Abstract
In this paper we present a system for enterprise rights management (ERM) for remote maintenance facilities. The Data provider inizializes a mobile device (terminal) by preloading a set of documents, the associated metadata along with the access policy. The envisioned scenario does not allow any further communication, so that documentation confidentiality is achieved by means of a biometric key-binding scheme featuring face recognition. We show that our scheme improves the privacy of operators’ biometric templates and the overall system usability. Moreover, we show experimentally that face biometry offers a sufficient level of stability for the purpose of the key recovery. Non-interactive security functionalities and access control enforcement leverage terminals featuring cryptographic hardware. To this end we present an operator device prototype implementation based on Trusted Execution Environments (TEE).
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Notes
The scheme generates q oscillating functions, one for each component \(b_i\), \(i=1,\ldots ,q\) of the biometric template \(B_u\). Each function is used independently from the others.
References
Abate AF, De Marsico M, Riccio D, Tortora G (2011) MUBAI: multiagent biometrics for ambient intelligence. J Ambient Intell Hum Comput 2(2):81–89. https://doi.org/10.1007/s12652-010-0030-2
Abbadi IM, Alawneh M (2008) Preventing insider information leakage for enterprises. In: Second international conference on emerging security information, systems and technologies, Cap Esterel, pp 99–106. https://doi.org/10.1109/SECURWARE.2008.14
Adobe Systems (2013) Adobe livecycle es4. http://www.adobe.com/products/livecycle.html. Accessed 20 Aug 2018
Blasco J, Tapiador JE, Peris-Lopez P, Suarez-Tangil G (2015) Hindering data theft with encrypted data trees. J Syst Softw 101:147–158
Blonder GE (1996) Graphical passwords. Lucent Technologies Inc, Murray Hill, US Patent no. 5559961
Blundo C, D’Arco P, Santis AD, Galdi C (2004) H\({\text{ yppocrates }}\): a new proactive password checker. J Syst Softw 71(1–2):163–175
Bonatti PA, Galdi C, Torres D (2015) Event-driven RBAC. J Comput Secur 23(6):709–757. https://doi.org/10.3233/JCS-150539
Cai D, He X, Han J, Zhang HJ (2006) Orthogonal laplacianfaces for face recognition. IEEE Trans Image Process 15(11):3608–3614
Castiglione A, Catuogno L, Del Sorbo A, Fiore U, Palmieri F (2014) A secure file sharing service for distributed computing environments. J Supercomput 67(3):691–710. https://doi.org/10.1007/s11227-013-0975-y
Catuogno L, Galdi C (2010) On the security of a two-factor authentication scheme. In: Information security theory and practices. Security and privacy of pervasive systems and smart devices, 4th IFIP WG 11.2 international workshop, WISTP 2010, Passau, Germany, 12–14 April 2010, pp 245–252. https://doi.org/10.1007/978-3-642-12368-9_19
Catuogno L, Galdi C (2014a) Analysis of a two-factor graphical password scheme. Int J Inform Secur 13(5):421–437
Catuogno L, Galdi C (2014b) On user authentication by means of video events recognition. J Ambient Intell Hum Comput 5(6):909–918
Catuogno L, Dmitrienko A, Eriksson K, Kuhlmann D, Ramunno G, Sadeghi AR, Schulz S, Schunter M, Winandy M, Zhan J (2009) Trusted virtual domains—design, implementation and lessons learned. In: Trusted systems, first international conference, INTRUST 2009, Beijing, China, 17–19 Dec 2009, pp 156–179. https://doi.org/10.1007/978-3-642-14597-1_10
Catuogno L, Löhr H, Winandy M, Sadeghi AR (2014) A trusted versioning file system for passive mobile storage devices. J Netw Comput Appl 38:65–75
Catuogno L, Galdi C, Riccio D (2016) Flexible and robust enterprise right management. In: IEEE Symposium on Computers and Communication, ISCC 2016, Messina, Italy, June 27–30, 2016, pp 1257–1262. https://doi.org/10.1109/ISCC.2016.7543909
Ciaramella A, D’Arco P, De Santis A, Galdi C, Tagliaferri R (2006) Neural network techniques for proactive password checking. IEEE Trans Dependable Secure Comput 3(4):327–339
EMC Corporation (2003) Emc documentum. http://www.emc.com/enterprise-content-management/documentum/index.htm. Accessed 20 Aug 2018
Gasmi Y, Sadeghi AR, Stewin P, Unger M, Winandy M, Husseiki R, Stüble C (2008) Flexible and secure enterprise rights management based on trusted virtual domains. In: Proceedings of the 3rd ACM workshop on scalable trusted computing (STC '08). ACM, New York, NY, USA, pp 71–80. https://doi.org/10.1145/1456455.1456467
GlobalPlatform (2011) Tee system architecture v1.0. http://www.globalplatform.org, Accessed 9 Jan 2018
Goshtasby A (1988) Image registration by local approximation methods. Image Vis Comput 6(4):255–261
Grimm M, Anderl R (2013) Intellectual property protection and secure knowledge management in collaborative systems engineering. Procedia Comput Sci 16:571–580
Gupta A, Kirkpatrick M, Bertino E (2014) A formal proximity model for rbac systems. Comput Secur 41:52–67. https://doi.org/10.1016/j.cose.2013.08.012
Haller N (1994) The S/KEY one-time password system. Internet Engineering Task Force (IETF) RFC 1760, 1995. https://www.rfc-editor.org/info/rfc1760. Accessed 4 Sept 2018
Hopper NJ, Blum M (2001) Secure human identification protocols. In: Boyd C (ed) Advances in cryptology—ASIACRYPT 2001, vol 2248. Springer, Berlin, Heidelberg, pp 52–66. https://doi.org/10.1007/3-540-45682-1_4
Jain A, Nandakumar K, Ross A (2005) Score normalization in multimodal biometric systems. Pattern Recogn 38(12):2270–2285
Jiang Q, Chen Z, Li B, Shen J, Yang L, Ma J (2017) Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems. J Ambient Intell Hum Comput. https://doi.org/10.1007/s12652-017-0516-2
Juels A, Sudan M (2006) A fuzzy vault scheme. Des Codes Crypt 38(2):237–257. https://doi.org/10.1007/s10623-005-6343-z
Kirkpatrick MS, Bertino E (2010) Enforcing spatial constraints for mobile RBAC systems. In: Proc. of the 15th ACM Symp. on access control models and technologies (SACMAT), pp 99–108. https://doi.org/10.1145/1809842.1809860
Li F, Rahulamathavan Y, Conti M, Rajarajan M (2015) Robust access control framework for mobile cloud computing network. Comput Commun 68:61–72
Maniatis P, Akhawe D, Fall KR, Shi E, Song D (2011) Do you know where your data are? secure data capsules for deployable data protection. HotOS 7:193–205
Martinez AM (1998) The AR face database. CVC Technical Report24
Matsumoto T (1996) Human-computer cryptography: an attempt. In: Proceedings of the 3rd ACM conference on computer and communications security (CCS '96). ACM, New York, NY, USA, pp 68–75. https://doi.org/10.1145/238168.238190
McDonald D, Atkinson RJ, Metz C (1995) One-time passwords in everything (OPIE): experiences with building and using strong authentication. USENIX UNIX Security Symposium, pp 177–186
Microsoft Corporation (2016) Azure information protection. https://azure.microsoft.com/en-gb/services/information-protection/. Accessed 20 Aug 2018
Milborrow S, Nicolls F (2008) Locating facial features with an extended active shape model. In: Forsyth D, Torr P, Zisserman A (eds) Computer vision–ECCV 2008, vol 5305. Springer, Berlin, Heidelberg, pp 504–513
Park SW, Lim J, Kim JN (2015) A secure storage system for sensitive data protection based on mobile virtualization. Int J Distrib Sens Netw. https://doi.org/10.1155/2015/929380
Rathgeb C (2011) Uhl A (2011) A survey on biometric cryptosystems and cancelable biometrics. EURASIP J Inform Secur 1:1–25. https://doi.org/10.1186/1687-417X-2011-3
Riccio D, Galdi C, Manzo R (2016) Biometric/cryptographic keys binding based on function minimization. In: 12th International conference on signal-image technology & internet-based systems (SITIS), Naples, pp 144–150. https://doi.org/10.1109/SITIS.2016.31
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47
Sirovich L, Kirby M (1987) Low-dimensional procedure for the characterization of human faces. Josa a 4(3):519–524
Suo X, Zhu Y, Owen GS (2005) Graphical passwords: a survey. In: 21st Annual Computer Security Applications Conference (ACSAC'05), Tucson, AZ, pp 463–472. https://doi.org/10.1109/CSAC.2005.27
Turk MA, Pentland AP (1991) Face recognition using eigenfaces. In: Proceedings of the Computer Society Conference on Computer Vision and Pattern Recognition. IEEE, Maui, HI, USA, pp 586–591.https://doi.org/10.1109/CVPR.1991.139758
Wu L, Yuan S (2010) A face based fuzzy vault scheme for secure online authentication. In: Proceedings of the 2010 Second International Symposium on Data, Privacy, and E-Commerce, IEEE Computer Society, Washington, DC, USA, ISDPE ’10, pp 45–49. https://doi.org/10.1109/ISDPE.2010.13,
Xu D, Chen J, Liu Q (2018) Provably secure anonymous three-factor authentication scheme for multi-server environments. J Ambient Intell Hum Comput. https://doi.org/10.1007/s12652-018-0710-x
Zhao W, Chellappa R, Phillips PJ, Rosenfeld A (2003) Face recognition: A literature survey. ACM Computi Surv (CSUR) 35(4):399–458
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Catuogno, L., Galdi, C. & Riccio, D. Off-line enterprise rights management leveraging biometric key binding and secure hardware. J Ambient Intell Human Comput 10, 2883–2894 (2019). https://doi.org/10.1007/s12652-018-1023-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-018-1023-9