PRIVV: Private remote iris-authentication with Vaulted Verification

Wilber, Michael J.; Scheirer, Walter J.; Boult, Terrance E.

doi:10.1109/cvprw.2012.6239222

Cited by 3 publications

(3 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As with most secure biometric systems, this protocol contains many layers of security. As mentioned previously, the base security of this protocol is similar to the work done by Wilber, et al 1,2 After enrollment, the client never sends out non-encrypted data, the matching is done on the client after decryption with the user supplied password. From enrollment to verification it is assumed that the communication is happening over a secure encryption protocol, SSL or TLS for example, and an attacker cannot ease drop on the communication.…”

Section: Security Analysismentioning

confidence: 92%

See 1 more Smart Citation

Secure voice-based authentication for mobile devices: vaulted voice verification

2013

Self Cite

View full text Add to dashboard Cite

As the use of biometrics becomes more wide-spread, the privacy concerns that stem from the use of biometrics are becoming more apparent. As the usage of mobile devices grows, so does the desire to implement biometric identification into such devices. A large majority of mobile devices being used are mobile phones. While work is being done to implement different types of biometrics into mobile phones, such as photo based biometrics, voice is a more natural choice. The idea of voice as a biometric identifier has been around a long time. One of the major concerns with using voice as an identifier is the instability of voice. We have developed a protocol that addresses those instabilities and preserves privacy. This paper describes a novel protocol that allows a user to authenticate using voice on a mobile/remote device without compromising their privacy. We first discuss the Vaulted Verification protocol, which has recently been introduced in research literature, and then describe its limitations. We then introduce a novel adaptation and extension of the Vaulted Verification protocol to voice, dubbed Vaulted Voice Verification (V 3 ). Following that we show a performance evaluation and then conclude with a discussion of security and future work.

show abstract

Section: Security Analysismentioning

confidence: 92%

“…The Vaulted Verification protocol is a vision based protocol that allows for remote verification in a privacy-preserving way. 1,2 The Vaulted Verification protocol will be discussed further in Section 3.…”

Section: Introductionmentioning

confidence: 99%

Secure voice-based authentication for mobile devices: vaulted voice verification

2013

Self Cite

View full text Add to dashboard Cite

show abstract

“…There have been several variations of the VV protocol over the years, including extensions to iris [26], fingerprint [2], and voice [12,11,10] biometrics. The latter extensions incorporated public key cryptography, and reduced communication overhead by using index tables.…”

Section: Introductionmentioning

confidence: 99%

CALIPER: Continuous Authentication Layered with Integrated PKI Encoding Recognition

Rudd

Boult

2016

2016 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)

Self Cite

View full text Add to dashboard Cite

Architectures relying on continuous authentication require a secure way to challenge the user's identity without trusting that the Continuous Authentication Subsystem (CAS) has not been compromised, i.e., that the response to the layer which manages service/application access is not fake. In this paper, we introduce the CALIPER protocol, in which a separate Continuous Access Verification Entity (CAVE) directly challenges the user's identity in a continuous authentication regime. Instead of simply returning authentication probabilities or confidence scores, CALIPER's CAS uses live hard and soft biometric samples from the user to extract a cryptographic private key embedded in a challenge posed by the CAVE. The CAS then uses this key to sign a response to the CAVE. CALIPER supports multiple modalities, key lengths, and security levels and can be applied in two scenarios: One where the CAS must authenticate its user to a CAVE running on a remote server (device-server) for access to remote application data, and another where the CAS must authenticate its user to a locally running trusted computing module (TCM) for access to local application data (device-TCM). We further demonstrate that CALIPER can leverage device hardware resources to enable privacy and security even when the device's kernel is compromised, and we show how this authentication protocol can even be expanded to obfuscate direct kernel object manipulation (DKOM) malwares.

show abstract

Remote Authentication Using Vaulted Fingerprint Verification

Alzahrani¹

2016

ELCVIA

View full text Add to dashboard Cite

Traditional authentication systems rely on the possession of a token, generally a password or smartcard. Token-based identity transactions are relatively easy to repudiate since unauthorized persons may possess the token. A system that can guarantee a user's presence during authentication would greatly enhance the nonreputability of these transactions. Biometrics can provide this strong link between users and their identities. By measuring and comparing a feature of the user, we can increase the assurance that the user is present during authentication.

show abstract

PRIVV: Private remote iris-authentication with Vaulted Verification

Cited by 3 publications

References 20 publications

Secure voice-based authentication for mobile devices: vaulted voice verification

Secure voice-based authentication for mobile devices: vaulted voice verification

CALIPER: Continuous Authentication Layered with Integrated PKI Encoding Recognition

Remote Authentication Using Vaulted Fingerprint Verification

Contact Info

Product

Resources

About