Biometric authentication has been attracting much attention because it is more user-friendly than other authentication methods such as password-based and token-based authentications. However, it intrinsically comprises problems of privacy and revocability. To address these issues, new techniques called cancelable biometrics have been proposed and their properties have been analyzed extensively. Nevertheless, only a few considered provable security, and provably secure schemes known to date had to sacrifice user-friendliness because users have to carry tokens so that they can securely access their secret keys. In this paper, we propose two cancelable biometric protocols each of which is provably secure and requires no secret key access of users. We use as an underlying component the Boneh-Goh-Nissim cryptosystem proposed in TCC 2005 and the Okamoto-Takashima cryptosystem proposed in Pairing 2008 in order to evaluate 2-DNF (disjunctive normal form) predicate on encrypted feature vectors. We define a security model in a semi-honest manner and give a formal proof which shows that our protocols are secure in that model. The revocation process of our protocols can be seen as a new way of utilizing the veiled property of the underlying cryptosystems, which may be of independent interest.
Privacy-preserving data mining technologies have been studied extensively, and as one general approach, Calmon and Fawaz have proposed a data distortion mechanism based on a statistical inference attack framework. This theory has been extended by Erdogdu et al. to time-series data and been applied to energy disaggregation of smartmeter data. However, their theory assumes both smart-meter data and sensitive appliance state information are available when applying the privacy-preserving mechanism which is impractical in typical smart-meter systems where only the total power usage is available. In this paper, we extend their approach to enable the application of a privacy-utility tradeoff mechanism to such practical applications. Firstly, we define a system model which captures both the architecture of the smart-meter system and the practical constraints that the power usage of each appliance cannot be measured individually. This enables us to formalize the tradeoff problem more rigorously. Secondly, we propose a privacy-utility tradeoff mechanism for that system. We apply a linear Gaussian model assumption to the system and thereby reduce the problem of obtaining unobservable information to that of learning the system parameters. Finally, we conduct two experiments applying the proposed mechanism to the power usage data of actual households. The results of the two experiments show that the proposed mechanism works partly effectively; i.e., it prevents usage analysis of certain types of sensitive appliances while at the same time preserving that of non-sensitive appliances.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.