[en] We introduce and comment on the concept of contextual pseudo identity. A contextual pseudo identity is a soft identity token that is built from both a user's biometric and the context. When it comes to ubiquitous authentication, a contextual pseudo identity promises better security than that o ered by traditional biometrics-based identity tokens: the use of context improves the tokens' disposability and renewability, which are two essential properties in the protection of a user's real identity. Our algorithm for generating contextual pseudo identities extends a Fuzzy Embedder so that it accepts both biometric and context dependent input. We prove that our way of processing the context preserves the security and reliability properties of the Fuzzy Embedder used in our extension. An example shows how a user can utilize contextual
pseudo identity to authenticate to and access ubiquitous services.
Disciplines :
Sciences informatiques
Identifiants :
UNILU:UL-CONFERENCE-2010-517
Auteur, co-auteur :
Buhan, Ileana; Philips Research, The Netherlands
LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
RADOMIROVIC, Sasa ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Langue du document :
Anglais
Titre :
Contextual biometric-based authentication for ubiquitous services
Date de publication/diffusion :
2010
Nom de la manifestation :
Ubiquitous Intelligence and Computing
Lieu de la manifestation :
Xi'an, Chine
Date de la manifestation :
October 26-29, 2010
Manifestation à portée :
International
Titre de l'ouvrage principal :
Proc. of the 7th International Conference on Ubiquitous Intelligence and Computing (UIC 2010)
Anderson, R.: Security Engineering, 2nd edn. Wiley, Chichester (2007)
Bardram, J., Kjær, R.E., Pedersen, M.Ø.: Context-aware user authentication - supporting proximity-based login in pervasive computing. In: Dey, A.K., Schmidt, A., McCarthy, J.F. (eds.) UbiComp 2003. LNCS, vol. 2864, pp. 107-123. Springer, Heidelberg (2003) (Pubitemid 37312078)
Böhm, S., Koolwaaij, J., Souville, M.L., Wagner, B., Wibbels, M.: Introducing IYOUIT. In: Sheth, A.P., Staab, S., Dean, M., Paolucci, M., Maynard, D., Finin, T., Thirunarayan, K. (eds.) ISWC 2008. LNCS, vol. 5318, pp. 804-817. Springer, Heidelberg (2008)
Böhm, S., Koolwaaij, J., Luther, M.: Share whatever you like. In: Proc. of the 1st Int. DisCoTec Workshop on Context-aware Adaptation Mechanisms for Pervasive and Ubiquitous Services (CAMPUS 2008), Oslo, Norway, June 3, vol. 11. EASS (2008)
Bolle, R., Connell, J., Pankanti, S., Ratha, N., Senior, A.: Guide to Biometrics. Springer, Heidelberg (2003)
Breebaart, H., Yang, B., Buhan-Dulman, I., Busch, C.: Biometric Template Protection: The need of open standard. Datenschutz und Datensicherheit - DuD 33(5), 299-304 (2008)
Buhan, I., Doumen, J., Hartel, P., Tang, Q., Veldhuis, R.: Embedding renewable cryptographic keys into continuous noisy data. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 294-310. Springer, Heidelberg (2008)
Buhan, I., Doumen, J., Hartel, P., Tang, Q., Veldhuis, R.: Embedding renewable cryptographic keys into continuous noisy data. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 296-310. Springer, Heidelberg (2008)
Castelli, G., Mamei, M., Zambonelli, F.: Enginnering contextual information for pervasive multiagent systems. In: Weyns, D., Brueckner, S.A., Demazeau, Y. (eds.) EEMMAS 2007. LNCS (LNAI), vol. 5049, pp. 223-239. Springer, Heidelberg (2008)
Castelli, G., Rosi, A., Mamei, M., Zambonelli, F.: A simple model and infrastructure for context-aware browsing of the world. In: Proc. of the 5th Annual IEEE Conf. on Pervasive Computing and Communication (PERCOM 2007), White Plains, NY, USA, March 19-23, pp. 229-238. IEEE Computer Society, Los Alamitos (2007)
Desmedt, Y.: Major security problems with the "unforgeable" (Feige-)Fiat-Shamir proofs of identity and how to overcome them. In: Securicom 1988, 6th Worldwide Congress on Computer and Communications Security and Protection, pp. 147-159 (1988)
Dey, A.K.: Understanding and Using Context. Personal and Ubiquitous Conputating Journal 5(16), 4-7 (2001)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523-540. Springer, Heidelberg (2004) (Pubitemid 38717024)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523-540. Springer, Heidelberg (2004) (Pubitemid 38717024)
Gruteser, M., Grunwald, D.: Enhancing location privacy in wireless lan through disposable interface identifiers: a quantitative analysis. Mob. Netw. Appl. 10(3), 315-325 (2005)
Lenzini, G.: Design of architectures for proximity-aware services: Experiments in context-based authentication with subjective logic. Architecting Dependable Systems 5835, 284-307 (2009)
Ratha, N., Chikkerur, S., Connell, J.H., Bolle, R.: Generating cancelable fingerprint templates. IEEE Transactions on Pattern Analysis and Machine Intellingence 29(4) (April 2007)
Simoen, K., Tuyls, P., Preneel, B.: Privacy Weakenesses in Biometric Sketches. In: Proc. of the IEEE Symposium on Security and Privacy (S&P 2009), Oakland, California, USA, May 7-20, pp. 188-203. IEEE Computer Society, Los Alamitos (2009)
Simoens, K., Tuyls, P., Preneel, B.: Privacy weakness in biometric sketches. In: IEEE Symposium on Security and Privacy, Oakland, California, USA, pp. 188-203 (May 2009)
