Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Introduction to Selfie Biometrics Kapitel lesen Erstes Kapitel lesen

2019 | OriginalPaper | Buchkapitel

17. The Horcrux Protocol: A Distributed Mobile Biometric Self-sovereign Identity Protocol

verfasst von : Asem Othman, John Callahan

Erschienen in: Selfie Biometrics

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Deployed mobile biometric authentication systems rely on mobile- or server-centric models. However, both model schemes present a single point of biometric data compromise from a security perspective. If biometric data is compromised, it poses a direct threat to users’ digital identities. A recent example of compromised biometric data includes the stolen database of fingerprint images in the US Office of Personnel Management breach of 2015. This chapter proposes a distributed identity authentication protocol, called the Horcrux protocol, in which there is no such single point of compromise. The protocol relies on two standard efforts, the IEEE 2410-2017 Biometric Open Protocol Standard (BOPS) and the decentralized identifiers (DIDs) standard which is under development by the W3C Verifiable Claims Community Group. To accomplish this, we propose specification and implementation of a decentralized biometric credential storage option utilizing the concept of self-sovereign identity using blockchains.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Security, Privacy, and Usability Challenges in Selfie Biometrics
Fußnoten
1
The term “Horcrux” comes from the Harry Potter book series in which the antagonist (Lord Voldemort) places copies of his soul into physical objects. Each object is scattered and/or hidden to disparate places around the world. He cannot be killed until all Horcruxes are found and destroyed.
 
2
Personally identifying information are data about an individual which considered to be sensitive and thus subject to security and privacy protections such as biometric and demographic data.
 
3
The enrollment stage of most of the deployed biometric systems generates a digital representation of an individual’s biometric trait that is stored in the system storage database [15].
 
4
The private key is used to respond to the PKI challenge and never leaves the mobile device.
 
5
In computer programming, create, read, update, and delete (CRUD) are the four basic functions of persistent storage.
 
6
HMAC is an approach to verify a message integrity by ensuring that the data has not been altered or replaced when send back to the sender [12].
 
Literatur
1.
2.
Adams A, Sasse MA (1999) Users are not the enemy. Commun ACM 42(12):40–46CrossRef
3.
Ali M, Nelson JC, Shea R, Freedman MJ (2016) Blockstack: a global naming and storage system secured by blockchains. In: USENIX annual technical conference, pp 181–194
4.
5.
Baars D (2016) Towards self-sovereign identity using blockchain technology. Master’s thesis, University of Twente
6.
Caronni G (2000) Walking the web of trust. In: IEEE 9th international workshops on enabling technologies: infrastructure for collaborative enterprises, pp 153–158
7.
Cortet M, Rijks T, Nijland S (2016) Psd2: the digital transformation accelerator for banks. J Payments Strategy Syst 10(1):13–27
8.
Ekberg J-E, Kostiainen K, Asokan N (2013) Trusted execution environments on mobile devices. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security, ACM, pp 1497–1498
9.
10.
11.
12.
13.
Hughes J, Maler E (2005) Security assertion markup language (saml) v2. 0 technical overview. OASIS SSTC Working Draft sstc-saml-tech-overview-2.0-draft-08, pp 29–38
14.
Hume M (2018) Identity theft cited as threat after equifax security breach. The Globe and Mail, Toronto A, 7
15.
Jain A, Ross A, Prabhakar S (2004) An introduction to biometric recognition. IEEE Trans Circuits Syst Video Technol 14(1):4–20CrossRef
16.
Koops B-J, Leenes R (2014) Privacy regulation cannot be hardcoded. Intl Rev Law Comput Technol 28(2):159–171CrossRef
17.
18.
Marc P (2016) Research handbook on digital transformations, Chapter Blockchain technology: principles and applications. Edward Elgar Publishing
19.
Mealling M, Denenberg R (2002) Report from the joint w3c/ietf uri planning interest group: uniform resource identifiers (uris), urls, and uniform resource names (urns): clarifications and recommendations. Technical report
20.
Mertens W, Rosemann M (2015) Digital identity 3.0: the platform for people. Technical report
21.
Morris R, Thompson K (1979) Password security: a case history. Commun ACM 22(11):594–597CrossRef
22.
Mukhopadhyay U, Skjellum A, Hambolu O, Oakley J, Yu L, Brooks R (2016) A brief survey of cryptocurrency systems. In 14th annual conference on privacy, security and trust(PST), IEEE, pp 745–752
23.
Nagar A, Nandakumar K, Jain A (2010) Biometric template transformation: a security analysis. In: Proceesings of SPIE, Electronic imaging, media forensics and security XII, San Jose
24.
25.
Naor M, Shamir A (1994) Visual cryptography. In: Workshop on the theory and application of cryptographic techniques. Springer, Heidelberg, pp 1–12
26.
Narayana P, Chen R, Zhao Y, Chen Y, Fu Z, Zhou H (2006) Automatic vulnerability checking of IEEE 802.16 wimax protocols through TLA+. In: 2nd IEEE workshop on secure network protocols, pp 44–49
27.
Othman A, Ross A (2015) De-identifying biometric images by decomposition and mixing. In: Ngo D, Teoh A, Hu J (eds) Biometric security. Cambridge Scholars Publishing
28.
29.
Radha V, Reddy DH (2012) A survey on single sign-on techniques. Proc Technol 4:134–139CrossRef
30.
Ratha N, Connell J, Bolle R (2001) Enhancing security and privacy in biometrics-based authentication systems. IBM Syst J 40(3):614–634CrossRef
31.
Rathgeb C, Uhl A (2011) A survey on biometric cryptosystems and cancelable biometrics. EURASIP J Inf Secur 1:1–25
32.
Reed C, Sathyanarayan UM, Ruan S, Collins J (2018) Beyond BitCoin—legal impurities and off-chain assets. Int J Law Inform Technol 26(2):160–182CrossRef
33.
34.
Reveilhac M, Pasquet M (2009) Promising secure element alternatives for NFC technology. In: IEEE first international workshop on near field communication, pp 75–80
35.
Rose J, Rehse O, Röber B (2012) The value of our digital identity. Boston Cons, Gr
36.
Ross A, Othman A (2011) Visual cryptography for biometric privacy. IEEE Trans Inf Forensics Secur 6(1):70–81CrossRef
37.
38.
Sanger DE (2015) Hackers took fingerprints of 5.6 million U.S. workers, government says. The New York Times
39.
Satchell C, Shanks G, Howard S, Murphy J (2011) Identity crisis: user perspectives on multiplicity and control in federated identity management. Behav Inf Technol 30(1):51–62CrossRef
40.
Tschorsch F, Scheuermann B (2016) Bitcoin and beyond: a technical survey on decentralized digital currencies. IEEE Commun Surv Tutorials 18(3):2084–2123CrossRef
41.
Vapen A, Carlsson N, Mahanti A, Shahmehri N (2016) A look at the third-party identity management landscape. IEEE Internet Comput 20(2):18–25CrossRef
42.
Zhang Y, Chen Z, Xue H, Wei T (2015) Fingerprints on mobile devices: abusing and leaking. In: Black Hat conference, Las Vegas, NV, USA
Metadaten
Titel
The Horcrux Protocol: A Distributed Mobile Biometric Self-sovereign Identity Protocol
verfasst von
Asem Othman
John Callahan
Copyright-Jahr
2019
Buch
Selfie Biometrics

Print ISBN: 978-3-030-26971-5

Electronic ISBN: 978-3-030-26972-2

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-030-26972-2_17