Abstract
The present paper provides a study of theoretical and practical security issues related to the deployment of generic reliable authentication mechanisms based on the use of biometrics and personal hardware tokens, like smart cards. The analysis covers various possible authentication infrastructures, but is mainly focused on the definition of basic requirements and constraints of a particular security scheme, namely client-side authentication. The deployment of such a scheme proves to be necessary when specific application deployment constraints are encountered, particularly when there is a conspicuous need to guarantee the privacy of the users. The paper suggests several solutions to this problem, and proposes a particular template protection technique based on a secure secret sharing scheme. The fundamental goal of this technique is to secure biometric systems sensitive to privacy issues and which rely, at some extent, on authentication performed at the client end of the application.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Jain, A.K., Bolle, R.M., Pankanti, S.: Biometrics: The Personal Identification in Networked Society, January 1999. Kluwer Academic, Norwell (1999)
Pankanti, S., Bolle, R.M., Jain, A.K.: Biometrics: The Future of Identification. IEEE Computer 21(2) (February 2000)
Liu, S., Silverman, M.: A Practical Guide to Biometric Security Technology. IEEE Computer Society, IT Pro - Security (January/February 2000)
Jain, A.K.: Who’s Who? Challenges in Biometric Authentication. LNCS. Springer, Heidelberg (2003)
Schneier, B.: Biometrics: Uses and Abuses. Inside Risks 110, Communications of the ACMÂ 42(8) (August 1999)
Bolle, R.M., Connell, J.H., Ratha, N.K.: Biometric Perils and Patches. In: Pattern Recognition, vol. 35(2), Elsevier Science, B.V (2002)
International Biometric Group (IBG) BioPrivacy Initiative: Technology Assessment, http://www.bioprivacy.org
Penny, W.: Biometrics: A Double Edged Sword - Security and Privacy. SANS Institute (2002)
Prabhakar, S., Pankanti, S., Jain, A.K.: Biometric Recognition: Security and Privacy Concerns. IEEE Security and Privacy Magazine 1(2) (March-April 2003)
Bolle, R.M., Connell, J.H., Ratha, N.K.: Biometrics breaks-in and band-aids. Pattern Recognition Letters 24(13) (September 2003)
Adler, A.: Sample images can be independently restored from face recognition templates. School of Information Technology and Engineering, University of Ottawa (2003)
Hill, C.: The risk of masquerade arising from the storage of biometrics, B.S. Thesis, Australian National University (November 2001)
Schneier, B.: Applied Cryptography, 2nd edn. John Wiley and Sons, Inc., Chichester (1996)
Smart Card Alliance: Secure Personal Identification Systems - Policy, Process and Technology Choices foar a Privacy-Sensitive Solution. Smart Card Alliance White Paper (January 2002)
Smart Card Alliance: Smart Cards and Biometrics in a Privacy-Sensitive Secure Personal Identification System. Smart Card Alliance White Paper (May 2002)
GSAA Government Smart Card Group: Guidelines for Placing Biometrics in Smart Cards (September 1998)
Osborne, M., Ratha, N.K.: A JC-BioAPI Compliant Smart Card with Biometrics for Secure Access Control, January 2003. LNCS. Springer, Heidelberg (2003)
Sanchez-Reillo, R.: Including Biometric Authentication in a Smart Card Operating System, January 2001. LNCS. Springer, Heidelberg (2001)
Podio, F.L., Dunn, J.S., Reinert, L., Tilton, C.J., O’Gorman, L., Collier, M.P., Jerde, M., Wirtz, B.: Common Biometric Exchange File Format. NISTIR 6529 (January 2001)
Schneier, B.: Security pitfalls in cryptography. In: Proc. of CardTech/SecureTech, Washinton D.C. (April 1998)
Ratha, N.K., Connell, J.H., Bolle, R.M.: A biometrics-based secure authentication system. IBM Thomas J. Watson Research Center
Jee, H.K., Lee, K.H., Chung, Y.W.: Integrating the Face Verification Algorithm into the Smart Card System. Electronics and Telecommunication Research Institute, Daejeon (2001)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis: Leaking secrets. Crypto. 1999, 388–397 (1999)
BioAPI Consortium, http://www.bioapi.org
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digitial signatures and public-key cryptosystems. Communications of the ACM 21, 2–120 (1978)
NIST: Digital Signature Standard, National Institute of Standards and Technology (NIST). FIPS Publication 186 (May 1994)
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE trans, Inform. Theory, IT 22, 644–654 (1976)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Baltatu, M., D’Alessandro, R., D’Amico, R. (2004). Toward Ubiquitous Acceptance of Biometric Authentication: Template Protection Techniques. In: Maltoni, D., Jain, A.K. (eds) Biometric Authentication. BioAW 2004. Lecture Notes in Computer Science, vol 3087. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25976-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-25976-3_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22499-0
Online ISBN: 978-3-540-25976-3
eBook Packages: Springer Book Archive