Biometric Encryption (BE) - Danish Biometrics

spotlessstareΑσφάλεια

29 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

101 εμφανίσεις

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

Biometric Encryption:

Privacy
-
Enhancing Technology


European Biometrics Forum (EBF)

Research Seminar

Tuesday, 02 October 2007

Fred Carter

Senior Policy & Technology Advisor

Office of the Information & Privacy
Commissioner / Ontario, Canada

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

Presentation Outline

1.
IPC Work

2.
FIPs, PETs

3.
Biometrics and Privacy

4.
BE & Anonymous Biometrics

5.
Reactions and Follow
-
up

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

1. IPC work to date


Independent agency of gov’t; we oversee three laws


Longstanding interest & involvement in privacy,
technology and law/compliance issues.


IPC approach: constructive engagement; ICT both a
threat to and opportunity for privacy; seek
pragmatic “win
-
win” scenarios


Some publications:
Path to Anonymity; guidance on use of PKI,
DRM, Privacy
-
embedded 7 Laws of Identity, Biometrics, Biometric
Encryption; ID Theft; Intelligent Agents, P3P, RFID, Privacy and the
Open Networked Enterprise, Privacy Diagnostic Tool; PIA for health,
contactless smart cards; mobile device security; STEPs, etc.


IPC website:
www.ipc.on.ca



© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

1. IPC biometrics work


Biometrics Program, Toronto (1994)


Ontario Works Act

(1997)


Discussion & guidance papers (1999)


Presentations, speeches, etc. (2000
-
)


Statement to House of Commons Standing
Committee on Citizenship & Immigration (2003)


Resolution of Int’l DPAs (2005)


EBF IBAC (2005
-
)

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

2. FIPs & PETs

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

2. PETS and FIPs

Our Mantra:

“Build It In”


Build in privacy



early into the architecture, design specs,
and technologies; design must start from maximum privacy


Assess all privacy risks
: conduct privacy impact
assessments; annual privacy audits


Minimize collection, use, data
: minimize routine collection,
use, and retention of all personally identifiable data


Be comprehensive and systematic
: effective privacy
requires an integrated approach; privacy must be applied to
entire data systems and throughout the data life cycle


Privacy rules must be enforced
; enforcement must be
trustworthy for system to earn trust and use.


Use privacy enhancing technologies

(PETs)

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

2. FIPs & PETs

Effective

governance

can

come

from
:


1.
Laws, legislation, regulation

2.
Industry self
-
regulation,
codes of conduct,

best practices,

guidelines,
standards,
policies,
audit & certification practices…

3.
PETs / Technology

solutions

4.
Public
o
pinion

/ market acceptance



Founded on the Fair Information Practices (FIPs)


PETs just one element in the IPC privacy toolkit


© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

2. PETs & FIPs


Many FIPs in use around the world; they can be
condensed into 3 primary and substantive impulses:


1. Data Minimization


2. User Participation and Control


3. Information Security


Good success evangelizing to public policymakers,
information security, auditors, developers, etc.


Expressed in myriad ways, depending on context.

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

Privacy vs. Security
(false dichotomy)
Privacy
Security
Privacy OR Security:

A Zero
-
Sum Game

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

Privacy AND Security

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

3. Biometrics

and Privacy

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

3. Biometrics & Privacy


Privacy, Security Issues:



Growing biometrics deployments and uses pose
significant systemic risks to individual privacy
and security


Biometrics a lifetime permanent identifier,

worse than a password (access control)


Indiscriminate or excess collection of biometric
data invites misuse


System performance: accuracy and reliability


Poor accountability will undermine trust,
acceptance and use.


© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007


Creation of large centralized databases



Far
-
reaching consequences of errors in large
-
scale
networked systems;



Interoperability that invites unintended additional
“secondary” uses

3. Privacy & Biometrics:

Concerns

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

3. Biometrics & Security

The Risks


Spoofing


Replay attacks


Substitution attack:


Tampering


Masquerade attack


Trojan horse attacks


Overriding Yes/No response


Insufficient accuracy

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

Identification:

The Myth of Accuracy


Problem with large centralized databases
containing millions of biometric templates:



False positives


False negatives


© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

3. Biometrics & Privacy

Accuracy and Reliability


Accuracy and reliability are still viewed as major
stumbling blocks for large
-
scale biometric
applications
(OECD Report on Biometric Technologies,
June 2004);


http://appli1.oecd.org/olis/2003doc.nsf/linkto/dsti
-
iccp
-
reg(2003)2
-
final



Serious consequences of false positives and
negatives, errors, failure rates.

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

Authentication:

Biometric Strength and Privacy


The strength of one
-
to
-
one matches:



Authentication/verification does not require
the central storage of biometric templates;



Biometric may be stored locally, not centrally


on a smart card, token, travel document, etc.

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

3. Biometrics & Privacy

1:1 versus 1:Many


Privacy regulators favor 1:1 authentication (verification)
over 1:many identification;



The EU Article 29 Working Party Resolution on the use of
biometrics in passports, identity cards and travel documents
was passed by Data Protection and Privacy Commissioners
in Montreux, Switzerland, 2005:




…The Conference calls for the technical restriction of the
use of biometrics in passports and identity cards to
verification purposes comparing the data in the document
with the data provided by the holder, when presenting the
document.”




27th International Conference of Data Protection and Privacy Commissioners,
Montreux, 16 September 2005

www.privacyconference2005.org/fileadmin/PDF/biometrie_resolution_e.pdf


© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

3. Biometrics & Privacy

Centralized Databases


Risks associated with large centralized, networked
biometric databases;



Article 29 Working Party, chaired by Peter Schaar,
Germany’s federal Data Protection Commissioner,
EU Opinion, August 2004 states,
“The Working Party
strictly opposes the storage of all EU passport holders’
biometric and other data in a centralized data base…”



http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2
005/wp112_en.pdf

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

3. Biometrics & Privacy

Interoperability


Interoperable biometric databases invite additional
purposes and secondary uses of the data;



E.U. Data Protection Supervisor, Peter Hustinx,
in his March 2006 Opinion, stressed that:



“Interoperability of systems must be implemented
with due respect for data protection principles and
in particular, the purpose limitation principle.”



Comments on the Communication of the Commission on interoperability
of European databases,
www.edps.eu.int/legislation/Comments/06
-
03
-
10_Comments_interoperability_EN.pdf

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

3. Biometrics & Privacy

Risks (Summary)


unauthorized secondary uses of biometric data


expanded surveillance tracking, profiling, and

potential discrimination


data misuse (data breach, identity fraud and theft)


negative personal impacts of false matches,

non
-
matches, system errors and failures


diminished oversight, accountability, and openness

of biometric data systems


absence of individual knowledge and consent;

loss of personal control


loss of user confidence, acceptance and trust;

potential negative backlash

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

4. Biometric

Encryption

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

4. Biometric Encryption (BE)


What is Biometric Encryption?



Class of emerging “untraceable biometric”
technologies that seek to irreversibly transform
the biometric data provided by the user.


BE is a process that securely binds a PIN or a
cryptographic key to a biometric, so that neither
the key nor the biometric can be retrieved from
the stored template. The key is re
-
created only if
the correct live biometric sample is presented on
verification.



© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

4. Biometric Encryption (BE)


Use Biometric as the Encryption Key

110011001011…

……………..110

01011001…01

Randomly generated key

Biometrically
-
encrypted key is stored

Enrollment

Biometric Image

100110100010…

………………010

Biometric Template

BE binding

algorithm

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

4. Biometric Encryption (BE)

Decrypt with Same Biometric

Verification

10
1
1
0
010
1
010…

………………0
0
0

Fresh Biometric Template

110011001011…

……………..110

Biometrically
-
encrypted key

BE retrieval

algorithm

01011001…01

Key retrieved

Fresh Biometric Image

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

4. BE Advantages

BE technologies can enhance privacy and security.

Some key advantages offered:

1. NO Retention of biometric image or template

2. Multiple / cancellable / revocable identifiers

3. Improved authentication security: stronger binding
of user biometric & system identifier

4. Improved security of personal data and
communications

5. Greater public confidence, acceptance, use à
compliance with privacy & data protection laws

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

4. BE Advantages

1.
NO Retention of biometric image or template


Best privacy practice is not to disclose / collect PII
at all in the first place, if possible.


Most privacy and security concerns derive from
storage and misuse of the biometric data.


Mitigates against risks of potential data matching,
surveillance, profiling; interception, data security
breaches, identity theft...


User retains (local) control and use of their own
biometric


© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

4. BE Advantages

2. Multiple / cancellable / revocable identifiers


BE allows individuals to use one biometric for
multiple accounts and identifiers without fear that
identifiers will be linked together.


If an account identifier becomes compromised,
there is less risk that all the other accounts will be
compromised, i.e., no need to change one's fingers!


BE technologies make possible the ability to change
or recompute account identifiers; identifiers can be
revoked or cancelled, and substituted for newly
generated ones calculated from the same biometric!


© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

4. BE Advantages

3. Improved authentication security: stronger
binding of user biometric & system identifier


Account identifiers are re
-
computed directly from
the biometric, not merely linked to it


Results are much stronger account identifiers:


longer, more complex identifiers


no need for user memorization


less susceptible to security attacks


Security of BE technology can be augmented by the
use of tokens and additional PINs, if needed


© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

4. BE Advantages

4. Improved security of personal data and
communications


Users can take advantage of the convenience and
ease of BE technologies to encrypt their own
personal or sensitive data.


Since the key is one's own biometric, used locally,
this technology could place a powerful tool in the
hands of individuals


This is encryption for the masses, made easy!


© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

4. BE Advantages

5. Greater public confidence, acceptance, use and
compliance with privacy & data protection laws


Public confidence, trust are necessary ingredients
for the success of any biometric system deployment.


Governance policies and procedures only go so far.
Privacy, security and trust should be built directly
into the biometric hardware and info system.


BE puts biometric data under control and use of the
individual, promotes broader acceptance and use of
biometrics.

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

4. Biometric Encryption


BE Embodies core privacy practices:

1.
Data minimization
: no retention of biometric
image or template, minimizing potential for
secondary uses, loss, misuse

2.
Maximal individual control
: Individuals keep
their biometric data private, and can use it to
generate or change unique (“anonymous”)
account identifiers, and encrypt own data.

3.
Improved security
: authentication,
communication and data security are enhanced.


© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007



Biometric ticketing for events;


Biometric boarding cards for air travel;


Identification, credit and loyalty card systems;


“Anonymous” (untraceable) labeling of sensitive
records (medical, financial);


Consumer biometric payment systems;


Access control to personal computing devices;


Personal encryption products;


Local or remote authentication to access files held
by government and other various organizations.

Possible Applications

and Uses of Biometric Encryption

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007


1.
Small
-
scale use

(personal authentication)


2.
Anonymous (untraceable) database

(access to hospital records)


3.
Travel documents

(3
-
way checks)

4. Biometric Encryption (BE)


BE Case Scenarios

(from paper)

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

Three
-
way
-
Check in the ePassport
Scenario (Philips)



Van der Veen et al, 2006

ID

Bio
-
encrypted

key

Hashed key

Biometric DB

Kiosk

Border control

1. Measure biometric

2. Claim ID

3. Bio
-
encrypted key

4. Retrieve key1 from live
biometric and bio
-
encrypted key

5. Retrieve key2 from smartcard
biometric and bio
-
encrypted key

6. Hashed key1, key2

7. Match:

Hashed key == Hashed key1== Hashed key2

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

4. Biometric Encryption


IPC Objectives:


Stimulate demand for PETs
: Bring this biometric
technology to attention of public, privacy advocates,
policymakers: it
is

possible and should be
considered, even demanded.


Stimulate supply of PETs
: Encourage research,
development and marketization of privacy
-
enhancing technologies as viable solutions for real
-
world problems.




© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

5. Reactions &
Follow
-
Up

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

5. Reactions & Follow
-
Up

BE Publication & Distribution Process


Pre
-
publication release, vetting…


Press release, website publication, etc.


Announced on key listservs

(DPAs, biometrics, NPC
-
l, PETs)


Individualized mailouts (physical and electronic) to
broad spectrum of public and private stakeholders

(government, industry, research, academia, pivacy
advocates, consumer groups, etc)


Submitted to various fora for review and posting





© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

5. Reactions & Follow
-
Up

Significant Response and Feedback:



Industry:

(
Philips, IBM, Microsoft, Genkey, Sagem, Bell, VeriTouch,

and others
)


Research/Academic:

(
U of T, Colorado, Carleton U., Fraunhofer Institute, Bruce
Schneier, Kim Cameron, others in Europe, Canada, U.S
.)


Policymakers:

(Government departments and agencies in Ontario, Canada,
U.S., EU…)


© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

5. Reactions & Follow
-
Up

Future work:



Stimulate attention and interest in untraceable
biometrics, research and development


Trumpet BE pilots, success stories


Technology
-
agnostic w.r.t. technique/details


Encourage consideration, adoption by policymakers
in both public and private sectors


Stimulate demand and supply of biometrics PETs


Improve BE accuracy, resilience against attacks

© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

More Information

Biometric Encryption: A Positive Sum Technology that
Achieves Strong Authentication, Security AND Privacy:

www.ipc.on.ca/index.asp?navid=46&fid1=608&fid2=4

and
:
www.ipc.on.ca/images/Resources/up
-
1bio_encryp.pdf

News Release
:
www.ipc.on.ca/images/Resources/up
-
2007_03_14_bio_encryp.pdf


Executive Summary
:

www.ipc.on.ca/images/Resources/up
-
bio_encryp_execsum.pdf


FAQ
:
www.ipc.on.ca/index.asp?navid=46&fid1=608&fid2=4


© Information and Privacy Commissioner of Ontario, 2006

EBF Research Seminar
-

02 Oct 2007

Questions? Comments?

Fred Carter

Senior Policy & Technology Advisor

Office of Information & Privacy Commissioner / Ontario

2 Bloor Street East, Suite 1400

Toronto, Ontario, Canada

M4W 1A8


Phone:

(416) 326
-
3333

Web:

www.ipc.on.ca

E
-
mail:

info@ipc.on.ca