Abstract
Biometric systems gain more and more attention in everyday life regarding authentication and surveillance of persons. This includes, amongst others, the login on a notebook based on fingerprint verification, controlling of airports or train stations, and the biometric identity card. Although these systems have several advantages in comparison to traditional approaches, they exhibit high risks regarding confidentiality and data protection issues. For instance, tampering biometric data or general misuse could have devastating consequences for the owner of the respective data. Furthermore, the digital nature of biometric data raises specific requirements for the usage of the data for crime detection or at court to convict a criminal. Here, the chain-of-custody has to be proven without any doubt. In this paper, we present a database-centric approach for ensuring the chain-of-custody in a forensic digital fingerprint system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
ANSI/ISO/IEC 9075:1999. International Standard - Database Language SQL (1999)
Benjelloun, O., Sarma, A., Halevy, A., Widom, J.: Uldbs: databases with uncertainty and lineage. In: Proc. Int. Conf. on Very Large Data Bases, VLDB, pp. 953–964 (2006)
Bishop, M.: Computer Security - Art and Science. Addison-Wesley, Reading (2003)
Blythe, P., Fridrich, J.: Secure digital camera. In: Proc. of Digital Forensic Research Workshop, pp. 17–19 (2004)
Buneman, P., Khanna, S., Tan, W.-C.: Why and where: A characterization of data provenance. In: Van den Bussche, J., Vianu, V. (eds.) ICDT 2001. LNCS, vol. 1973, pp. 316–330. Springer, Heidelberg (2000)
Cheney, J., Chiticariu, L., Tan, W.-C.: Provenance in databases: Why, how, and where. Foundations and Trends in Databases 1(4), 379–474 (2009)
Codd, E.: A relational model of data for large shared data banks. Comm. of the ACM 13(6), 377–387 (1970)
Cui, Y., Widom, J., Wiener, J.: Tracing the lineage of view data in a warehousing environment. ACM Trans. Database Syst. 25, 179–227 (2000)
Dittmann, J., Katzenbeisser, S., Schallhart, C., Veith, H.: Provably secure authentication of digital media through invertible watermarks. Cryptology ePrint Archive, Report 293 (2004)
Dittmann, J., Wohlmacher, P., Nahrstedt, K.: Using cryptographic and watermarking algorithms. IEEE MultiMedia 8, 54–65 (2001)
The Federal Commisioner for Data Protection and Freedom of Information. Federal data protection act (bdsg) in the version promulgated on 14 January 2003 (federal law gazette i, p. 66), last amended by article 1 of the act of 14 August 2009, (federal law gazette i, p. 2814), (in force from September 1, 2009)
Fowler, K.: SQL Server Forensic Analysis. Addison-Wesley, Reading (2008)
Garfinkel, S.: Providing cryptographic security and evidentiary chain-of-custody with the advanced forensic format, library, and tools. Digital Crime and Forensics 1(1), 1–28 (2009)
Hasan, R., Sion, R., Winslett, M.: The case of the fake picasso: preventing history forgery with secure provenance. In: Proc. Int. Conf. on File and Storage Technologies, pp. 1–14. USENIX Association (2009)
Kiltz, S., Hoppe, T., Dittmann, J., Vielhauer, C.: Video surveillance: A new forensic model for the forensically sound retrival of picture content off a memory dump. In: Proc. of Informatik 2009 - Digitale Multimedia-Forensik. LNI, vol. 154, pp. 1619–1633 (2009)
Kiltz, S., Lang, A., Dittmann, J.: Taxonomy for computer security incidents. In: Cyber Warfare and Cyber Terrorism (2007)
Leich, M., Ulrich, M.: Forensic fingerprint detection: Challenges of benchmarking new contact-less fingerprint scanners – a first proposal. In: Proc. Workshop on Pattern Recognition for IT Security. TU-Darmstadt, Darmstadt (2010)
Meints, M., Biermann, H., Bromba, M., Busch, C., Hornung, G., Quiring-Kock, G.: Biometric systems and data protection legislation in germany. In: Proc. Int. Conf. on Intelligent Information Hiding and Multimedia Signal Processing, pp. 1088–1093. IEEE, Los Alamitos (2008)
Newman, R.: Computer forensics: evidence, collection, and management. Auerbach (2007)
Stonebraker, M., Moore, D.: Object Relational DBMSs. Morgan Kaufmann, San Francisco (1996)
Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems [electronic resource]: recommendations of the National Institute of Standards and Technology. U.S. Dept. of Commerce, National Institute of Standards and Technology
Tan, W.-C.: Provenance in databases: Past, current, and future. IEEE Data Engineering Bulletin 32(4), 3–12 (2007)
Zhang, J., Chapman, A., LeFevre, K.: Do you know where your data’s been? - Tamper-evident database provenance. Technical Report CSE-TR-548-08, Univ. of Michigan (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schäler, M., Schulze, S., Kiltz, S. (2011). Database-Centric Chain-of-Custody in Biometric Forensic Systems. In: Vielhauer, C., Dittmann, J., Drygajlo, A., Juul, N.C., Fairhurst, M.C. (eds) Biometrics and ID Management. BioID 2011. Lecture Notes in Computer Science, vol 6583. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19530-3_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-19530-3_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19529-7
Online ISBN: 978-3-642-19530-3
eBook Packages: Computer ScienceComputer Science (R0)