.
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
The usage of sensitive online services and applications such as online banking, e-commerce etc is increasing day by day. These technologies have tremendously improved making our daily life easier. However, these developments have been accompanied by E-piracy where attackers try to get access to services illegally. As sensitive information flow through Internet, they need support for security properties such as authentication, authorization, data confidentiality. Perhaps static password (User ID & password) is the most common and widely accepted authentication method. Online applications need strong password such as a combination of alphanumeric with special characters. In general, having one password for a single service may be easy to remember, but controlling many passwords for different services poses a tedious task on users online applications . Usually users try to use same password for different services or make slight changes in the password which can be easy for attacker to guess adding increased security threat. In order to overcome this, stronger authentication solutions need to be suggested and adapted for services based network.
CRYPTANALYSIS AND FURTHER IMPROVEMENT OF A BIOMETRIC-BASED REMOTE USER AUTHEN...IJNSA Journal
Recently, Li et al. proposed a secure biometric-based remote user authentication scheme using smart cards to withstand the security flaws of Li-Hwang’s efficient biometric-based remote user authentication scheme using smart cards. Li et al.’s scheme is based on biometrics verification, smart card and one-way hash function, and it also uses the random nonce rather than a synchronized clock, and thus it is efficient in computational cost and more secure than Li-Hwang’s scheme. Unfortunately, in this paper we show that Li et al.’s scheme still has some security weaknesses in their design. In order to withstand those weaknesses in their scheme, we further propose an improvement of their scheme so that the improved scheme always provides proper authentication and as a result, it establishes a session key between the user and the server at the end of successful user authentication.
Digital signature and certificate authorityKrutiShah114
This presentation will give you a broad view about digital signature and certificate authority. It also explains the difference between digital signature and electronic signature.
Augment the Safety in the ATM System with Multimodal Biometrics Linked with U...inventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
Security for Future Networks: A Prospective Study of AAIsidescitation
The future Internet will rely heavily on virtualization and Cloud networking.
The project Security for Future Networks (SecFuNet)1 proposes the design of a framework
providing secure identification and authentication, secure data transfer and secure
virtualized infrastructure.
In this paper, we present some of the most important ones currently available and we
present a comparative study should examine some models and frameworks of Identity
Management. Initially, we had identified OpenID, Higgins and Shibboleth frameworks as
those providing facilities that are the closest to our proposals and our requirements.
However, with the literature prospection more frameworks have being included in our
study, which has allowed to expand our state of the art on IdM. In our study, some features
are highlighted and related with our objectives.
In most networks and distributed systems, security
has always been of a major concern and authentication is the core
issue as it provides protection from unauthorized use and ensures
proper functioning of the system. This paper investigates and
proposes DS-NIZKP, an approach for authenticating users by
three factors, (namely password, smart-card and biometrics)
based on the concept of Zero Knowledge Proof (ZKP), so that no
sensitive information can be revealed during a communication.
The proposal employs the concept of digital signature (DS) to
authenticate the identity of the sender or the signer within a
single communication. Given that DS employs asymmetric
encryption, a one-way hash of the user’s identity is created then
signed using the private key. Hashing prevents from revealing
information about the user while signing provides authentication,
non-repudiation and integrity. This approach not only saves time
since just a single message between the prover and the verifier is
necessary but also defends privacy of the user in distributed
systems.
Database Security Two Way Authentication Using Graphical PasswordIJERA Editor
As data represent a key asset for today's organizations. The problem is that how to protect this data from
attackers, theft and misuse is at the forefront of any organization’s mind. Even though today several data
security techniques are available to protect database and computing infrastructure, many such as network
security and firewalls tools are unable to prevent attacks from insider. Insider is a person working in
organization who can try to access the sensitive data. This paper proposes a two-way authentication method
which fuses knowledge-based secret and personal trait information.
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
The usage of sensitive online services and applications such as online banking, e-commerce etc is increasing day by day. These technologies have tremendously improved making our daily life easier. However, these developments have been accompanied by E-piracy where attackers try to get access to services illegally. As sensitive information flow through Internet, they need support for security properties such as authentication, authorization, data confidentiality. Perhaps static password (User ID & password) is the most common and widely accepted authentication method. Online applications need strong password such as a combination of alphanumeric with special characters. In general, having one password for a single service may be easy to remember, but controlling many passwords for different services poses a tedious task on users online applications . Usually users try to use same password for different services or make slight changes in the password which can be easy for attacker to guess adding increased security threat. In order to overcome this, stronger authentication solutions need to be suggested and adapted for services based network.
CRYPTANALYSIS AND FURTHER IMPROVEMENT OF A BIOMETRIC-BASED REMOTE USER AUTHEN...IJNSA Journal
Recently, Li et al. proposed a secure biometric-based remote user authentication scheme using smart cards to withstand the security flaws of Li-Hwang’s efficient biometric-based remote user authentication scheme using smart cards. Li et al.’s scheme is based on biometrics verification, smart card and one-way hash function, and it also uses the random nonce rather than a synchronized clock, and thus it is efficient in computational cost and more secure than Li-Hwang’s scheme. Unfortunately, in this paper we show that Li et al.’s scheme still has some security weaknesses in their design. In order to withstand those weaknesses in their scheme, we further propose an improvement of their scheme so that the improved scheme always provides proper authentication and as a result, it establishes a session key between the user and the server at the end of successful user authentication.
Digital signature and certificate authorityKrutiShah114
This presentation will give you a broad view about digital signature and certificate authority. It also explains the difference between digital signature and electronic signature.
Augment the Safety in the ATM System with Multimodal Biometrics Linked with U...inventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
The Survey of Architecture of Multi-Modal (Fingerprint and Iris Recognition) ...IJERA Editor
Biometrics based individual identification is observed as an effective technique for automatically knowing, with a high confidence a person’s identity. Multi-modal biometric systems consolidate the evidence accessible by multiple biometric sources and normally better recognition performance associate to system based on a single biometric modality.Multi biometric systems are used to overcome this issue by providing multiple pieces of indication of the same identity. This system provides effective fusion structure that combines information provided by the multiple field experts based on decision-level and score-level fusion method, thereby increasing the efficiency which is not conceivable in uni-modal system.Multi-modal biometrics can be attained through a fusion of two or more images, where the subsequent fused image will be more protected. This paper discusses various fusion techniques, architecture of multi-modal biometric authentication and working of biometric fusion i.e. Iris and Fingerprint recognition that are used in multi-modal biometrics
Securing Access Control with Biometric Identity Verification Software.pptxIDefy
Traditional password challenges are becoming obsolete with the arrival of biometric identity verification software. With a variety of biometric techniques, users can now easily verify their identities, enhancing security protocols while optimising user experiences. The program's simple incorporation of the phrase guarantees that it will be the main topic of conversation when identity verification is brought up, highlighting its critical role in the ever-changing field of cybersecurity evolution. To know more visit us at :- https://idefy.ai/liveness-detection/
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Harikrishna Patel
Biometric identification and authentication depends on unique biological attributes, such as a fingerprint, an iris, a face or even a heartbeat. These attributes are much more difficult for hackers and criminals to exploit because they’re unique to each individual.
Today’s biometric identification and authentication systems cover checks to verify that the biometric elements aren’t coming from video or audio recordings as well. #androidappdevelopment #iotplatform #Softqube
https://www.softqubes.com/blog/mobile-authentication-with-biometric-fingerprint-or-face-in-android/
Biometric System and Recognition Authentication and Security Issuesijtsrd
In recent days Biometric has become the most popular technique used. The purpose of biometric systems is used to achieve high security, authentication and many more. Through this scheme or technique it ensures that the services are accessed only by the authorized persons. This system works effectively and is user friendly. Biometric systems are progressively exchanging the ongoing password and authentication token based system. Authentication and Security recognition are the two most essential characteristic to consider in scheming a biometric system. In this paper, a broad review is presented to illuminate on the latest technologies in the study of fingerprint based biometric covering these two characteristic with a view to improving system security and authentication recognition. Shweta Naik ""Biometric System and Recognition: Authentication and Security Issues"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-2 , February 2020,
URL: https://www.ijtsrd.com/papers/ijtsrd30195.pdf
Paper Url : https://www.ijtsrd.com/computer-science/computer-security/30195/biometric-system-and-recognition-authentication-and-security-issues/shweta-naik
Tech4biz Solutions Defending Against Cyber Threatsyashakhandelwal2
This case study illuminates our collaborative journey with a prominent financial institution renowned for secure digital transactions. The project set out to harmonize conventional banking practices with cutting-edge technology, incorporating advanced security measures to combat cyber threats. The overarching goal was to elevate the security standards for digital transactions, mitigate risks, and enhance the overall experience for customers.
Feature Level Fusion of Multibiometric Cryptosystem in Distributed SystemIJMER
ABSTRACT: Multibiometrics is the combination of one or more biometrics (e.g., Fingerprint, Iris, and Face). Researchers
are focusing on how to provide security to the system, the template which was generated from the biometric need to be
protected. The problems of unimodal biometrics are solved by multibiometrics. The main objective is to provide a security to
the biometric template by generating a secure sketch by making use of multibiometric cryptosystem and which is stored in a
database. Once the biometric template is stolen it becomes a serious issue for the security of the system and also for user
privacy. In the existing approach, feature level fusion is used to combine the features securely with well-known biometric
cryptosystems namely fuzzy vault and fuzzy commitment. The drawbacks of existing system include accuracy of the biometric
need to be improved and the noises in the biometrics also need to be reduced. The proposed work is to enhance the security
using multibiometric cryptosystem in distributed system applications like e-commerce transactions, e-banking and ATM.
Keywords: Biometric Cryptosystem, Error correcting code, Fingerprint, Iris, Multibiometrics, Unimodal biometrics.
Multi-Biometric Authentication through Hybrid Cryptographic SystemMangaiK4
Abstract – In most of the real time scenario, authentication is required very much so as to enable the person to access a private database of any type. Researchers have started using biometric traits for the authenticity of a person. The various biometrics traits available are face, iris, palm print, hand geometry, fingerprint, ear etc., But the application that uses a single biometric trait often have to challenge with noisy data, restricted degrees of autonomy, non-universality of the biometric trait and intolerable error rates. Multi biometric systems seem to lighten these drawbacks by providing multiple verification of the same personality. Biometric fusion is the use of multiple biometric inputs or methods of processing to improve performance. In this paper, a novel combination of Multi biometric fusion, Symmetric Cryptography and Asymmetric Cryptography is proposed. A fused biometric image is encrypted using Advanced Encryption Standard whose secret key is in turn encrypted using elliptic curve cryptography which is considered as one of the efficient Asymmetric cryptographic algorithms. As the symmetric cryptographic algorithms involve in key exchange mechanism, the secret key is proposed to be secured by using ECC. Hence, the system proposed is expected to be more secured to store the biometric traits of an individual.
can use fingerprint sdk to authenticate user using fingers.
this is a simple demonstration where biometric authentication with fingerprint used for ATM
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...Sérgio Sacani
Since volcanic activity was first discovered on Io from Voyager images in 1979, changes
on Io’s surface have been monitored from both spacecraft and ground-based telescopes.
Here, we present the highest spatial resolution images of Io ever obtained from a groundbased telescope. These images, acquired by the SHARK-VIS instrument on the Large
Binocular Telescope, show evidence of a major resurfacing event on Io’s trailing hemisphere. When compared to the most recent spacecraft images, the SHARK-VIS images
show that a plume deposit from a powerful eruption at Pillan Patera has covered part
of the long-lived Pele plume deposit. Although this type of resurfacing event may be common on Io, few have been detected due to the rarity of spacecraft visits and the previously low spatial resolution available from Earth-based telescopes. The SHARK-VIS instrument ushers in a new era of high resolution imaging of Io’s surface using adaptive
optics at visible wavelengths.
Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...University of Maribor
Slides from:
11th International Conference on Electrical, Electronics and Computer Engineering (IcETRAN), Niš, 3-6 June 2024
Track: Artificial Intelligence
https://www.etran.rs/2024/en/home-english/
Nutraceutical market, scope and growth: Herbal drug technologyLokesh Patil
As consumer awareness of health and wellness rises, the nutraceutical market—which includes goods like functional meals, drinks, and dietary supplements that provide health advantages beyond basic nutrition—is growing significantly. As healthcare expenses rise, the population ages, and people want natural and preventative health solutions more and more, this industry is increasing quickly. Further driving market expansion are product formulation innovations and the use of cutting-edge technology for customized nutrition. With its worldwide reach, the nutraceutical industry is expected to keep growing and provide significant chances for research and investment in a number of categories, including vitamins, minerals, probiotics, and herbal supplements.
Deep Behavioral Phenotyping in Systems Neuroscience for Functional Atlasing a...Ana Luísa Pinho
Functional Magnetic Resonance Imaging (fMRI) provides means to characterize brain activations in response to behavior. However, cognitive neuroscience has been limited to group-level effects referring to the performance of specific tasks. To obtain the functional profile of elementary cognitive mechanisms, the combination of brain responses to many tasks is required. Yet, to date, both structural atlases and parcellation-based activations do not fully account for cognitive function and still present several limitations. Further, they do not adapt overall to individual characteristics. In this talk, I will give an account of deep-behavioral phenotyping strategies, namely data-driven methods in large task-fMRI datasets, to optimize functional brain-data collection and improve inference of effects-of-interest related to mental processes. Key to this approach is the employment of fast multi-functional paradigms rich on features that can be well parametrized and, consequently, facilitate the creation of psycho-physiological constructs to be modelled with imaging data. Particular emphasis will be given to music stimuli when studying high-order cognitive mechanisms, due to their ecological nature and quality to enable complex behavior compounded by discrete entities. I will also discuss how deep-behavioral phenotyping and individualized models applied to neuroimaging data can better account for the subject-specific organization of domain-general cognitive systems in the human brain. Finally, the accumulation of functional brain signatures brings the possibility to clarify relationships among tasks and create a univocal link between brain systems and mental functions through: (1) the development of ontologies proposing an organization of cognitive processes; and (2) brain-network taxonomies describing functional specialization. To this end, tools to improve commensurability in cognitive science are necessary, such as public repositories, ontology-based platforms and automated meta-analysis tools. I will thus discuss some brain-atlasing resources currently under development, and their applicability in cognitive as well as clinical neuroscience.
ISI 2024: Application Form (Extended), Exam Date (Out), EligibilitySciAstra
The Indian Statistical Institute (ISI) has extended its application deadline for 2024 admissions to April 2. Known for its excellence in statistics and related fields, ISI offers a range of programs from Bachelor's to Junior Research Fellowships. The admission test is scheduled for May 12, 2024. Eligibility varies by program, generally requiring a background in Mathematics and English for undergraduate courses and specific degrees for postgraduate and research positions. Application fees are ₹1500 for male general category applicants and ₹1000 for females. Applications are open to Indian and OCI candidates.
Remote Sensing and Computational, Evolutionary, Supercomputing, and Intellige...University of Maribor
Slides from talk:
Aleš Zamuda: Remote Sensing and Computational, Evolutionary, Supercomputing, and Intelligent Systems.
11th International Conference on Electrical, Electronics and Computer Engineering (IcETRAN), Niš, 3-6 June 2024
Inter-Society Networking Panel GRSS/MTT-S/CIS Panel Session: Promoting Connection and Cooperation
https://www.etran.rs/2024/en/home-english/
hematic appreciation test is a psychological assessment tool used to measure an individual's appreciation and understanding of specific themes or topics. This test helps to evaluate an individual's ability to connect different ideas and concepts within a given theme, as well as their overall comprehension and interpretation skills. The results of the test can provide valuable insights into an individual's cognitive abilities, creativity, and critical thinking skills
Toxic effects of heavy metals : Lead and Arsenicsanjana502982
Heavy metals are naturally occuring metallic chemical elements that have relatively high density, and are toxic at even low concentrations. All toxic metals are termed as heavy metals irrespective of their atomic mass and density, eg. arsenic, lead, mercury, cadmium, thallium, chromium, etc.
Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...Sérgio Sacani
We characterize the earliest galaxy population in the JADES Origins Field (JOF), the deepest
imaging field observed with JWST. We make use of the ancillary Hubble optical images (5 filters
spanning 0.4−0.9µm) and novel JWST images with 14 filters spanning 0.8−5µm, including 7 mediumband filters, and reaching total exposure times of up to 46 hours per filter. We combine all our data
at > 2.3µm to construct an ultradeep image, reaching as deep as ≈ 31.4 AB mag in the stack and
30.3-31.0 AB mag (5σ, r = 0.1” circular aperture) in individual filters. We measure photometric
redshifts and use robust selection criteria to identify a sample of eight galaxy candidates at redshifts
z = 11.5 − 15. These objects show compact half-light radii of R1/2 ∼ 50 − 200pc, stellar masses of
M⋆ ∼ 107−108M⊙, and star-formation rates of SFR ∼ 0.1−1 M⊙ yr−1
. Our search finds no candidates
at 15 < z < 20, placing upper limits at these redshifts. We develop a forward modeling approach to
infer the properties of the evolving luminosity function without binning in redshift or luminosity that
marginalizes over the photometric redshift uncertainty of our candidate galaxies and incorporates the
impact of non-detections. We find a z = 12 luminosity function in good agreement with prior results,
and that the luminosity function normalization and UV luminosity density decline by a factor of ∼ 2.5
from z = 12 to z = 14. We discuss the possible implications of our results in the context of theoretical
models for evolution of the dark matter halo mass function.
Phenomics assisted breeding in crop improvementIshaGoswami9
As the population is increasing and will reach about 9 billion upto 2050. Also due to climate change, it is difficult to meet the food requirement of such a large population. Facing the challenges presented by resource shortages, climate
change, and increasing global population, crop yield and quality need to be improved in a sustainable way over the coming decades. Genetic improvement by breeding is the best way to increase crop productivity. With the rapid progression of functional
genomics, an increasing number of crop genomes have been sequenced and dozens of genes influencing key agronomic traits have been identified. However, current genome sequence information has not been adequately exploited for understanding
the complex characteristics of multiple gene, owing to a lack of crop phenotypic data. Efficient, automatic, and accurate technologies and platforms that can capture phenotypic data that can
be linked to genomics information for crop improvement at all growth stages have become as important as genotyping. Thus,
high-throughput phenotyping has become the major bottleneck restricting crop breeding. Plant phenomics has been defined as the high-throughput, accurate acquisition and analysis of multi-dimensional phenotypes
during crop growing stages at the organism level, including the cell, tissue, organ, individual plant, plot, and field levels. With the rapid development of novel sensors, imaging technology,
and analysis methods, numerous infrastructure platforms have been developed for phenotyping.
Privacy Preserving Biometrics-Based and User Centric Authentication Protocol
1. Department of Computer Science
Privacy Preserving Biometrics-Based and
User Centric Authentication Protocol
Hasini Gunasinghe and Elisa Bertino
NSS 2014
2. Department of Computer Science
Agenda
Problem Overview
Challenges in biometrics based authentication schemes
Our approach
Generating unique, repeatable and revocable BID
Securing the BID with cryptographic commitment
Privacy preserving authentication protocol
Security and performance analysis
Future work
NSS 2014
3. Department of Computer Science
Problem Overview
NSS 2014
What You Know What You Have
Commonly used authentication factors
Stolen passwords/tokens lead to identity theft
Multiple passwords/tokens
Inconvenient to users
5. Department of Computer Science
Problem Overview
NSS 2014
Strong Authentication Factor: Biometrics Represents who you are.
Unique, Universal, Permanent and
Collectable.
First known use in criminal division
of the police department in Paris –
introduced by A. Bertillon.
Since then, many applications in
commercial, government and
forensic.
Convenient and secure for users.
Still, it is not widely adapted in critical applications
such as online banking. Why?
6. Department of Computer Science
Challenges in biometrics based authentication:
Inherited characteristics of biometrics
Security concerns
Privacy concerns
Problem Overview
NSS 2014
7. Department of Computer Science
Inherited Characteristics of
Biometrics
Desired Characteristics of
Biometrics Based Identifier
Uniqueness & Unforgeability Uniqueness & Unforgeability
Non-Repeatability Repeatability
Non-Revocability Revocability
Challenges in biometrics based authentication:
Inherited vs desired characteristics:
Problem Overview
NSS 2014
8. Department of Computer Science
Challenges in biometrics based authentication:
Security Concerns:
Biometric templates are stored at the server during enrollment.
Extracted biometric features are stored in smart cards to be
used during authentication.
e.g: In the Schiphol Privium scheme at the Amsterdam airport, Iris code stored is
in the smart card.
Breach of security of template databases/smart cards/user-
devices can cause permanent loss of one’s biometric identity.
Problem Overview
NSS 2014
9. Department of Computer Science
Challenges in biometrics based authentication:
Privacy Concerns of authentication protocols:
Problem Overview
NSS 2014
Biometric identity stored at
multiple service providers.
Different proprietary protocols.
verifies biometric
at login
SP2
SP3
SPspecificprotocols
IDP-centricprotocol
4) verifies biometric
3/5).verification
req/resp
1) enrolls biometric
SP1
IDP
SP2
IDP learns user’s interaction patterns
with different SPs.
Revealing BID during authentication.
enrolls biometric
at signup
SP1
10. Department of Computer Science
Addresses each of the above issues and provides better solutions.
1. Generates unique, repeatable and revocable BIDs.
2. Defines privacy preserving identity management protocol:
Involves zero-knowledge-proof-of-knowledge.
User-centric.
Our Approach
NSS 2014
11. Department of Computer Science
Overview:
Our Approach
NSS 2014
authenticate using
biometric identity token
enrolls biometric
obtains Identity Token
SP1
SP2
SP3
User-centricprotocol
No interaction between IDP and SP(s).
Biometric template is not stored anywhere.
13. Department of Computer Science
Our Approach
NSS 2014
1. Generating BID: Results
P-Hash – feature
extraction mechanism
used in our approach.
SVD-Hash – feature
extraction mechanism
used in previous work
[Bhargav-Spantzel et al.
‘2010].
15. Department of Computer Science
Our Approach
NSS 2014
1. Generating BID: Results with ECC
Both accuracy and overhead increase with the Hadamard Code
length used for error correction.
Recommended Hadamard Error Correction Code is 16 bits.
Improves repeatability of the BID.
Secure error correction mechanism introduced by Kande et al.
‘2009.
16. Department of Computer Science
We covered so far – in key aspects of our approach:
Our Approach
NSS 2014
Generating unique, repeatable and revocable BIDs.
Extended approach with ECC to improve repeatability.
Privacy preserving identity management protocol:
1. Involves zero-knowledge-proof-of-knowledge.
2. User-centric.
17. Department of Computer Science
3. Privacy preserving identity management protocol: Enrollment
Our Approach
NSS 2014
Biometric
image
Hash Vector
R=
Commitment: C = gxhr
Biometric
IDT
Perceptual Hash
Train Support Vector Machine
Trained Base SVM
P-Hash
Customize
SVM
Single Label Classification Hash Vector
Digitally Signed by IDP
X = BID
18. Department of Computer Science
Our Approach
NSS 2014
3. Privacy preserving identity management protocol: Enrollment
Elements included in the identity token:
Commitment string
Expiration time stamp
From, To fields (to prevent attacks on ZKPK protocol by SP)
Digital signature
Public parameters of the Pedersen commitment scheme
19. Department of Computer Science
Our Approach
NSS 2014
3. Privacy preserving identity management protocol: Enrollment
Artifacts provided to the User: (stored in the TEE of user’s device)
Identity Token
Trained and customized SVM classifier.
BID generation software.
Salt value used for PBKDF.
Error correction meta-data.
20. Department of Computer Science
Our Approach
NSS 2014
3. Privacy preserving identity management protocol: Authentication
Biometric
image
Hash Vector
P-Hash
Customized SVM
Single Label Classification
R’=
Commitment:
C’ = gx’hr’
X’ = BID
Authentication Request
Biometric
IDT
d = gyhs
Zero Knowledge Proof of Knowledge Protocol
Service
Provider
User Service Provider
challenge: e
u=y+ex, v=s+er
success if Ced = guhv
21. Department of Computer Science
Summary: Performance
Performance measure Value
Computing perceptual hash 0.0105 (s)
Training Classifier 8 (s) [with 400 training instances]
Predicting from trained classifier 0.013 (s)
Creating commitment 0.003038 (s)
Zero Knowledge Proof (without
network delay)
0.00763 (s)
Hardware Configurations:
CPU: Intel Core i7-3537U
Memory: 5GB RAM
OS: Ubuntu 13.4 OS
Our Approach
NSS 2014
22. Department of Computer Science
Security Analysis:
Confidentiality of sensitive data is preserved:
Biometric image, P-Hash vector, BID are not stored anywhere.
Secrets are derived from the user’s password.
Zero Knowledge Proof of Knowledge protocol:
Biometric information not revealed at any point.
MITM attacks carried out by SP are prevented.
Identity token provides ownership assurance and avoids
impersonation.
Enables revocation of the biometric based identity tokens.
Our Approach
NSS 2014
23. Department of Computer Science
We covered so far:
Our Approach
NSS 2014
Generating unique, repeatable and revocable BIDs.
Extended approach with ECC to improve repeatability.
Privacy preserving identity management protocol:
with zero-knowledge-proofs.
User-centric identity management
Performance and Security Analysis
24. Department of Computer Science
Future Work
Experimenting on other biometric traits.
Privacy preserving biometrics based authentication based
on distance matching:
• Homomorphic Encryption
• Garbled circuits
Multi-modal biometrics for authentication.