This paper looks at privacy-enhanced uses of biometrics, with a particular focus on the privacy and security advantages of Biometric Encryption (BE). It considers the merits of Biometric Encryption for verifying identity, protecting privacy, and ensuring security. In doing so, it argues that BE technologies can help to overcome the prevailing “zero-sum” mentality, which posits that adding privacy to identification and information systems will necessarily weaken security and functionality. It explains how and why BE technology promises a “win-win” scenario for all stakeholders.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
See list of resources in appendices of: Ann Cavoukian and Alex Stoianov, Biometric Encryption: A Positive-Sum Technology that Achieves Strong Authentication, Security AND Privacy(March2007) at www.ipc.on.ca/images/Resources/up-1bio_encryp.pdf, and: Organization for Economic Co-operation and Development(OECD), Directorate for Science, Technology and Industry(DSTI), Committee for Information, Computer and CommunicationsPolicy(ICCP):Biometric-BasedTechnologies DSTI/ICCP/REG(2003)2/FINAL (June 2004); and International Biometric Group BioPrivacy Initiative at www.Bioprivacy.org
See the 27th International Conference of Data Protection and Privacy Commissioners, Montreux, Switzerland, Resolution on the use of biometrics in passports, identity cards and travel documents (16 Sept 2005).
See European Union Article 29 Working Party, Working document on biometrics (Aug 2003)
See: UK Information Commissioner, Data Protection Technical Guidance Note: Privacy enhancing technologies (Nov 2006); European Commission, Communication: Promoting Data Protection by Privacy Enhancing Technologies (PETs) (COM(2007) 228 final) (May 02, 2007); and Information and Privacy Commissioner of Ontario & Dutch Registratierkamer, Privacy-Enhancing Technologies: The Path to Anonymity (Vols I & II - August 1995)
For excellent overviews and discussions of PETs, see: OECD DSTI/ICCP, Inventory of Privacy-Enhancing Technologies (PETs) (Jan 2003) Dutch Interior Ministry, Privacy-Enhancing Technologies. White paper for decision-makers (2004) R. Leenes, J. Schallaböck and M. Hansen, Privacy and Identity Management for Europe (PRIME) Project, PRIME White paper v2 (June 2007) Future of Identity in the Information Society (FIDIS) Project, D13.1: Identity and impact of privacy enhancing technologies (2007)
N. K. Ratha, J. H. Connell, R. M. Bolle. Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, vol. 40, NO 3, p.p. 614 - 634, 2001
C.J. Hill, “Risk of masquerade arising from the storage of biometrics,” B.S. Thesis, Australian National University, 2001 (supervisor Dr. Roger Clarke).
Cappelli, A. Lumini, D. Maio, and D. Maltoni, “Fingerprint Image Reconstruction from Standard Templates”. IEEE Transactions On Pattern Analysis And Machine Intelligence, v. 29, No. 9, pp. 1489 - 1503, 2007
B. Schneier, “The Uses and Abuses of Biometrics,” Comm. ACM, vol. 42, no. 8, p. 136, Aug. 1999
There has been recent activity of International Organization for Standardization in order to support the confidentiality and integrity of the biometric template by using cryptographic means (ISO/IEC WD 24745, “Biometric Template Protection”).
FIDIS report, “D3.2: A study on PKI and biometrics,” 2005
K. Nandakumar, A. Nagar, and A. K. Jain, “Hardening Fingerprint Fuzzy Vault Using Password”, Proceedings of ICB 2007, Seoul, Korea, August 27-29, 2007. Lecture Notes in Computer Science, Springer, v. 4642, pp. 927-937, 2007
See EDPS, Comments on the Communication of the Commission on interoperability of European Databases (10 March 2006)
F. Hao, R. Anderson, and J. Daugman. “Combining Crypto with Biometrics Effectively”. IEEE Transactions on Computers, v. 55, No.9, pp. 1081-1088, 2006
N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, “Generating Cancelable Fingerprint Templates”. IEEE Transactions On Pattern Analysis And Machine Intelligence, v. 29, No. 4, pp. 561-572, 2007; and the references cited there.
A. Sahai and B. Waters,“Fuzzy identity based encryption,” in Proceedings of EUROCRYPT’05 on Advances in Cryptology, LNCS 3494, pp. 457-473, Springer-Verlag, 2005
D. Nali, C. Adams, andA. Miri. Using Threshold Attribute-Based Encryption for Practical Biometric-Based Access Control. International Journal of Network Security, Vol.1, No.3, pp.173-182, Nov. 2005
X. Boyen, “Reusable cryptographic fuzzy extractors,” CCS 2004, pp. 82-91, ACM Press.
M. van der Veen, T. Kevenaar, G.-J. Schrijen, T. H. Akkermans, and Fei Zuo, “Face Biometrics with Renewable Templates”. Proceedings of SPIE, Volume 6072: Security, Steganography, and Watermarking of Multimedia Contents VIII, 2006.
A. Adler, “Vulnerabilities in biometric encryption systems”. NATO RTA Workshop: Enhancing Information Systems Security - Biometrics (IST-044-RWS-007), 2004
S. C. Draper, A. Khisti, E. Martinian, A. Vetro and J. S. Yedidia, “Using Distributed Source Coding to Secure Fingerprint Biometrics”. Proc. of IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), v. 2, pp. 129-132, April 2007
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 International Federation for Information Processing
About this paper
Cite this paper
Ann Cavoukian, Alex Stoianov, Fred Carter (2008). Keynote Paper: Biometric Encryption: Technology for Strong Authentication, Security and Privacy. In: de Leeuw, E., Fischer-Hübner, S., Tseng, J., Borking, J. (eds) Policies and Research in Identity Management. The International Federation for Information Processing, vol 261. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-77996-6_6
Download citation
DOI: https://doi.org/10.1007/978-0-387-77996-6_6
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-77995-9
Online ISBN: 978-0-387-77996-6
eBook Packages: Computer ScienceComputer Science (R0)