As biometrics gains popularity and proliferates into the daily life, there is an increased concern over the loss of privacy and potential misuse of biometric data held in central repositories. The major concerns are about i) the use of biometrics to track people, ii) non-revocability of biometrics (eg. if a fingerprint is compromised it can not be canceled or reissued), and iii) disclosure of sensitive information such as race, gender and health problems which may be revealed by biometric traits. The straightforward suggestion of keeping the biometric data in a user owned token (eg. smart cards) does not completely solve the problem, since malicious users can claim that their token is broken to avoid biometric verification altogether. Put together, these concerns brought the need for privacy preserving biometric authentication methods in the recent years. In this dissertation, we survey existing ...

Absolute security does not exist: given funding, willpower and the proper technology, every security system can be compromised. However, the objective of the security community should be to develop such applications that the funding, the will, and the resources needed by the attacker to crack the system prevent him from attempting to do so. This Thesis is focused on the vulnerability assessment of biometric systems. Although being relatively young compared to other mature and long-used security technologies, biometrics have emerged in the last decade as a pushing alternative for applications where automatic recognition of people is needed. Certainly, biometrics are very attractive and useful for the final user: forget about PINs and passwords, you are your own key. However, we cannot forget that as any technology aimed to provide a security service, biometric systems are exposed to external attacks which ...

This thesis has two main parts. The first part deals with security and privacy analysis of biometric hashing. The second part introduces a method for fixed-length feature vector extraction and hash generation from fingerprint minutiae. The upsurge of interest in biometric systems has led to development of biometric template protection methods in order to overcome security and privacy problems. Biometric hashing produces a secure binary template by combining a personal secret key and the biometric of a person, which leads to a two factor authentication method. This dissertation analyzes biometric hashing both from a theoretical point of view and in regards to its practical application. For theoretical evaluation of biohashes, a systematic approach which uses estimated entropy based on degree of freedom of a binomial distribution is outlined. In addition, novel practical security and privacy attacks against face image hashing ...

This Thesis is focused on the quality assessment of biometric signals and its application to multimodal biometric systems. Since the establishment of biometrics as an specific research area in late 90s, the biometric community has focused its efforts in the development of accurate recognition algorithms and nowadays, biometric recognition is a mature technology that is used in many applications. However, we can notice recent studies that demonstrate how performance of biometric systems is heavily affected by the quality of biometric signals. Quality measurement has emerged in the biometric community as an important concern after the poor performance observed in biometric systems on certain pathological samples. We first summarize the state-of-the-art in the biometric quality problem. We present the factors influencing biometric quality, which mainly have to do with four issues: the individual itself, the sensor used in the acquisition, the ...

To preserve the privacy of patients and service providers in biomedical signal processing applications, particular attention has been given to the use of secure multiparty computation techniques. This thesis focuses on the development of a privacy preserving automatic diagnosis system whereby a remote server classifies a biomedical signal provided by the patient without getting any information about the signal itself and the final result of the classification. Specifically, we present and compare two methods for the secure classification of electrocardiogram (ECG) signals: the former based on linear branching programs and the latter relying on neural networks. Moreover a protocol that performs a preliminary evaluation of the signal quality is proposed. The thesis deals with all the requirements and difficulties related to working with data that must stay encrypted during all the computation steps. The proposed systems prove that carrying out ...

This Thesis is focused on the combination of multiple biometric traits for automatic person authentication, in what is called a multimodal biometric system. More generally, any type of biometric information can be combined in what is called a multibiometric system. The information sources in multibiometrics include not only multiple biometric traits but also multiple sensors, multiple biometric instances (e.g., different fingers in fingerprint verification), repeated instances, and multiple algorithms. Most of the approaches found in the literature for combining these various information sources are based on the combination of the matching scores provided by individual systems built on the different biometric evidences. The combination schemes following this architecture are typically based on combination rules or trained pattern classifiers, and most of them assume that the score level fusion function is fixed at verification time. This Thesis considers the problem of ...

,The term biometrics refers to the technologies that measure and analyze human intrinsic physical or behavioral characteristics for authenticating individuals. Nowadays, biometric technology is increasingly deployed in civil and commercial applications. The growing use of biometrics is raising security and privacy concerns. Storing biometric data, known as biometric templates, in a database leads to several privacy risks such as identity fraud and cross matching. A solution is to apply biometric template protection techniques, which aim to make it impossible to recover the biometric data from the templates. The goal of our research is to combine biometric systems with template protection. Aimed at fingerprint recognition, this thesis introduces the Spectral Minutiae Representation method, which enables the combination of a minutiae-based fingerprint recognition system with template protection schemes based on fuzzy commitment or helper data schemes. In this thesis, three spectral minutiae ...

The use of biometrics looks promising as it is already being applied in electronic passports, ePassports, on a global scale. Because the biometric data has to be stored as a reference template on either a central or personal storage device, its wide-spread use introduces new security and privacy risks such as (i) identity fraud, (ii) cross-matching, (iii) irrevocability and (iv) leaking sensitive medical information. Mitigating these risks is essential to obtain the acceptance from the subjects of the biometric systems and therefore facilitating the successful implementation on a large-scale basis. A solution to mitigate these risks is to use template protection techniques. The required protection properties of the stored reference template according to ISO guidelines are (i) irreversibility, (ii) renewability and (iii) unlinkability. A known template protection scheme is the helper data system (HDS). The fundamental principle of the HDS ...

Biometric recognition for a long time has been used in confined spaces, usually indoor, where security-critical operations required high accuracy recognition systems, e.g. in police stations, banks, companies, airports. Field activities, on the contrary, required more portability and flexibility leading to the development of devices for less constrained biometric traits acquisition and consequently of robust algorithms for biometric recognition in less constrained conditions. However, the application of "portable" biometric recognition, was still limited in specific fields e.g. for immigration control, and still required dedicated devices. A further step would be to spread the use of biometric recognition on personal devices, as personal computers, tablets and smartphones. Some attempts in this direction were made embedding fingerprint scanners in laptops or smartphones. So far biometric recognition on personal devices has been employed just for a limited set of tasks, as to unlock ...

The increasing need for personal authentication in many daily applications has made biometrics a fundamental research area. In particular, handwritten signatures have long been considered one of the most valuable biometric traits. Signatures are the most popular method for identity verification all over the world, and people are familiar with the use of signatures for identity verification purposes in their everyday life. In fact, signatures are widely used in several daily transactions, being recognized as a legal means of verifying an individual’s identity by financial and administrative institutions. In addition, signature verification has the advantage of being a non-invasive biometric technique. Two categories of signature verification systems can be distinguished taking into account the acquisition device, namely, offline systems, where only the static image of the signature is available, and online systems, where dynamic information acquired during the signing process, ...

This thesis investigates the practical adaption of iris biometrics on smartphones. Iris recognition is a mature and widely deployed technology which will be able to provide the high security demanded by next generation smartphones. Practical challenges in widely adopting this technology on smartphones are identified. Based on this, a number of design strategies are presented for constraint free, high performing iris biometrics on smartphones. A prototype, smartphone form factor device is presented to be used as a front-facing camera. Analysis of its optical properties and iris imaging capabilities shows that such a device with improved optics and sensors could be used for implementing iris recognition in the next generation of smartphones. A novel iris liveness detection is presented to prevent spoofing attacks on such a system. Also, the social impact of wider adoption of this technology is discussed. Iris pattern ...

The growing risk of privacy violation and espionage associated with the rapid spread of mobile communications renewed interest in the original concept of sending encrypted voice as audio signal over arbitrary voice channels. The usual methods used for encrypted data transmission over analog telephony turned out to be inadequate for modern vocal links (cellular networks, VoIP) equipped with voice compression, voice activity detection, and adaptive noise suppression algorithms. The limited available bandwidth, nonlinear channel distortion, and signal fadings motivate the investigation of a dedicated, joint approach for speech encoding and encryption adapted to modern noisy voice channels. This thesis aims to develop, analyze, and validate secure and efficient schemes for real-time speech encryption and transmission via modern voice channels. In addition to speech encryption, this study covers the security and operational aspects of the whole voice communication system, as this ...

The proliferation of handheld devices such as smartphones and tablets brings a new scenario for biometric authentication, and in particular to automatic signature verification. Research on signature verification has been traditionally carried out using signatures acquired on digitizing tablets or Tablet-PCs. This PhD Thesis addresses the problem of user authentication on handled devices using handwritten signatures and graphical passwords based on free-form doodles, as well as the effects of biometric aging on signatures. The Thesis pretends to analyze: (i) which are the effects of mobile conditions on signature and doodle verification, (ii) which are the most distinctive features in mobile conditions, extracted from the pen or fingertip trajectory, (iii) how do different similarity computation (i.e. matching) algorithms behave with signatures and graphical passwords captured on mobile conditions, and (iv) what is the impact of aging on signature features and verification ...

Biometric recognition is the automated recognition of individuals based on their behavioral or biological characteristics. Beside forensic applications, this technology aims at replacing the outdated and attack prone, physical and knowledge-based, proofs of identity. Choosing one biometric characteristic is a tradeoff between universality, acceptability, and permanence, among other factors. Moreover, the accuracy cap of the chosen characteristic may limit the scalability and usability for some applications. The use of multiple biometric sources within a unified frame, i.e. multi-biometrics, aspires to tackle the limitations of single source biometrics and thus enables a wider implementation of the technology. This work aims at presenting application-driven advances in multi-biometrics by addressing different elements of the multi-biometric system work-flow. At first, practical oriented pre-fusion issues regarding missing data imputation and score normalization are discussed. This includes presenting a novel performance anchored score normalization technique that ...

Human recognition has become an important topic as the need and investments for security applications grow continuously. Biometrics enable reliable and efficient identity management systems by using physical and behavioral characteristics of the subjects that are permanent, universal and easy to access. This is why, the topic of biometrics attracts higher attention today. Numerous biometric systems exist which utilize various human characteristics. Among all biometrics traits, face recognition is advantageous in terms of accessibility and reliability. It allows identification at relatively high distances for unaware subjects that do not have to cooperate. In this dissertation, two challenges in face recognition are analyzed. The first one is face spoofing. Initially, spoofing in face recognition is explained together with the countermeasure techniques that are proposed for the protection of face recognition systems against spoofing attacks. The second challenge explored in this thesis ...