A review on performance,security and various biometric template protection schemes for biometric authentication systems

Identifying a person based on their behavioral and biological qualities in an automated manner is called biometrics. The authentication system substituting traditional password and token for authentication and relies gradually on biometric authentication methods for verification of the identity of an individual. This proves the fact that society has started depending on biometric-based authentication systems. Security of biometric authentication needs to be reviewed and discussed as there are multiple points related to integrity and public reception of biometric-based authentication systems. Security and recognition accuracy are the two most important aspects which must be considered while designing biometric authentication systems. During enrollment phase scanning of biometric data is done to determine a set of distinct biometric feature set known as biometric template. Protection of biometric templates from various hacking efforts is a topic of vital importance as unlike passwords or tokens, compromised biometric templates cannot be reissued. Therefore, giving powerful protection techniques for biometric templates and still at that very moment preparing great identification accuracy is a good research problem nowadays, as well as in the future. Furthermore, efficiency under non-ideal conditions is also supposed to be inadequate and thus needs special attention in the design of a biometric authentication system. Disclosure of various biometric traits in miscellaneous applications creates a severe compromise on the privacy of the user. Biometric authentication can be utilized for remote user authentication. In this case, the biometric data of users typically called templates are stored in a server. The uniqueness and stability of biometrics ended it useful over traditional authentication systems. But, a similar thing made the enduring harm of a user’s identity in biometric systems. The architecture of the biometric system leads to several hazards that lead to numerous security concerns and privacy threats. To address this issue, biometric templates are secured using several schemes that are categorized as biometric cryptosystems, cancelable biometrics, hybrid methods, Homomorphic Encryption, visual cryptography based methods. Biometric cryptosystems and cancelable biometrics techniques provide reliable biometric security at a great level. However, there persist numerous concerns and encounters that are being faced during the deployment of these protection technologies. This paper reviews and analyses various biometric template protection methods. This review paper also reflects the limitations of various biometric template protection methods being used in present times and highlights the scope of future work.

     

云环境中数据存储的安全机制研究

本文针对因网络的广泛应用而产生的数据存储的安全问题,在云计算技术的基础上,从数据及身份的保密性、完整性保护和用户身份及操作的隐私保护两个方面归纳出了在云环境下数据存储的安全机制,并总结了其安全问题的解决方法。     

Approaches and challenges of privacy preserving search over encrypted data

More and more data owners are encouraged to outsource their data onto cloud servers for reducing infrastructure, maintenance cost and also to get ubiquitous access to their stored data. However, security is one issue that discourages data owners from adopting cloud servers for data storage. Searchable Encryption (SE) is one of the few ways of assuring privacy and confidentiality of such data by storing them in encrypted form at the cloud servers. SE enables the data owners and users to search over encrypted data through trapdoors. Most of the user information requirements are fulfilled either through Boolean or Ranked search approaches. This paper aims at understanding how the confidentiality and privacy of information can be guaranteed while processing single and multi-keyword queries over encrypted data using Boolean and Ranked search approaches. This paper presents all possible leakages that happen in SE and also specifies which privacy preserving approach to be adopted in SE schemes to prevent those leakages to help the practitioners and researchers to design and implement secure searchable encryption systems. It also highlights various application scenarios where SE could be utilized. This paper also explores the research challenges and open problems that need to be focused in future.     

安全高效的生物识别外包计算方案研究

生物识别是指将待识别个体的生物特征与预先成立的生物数据库进行匹配,从而完成个体身份识别的过程。目前,生物识别技术在互联网电子服务环境中得到了越来越广泛的应用。随着云计算的迅速发展,生物识别也可通过外包计算的方式提高识别效率。然而,这种计算外包模式同时带来了新的隐私风险,如个体生物特征信息的泄露以及被非授权的使用。主要对云计算环境中的生物识别外包方案展开研究。对最新的生物识别外包方案进行了安全性分析,并揭示了该方案存在的隐私漏洞;将数据拆分技术与矩阵变换相结合设计了新的数据隐私保护技术,提出了一个改进的生物识别外包方案EBIO;详细的理论分析论证了该方案的正确性和隐私性;对EBIO方案进行了原型实现并进行了大量实验。实验数据表明,EBIO方案可以高效地完成大规模生物识别任务,可在实际应用中进行实际部署。     

生物特征数据安全保护技术的发展

生物特征识别相对于传统的身份识别更安全和便捷.随着生物特征识别系统的广泛应用,生物特征数据的安全性和隐私性日益得到重视.生物特征数据的安全保护技术,主要包括生物特征加密(Biometric Salting)、生物特征密钥生成(Biometric Key Generation)、Fuzzy Schemes等几大类.通过重点分析这几类方法中的具有代表性的算法,来讨论生物特征数据的安全保护技术的研究及其发展,并进一步指出进行生物特征安全保护技术理论与应用研究的发展方向.     

支持区间查询的基于位置服务外包数据隐私保护方案

随着云计算技术的迅猛发展,越来越多的LBS服务被外包到云上运行以减少本地的计算和存储成本。然而,外包环境下的云服务器通常被认为是一个半可信的实体,LBS提供商的数据安全和用户的个人隐私将会面临新的安全挑战。针对现有基于位置服务数据外包方案中不支持区间查询和隐私保护不足等问题,文章提出一种支持区间查询的LBS外包数据隐私保护方案,利用非对称向量积保值加密和公钥可搜索加密对LBS坐标和关键词进行加密,实现LBS数据的机密性和用户查询模式的隐私性;利用轻量级的矩阵运算使用户在不泄露查询区间的前提下准确获得所需LBS数据。在新用户注册方面,采用基于双线性配对运算实现用户身份认证。安全性和性能分析表明,文章方案较同类方案具有一定优势。     

基于比特流的虹膜特征数据的隐藏算法

对生物特征数据的攻击是生物特征识别自身安全的主要威胁。为了提高虹膜特征数据的安全性,根据现有主要的虹膜识别方法中特征模板的数据特性和基于汉明距的比对方法,提出一种基于比特流的将虹膜特征模板数据嵌入人脸图像的数据隐藏算法。实验结果表明,该算法具有较强的隐蔽性,隐藏算法本身误码率为零,计算效率高,不会影响虹膜识别技术本身的性能,能够有效保护特征模板数据,增强虹膜识别系统自身的安全性。     

Cancelable features using log-Gabor filters for biometric authentication

Wide spread use of biometric based authentication requires security of biometric data against identity thefts. Cancelable biometrics is a recent approach to address the concerns regarding privacy of biometric data, public confidence, and acceptance of biometric systems. This work proposes a template protection approach which generates revocable binary features from phase and magnitude patterns of log-Gabor filters. Multi-level transformations are applied at signal and feature level to distort the biometric data using user specific tokenized variables which are observed to provide better performance and security against information leakage under correlation attacks. A thorough analysis is performed to study the performance, non-invertibility, and changeability of the proposed approach under stolen token scenario on multiple biometric modalities. It is revealed that generated templates are non-invertible, easy to revoke, and also deliver good performance.     

Engineering of secure multi-cloud storage

This article addresses security and privacy issues associated with storing data in public cloud services. It presents an architecture based on a novel secure cloud gateway that allows client systems to store sensitive data in a semi-trusted multi-cloud environment while providing confidentiality, integrity, and availability of data. This proxy system implements a space-efficient, computationally-secure threshold secret sharing scheme to store shares of a secret in several distinct cloud datastores. Moreover, the system integrates a comprehensive set of security measures and cryptographic protocols to mitigate threats induced by cloud computing. Performance in practice and code quality of the implementation are analyzed in extensive experiments and measurements.     

模糊逻辑在人脸特征保护算法中的应用

随着人脸识别在门禁、视频监控等公共安全领域中的应用日益广泛,人脸特征数据的安全性和隐私性问题成为备受关注的焦点。近年来出现了许多关于生物特征及人脸特征的安全保护算法,这些算法大都是将生物特征数据转变为二值的串,再进行保护。针对已有的保护算法中将实值的人脸特征转换为二值的串,从而导致信息丢失的不足,应用模糊逻辑对人脸模板数据的类内差异进行建模,从而提高人脸识别系统的性能。给出了算法在CMU PIE的光照子集、CMU PIE带光照和姿势的子集和ORL人脸数据库中的实验结果。实验表明,该算法能够进一步提高已有安全保护算法的识别率。     

无线体域网中具有生物特征的基于身份的访问控制方案

针对现有无线体域网(WBANs)中的安全和隐私性问题,为了充分利用生物特征的优势来确保WBANs内数据通信的安全性,首次提出了一种具有生物特征的基于身份的隐私保护技术,然后利用该技术在WBANs中提出了一种新的访问控制方法。在安全性方面,在随机预言机模型下是可证明安全的,并且具有机密性、认证性、完整性、不可否认性和匿名性;在性能方面,与现有方案相比,提出方案在计算开销和通信开销方面都具有优势。     

Efficient integrity verification of replicated data in cloud using homomorphic encryption

The cloud computing is an emerging model in which computing infrastructure resources are provided as a service over the internet. Data owners can outsource their data by remotely storing them in the cloud and enjoy on-demand high quality services from a shared pool of configurable computing resources. However, since data owners and the cloud servers are not in the same trusted domain, the outsourced data may be at risk as the cloud server may no longer be fully trusted. Therefore, data confidentiality, availability and integrity is of critical importance in such a scenario. The data owner encrypts data before storing it on the cloud to ensure data confidentiality. Cloud should let the owners or a trusted third party to check for the integrity of their data storage without demanding a local copy of the data. Owners often replicate their data on the cloud servers across multiple data centers to provide a higher level of scalability, availability, and durability. When the data owners ask the cloud service provider (CSP) to replicate data, they are charged a higher storage fee by the CSP. Therefore, the data owners need to be strongly convinced that the CSP is storing data copies agreed on in the service level contract, and data-updates have been correctly executed on all the remotely stored copies. To deal with such problems, previous multi copy verification schemes either focused on static files or incurred huge update costs in a dynamic file scenario. In this paper, we propose a dynamic multi-replica provable data possession scheme (DMR-PDP) that while maintaining data confidentiality prevents the CSP from cheating, by maintaining fewer copies than paid for and/or tampering data. In addition, we also extend the scheme to support a basic file versioning system where only the difference between the original file and the updated file is propagated rather than the propagation of operations for privacy reasons. DMR-PDP also supports efficient dynamic operations like block modification, insertion and deletion on replicas over the cloud servers. Through security analysis and experimental results, we demonstrate that the proposed scheme is secure and performs better than some other related ideas published recently.     

SGX技术的分析和研究

安全性是云计算中一项极为重要的需求,然而如何保护云计算中关键应用程序和数据的安全、防止云平台管理员泄露用户隐私,仍然是目前没有解决的难题.2013年,Intel公司提出了新的处理器安全技术SGX,能够在计算平台上提供一个可信的隔离空间,保障用户关键代码和数据的机密性和完整性.作为系统安全领域的重大研究进展,SGX对系统安全,尤其是云计算安全保护方面具有非常重要的意义.该文介绍了SGX的原理和特性,分析了SGX的关键技术以及针对SGX的侧信道攻击及防御方法.同时,总结和归纳了该技术的研究成果,分析了SGX技术与其他可信计算技术的异同,并指出了SGX技术的未来研究挑战和应用需求.     

FaceEncAuth：基于FaceNet和国密算法的人脸识别隐私安全方案

人脸识别中,人脸特征作为生物特征的一种,具有唯一性、不可撤销性,一旦遭到攻击、篡改或泄露,用户隐私安全将面临巨大威胁。针对这一问题,提出一种基于深度学习和加密算法的人脸识别隐私安全方案。该方案中,利用FaceNet深度学习算法来高效提取人脸特征,协调生物特征模糊性与密码系统的精确性,采用CKKS全同态加密算法进行人脸识别密文域的运算,通过国密SM4算法增强人脸特征密文抵抗恶意攻击的能力,利用其对称密码的性质兼顾了安全性和运算效率,而SM9非对称密码算法则用于SM4算法对称密钥的管理。实验结果及分析表明,该方案在不影响人脸识别准确率、效率的前提下提高了数据传输、存储和比对的安全性。     

基于模分量的同态加密方法研究与应用

随着云计算的发展,海量数据的处理正逐渐从用户本地转向云服务器,然而数据本身可能携带大量用户隐私,且一旦用户将数据上传至云服务器,就失去了对数据的完全掌控能力,该类数据一旦被非法获取,用户身份、行为、偏好等各类隐私就可能被暴露。因此,如何保证在不暴露原始数据的情况下让受委托的云服务器在密文下执行运算成为一个重要的研究课题。本文基于密码学和计算机视觉相关理论,针对隐私数据安全处理的问题,以模分量的同态性质为基础设计了两种加密方法,分别为基于混淆模分解的同态加密方法和基于密模聚合的同态加密方法,并给出了安全性分析。并将这两种方法应用于视觉盲计算领域中,实现计算方在无需获取任何原始数据有效信息的密文条件下,完成对数据的盲处理,实现了数据的可用不可见。实验结果表明,基于密模聚合模同态加密的运动目标盲提取方法,在多数测试场景中能在不降低原始算法准确率的前提下,在时间效率上明显优于基于混合高斯模型的运动目标盲提取和基于多服务器秘密共享的前景提取等方法;基于混淆模分解同态加密的人脸盲检测方法,能在不降低原始人脸检测算法识别的准确率前提下,实现视频监控人脸的盲检测,且检测速度大幅度快于基于随机子图的隐秘人脸检测方法和基于随机向量的隐秘人脸检测等算法。     

Intelligent agents for the management of complexity in multimodal biometrics

Current approaches to personal identity authentication using a single biometric technology are limited, principally because no single biometric is generally considered both sufficiently accurate and user-acceptable for universal application. Multimodal biometrics can provide a more adaptable solution to the security and convenience requirements of many applications. However, such an approach can also lead to additional complexity in the design and management of authentication systems. Additionally, complex hierarchies of security levels and interacting user/provider requirements demand that authentication systems are adaptive and flexible in configuration. In this paper we consider the integration of multimodal biometrics using intelligent agents to address issues of complexity management. The work reported here is part of a major project designated IAMBIC (Intelligent Agents for Multimodal Biometric Identification and Control), aimed at exploring the application of the intelligent agent metaphor to the field of biometric authentication. The paper provides an introduction to a first-level architecture for such a system, and demonstrates how this architecture can provide a framework for the effective control and management of access to data and systems where issues of privacy, confidentiality and trust are of primary concern. Novel approaches to software agent design and agent implementation strategies required for this architecture are also highlighted. The paper further shows how such a structure can define a fundamental paradigm to support the realisation of universal access in situations where data integrity and confidentiality must be robustly and reliably protected .     

A hybrid scheme for securing fingerprint templates

In a fingerprint recognition system, templates are stored in the server database. To avoid the privacy concerns in case the database is compromised, many approaches of securing biometrics templates such as biometric encryption, salting, and noninvertible transformation are proposed to enhance privacy and security. However, a single approach may not meet all application requirements including security, diversity, and revocability. In this paper, we present a hybrid scheme for securing fingerprint templates, which integrates our novel algorithms of biometric encryption and noninvertible transformation. During biometric encryption, we perform the implementation of fingerprint fuzzy vault using a linear equation and chaff points. During noninvertible transformation, we perform a regional transformation for every minutia-centered circular region. The hybrid scheme can provide high security, diversity, and revocability. Experimental results show the comparative performance of those approaches. We also present strength analysis and threats on our scheme.     

基于模分量的同态加密方法研究与应用CSCD

随着云计算的发展,海量数据的处理正逐渐从用户本地转向云服务器,然而数据本身可能携带大量用户隐私,且一旦用户将数据上传至云服务器,就失去了对数据的完全掌控能力,该类数据一旦被非法获取,用户身份、行为、偏好等各类隐私就可能被暴露。因此,如何保证在不暴露原始数据的情况下让受委托的云服务器在密文下执行运算成为一个重要的研究课题。本文基于密码学和计算机视觉相关理论,针对隐私数据安全处理的问题,以模分量的同态性质为基础设计了两种加密方法,分别为基于混淆模分解的同态加密方法和基于密模聚合的同态加密方法,并给出了安全性分析。并将这两种方法应用于视觉盲计算领域中,实现计算方在无需获取任何原始数据有效信息的密文条件下,完成对数据的盲处理,实现了数据的可用不可见。实验结果表明,基于密模聚合模同态加密的运动目标盲提取方法,在多数测试场景中能在不降低原始算法准确率的前提下,在时间效率上明显优于基于混合高斯模型的运动目标盲提取和基于多服务器秘密共享的前景提取等方法;基于混淆模分解同态加密的人脸盲检测方法,能在不降低原始人脸检测算法识别的准确率前提下,实现视频监控人脸的盲检测,且检测速度大幅度快于基于随机子图的隐秘人脸检测方法和基于随机向量的隐秘人脸检测等算法。     

A fast feature selection technique in multi modal biometrics using cloud framework

Biometrics refers to the process that uses biological or physiological traits to identify individuals. The progress seen in technology and security has a vital role to play in Biometric recognition which is a reliable technique to validate individuals and their identity. The biometric identification is generally based on either their physical traits or their behavioural traits. The multimodal biometrics makes use of either two or more of the modalities to improve recognition. There are some popular modalities of biometrics that are palm print, finger vein, iris, face or fingerprint recognition. Another important challenge found with multimodal biometric features is the fusion, which could result in a large set of feature vectors. Most biometric systems currently use a single model for user authentication. In this existing work, a modified method of heuristics that is efficiently used to identify an optimal feature set that is based on a wrapper-based feature selection technique. The proposed method of feature selection uses the Ant Colony Optimization (ACO) and the Particle Swarm Optimization (PSO) are used to feature extraction and classification process utilizes the integration of face, and finger print texture patterns. The set of training images is converted to grayscale. The crossover operator is applied to generate multiple samples for each number of images. The wok proposed here is pre-planned for each weight of each biometric modality, which ensures that even if a biometric modality does not exist at the time of verification, a person can be certified to provide calculated weights the threshold value. The proposed method is demonstrated better result for fast feature selection in bio metric image authentication and also gives high effectiveness security.     

A novel cancellable Iris template generation based on salting approach

The iris has been vastly recognized as one of the powerful biometrics in terms of recognition performance, both theoretically and empirically. However, traditional unprotected iris biometric recognition schemes are highly vulnerable to numerous privacy and security attacks. Several methods have been proposed to generate cancellable iris templates that can be used for recognition; however, these templates achieve lower accuracy of recognition in comparison to traditional unprotected iris templates. In this paper, a novel cancellable iris recognition scheme based on the salting approach is introduced. It depends on mixing the original binary iris code with a synthetic pattern using XOR operation. This scheme guarantees a high degree of privacy/security preservation without affecting the performance accuracy compared to the unprotected traditional iris recognition schemes. Comprehensive experiments on various iris image databases demonstrate similar accuracy to those of the original counterparts. Hence, robustness to several major privacy/security attacks is guaranteed.