Roch Lescuyer

Privacy by Design in Practice: Reasoning about Privacy Properties of Biometric System Architectures

The work presented in this paper is the result of a collaboration between academics, industry and lawyers to show the applicability of the privacy by design approach to biometric systems and the benefit of formal methods to this end. The choice of particular techniques and the role of the components (central server, secure module, terminal, smart card, etc.) in the architecture have a strong impact on the privacy guarantees provided by a biometric system. However, existing proposals were made on a case by case basis, which makes it difficult to compare them and to provide a rationale for the choice of specific options. In this paper, we show that a general framework for the definition of privacy architectures can be used to specify these options and to reason about them in a formal way.

Direct Anonymous Attestations with Dependent Basename Opening

We introduce a new privacy-friendly cryptographic primitive we call Direct Anonymous Attestations with Dependent Basename Opening DAA-DBO. Such a primitive is a Direct Anonymous Attestation in which the anonymity can be revoked only if a specific authority, called the admitter, allowed to revoke the DAA signatures that include a specific basename. We also present an efficient scheme that achieves this functionality, secure in the random oracle model. Furthermore, we provide a prototype implementation of an anonymous transit pass system, based on this new primitive. Compared to previous privacy-friendly cryptographic primitives with partial linkability, we provide a way to share the power to open signatures between two entities which is more practical than the use of conventional techniques from threshold cryptography.

A Privacy-Preserving Contactless Transport Service for NFC Smartphones

The development of NFC-enabled smartphones has paved the way to new applications such as mobile payment (m-payment) and mobile ticketing (m-ticketing). However, often the privacy of users of such services is either not taken into account or based on simple pseudonyms, which does not offer strong privacy properties such as the unlinkability of transactions and minimal information leakage. In this paper, we introduce a lightweight privacy-preserving contactless transport service that uses the SIM card as a secure element. Our implementation of this service uses a group signature protocol in which costly cryptographic operations are delegated to the mobile phone.

Some applications of verifiable computation to biometric verification

Spurred by the advent of cloud computing, the domain of verifiable computations has known significant progress in recent years. Verifiable computation techniques enable a client to safely outsource its computations to a remote server. This server performs the calculations and generates a proof asserting their correctness. The client thereafter simply checks the proof to convince itself of the correctness of the output. In this paper, we study how recent advances in cryptographic techniques in this very domain can be applied to biometric verification.

Hierarchical Identities from Group Signatures and Pseudonymous Signatures

The use of group signatures has been widely suggested for authentication with minimum disclosure of information. In this paper, we consider an identity management system, where users can access several group signatures, managed by different authorities. These authorities follow a hierarchy that impacts key issuing and revocation, but we still enforce that anonymity within a group is preserved towards authorities of other groups. We thus define cross-unlinkable hierarchical group signatures, for which we give a generic instantiation based on VLR group signatures and domain-specific pseudonymous signatures.

Delegating Biometric Authentication with the Sumcheck Protocol

In this paper, we apply the Sumcheck protocol to verify the Euclidean (resp. Hamming) distance computation in the case of facial (resp. iris) recognition. In particular, we consider a border crossing use case where, thanks to an interactive protocol, we delegate the authentication to the traveller. Verifiable computation aims to give the result of a computation and a proof of its correctness. In our case, the traveller takes over the authentication process and makes a proof that he did it correctly leaving to the authorities to check its validity. We integrate privacy preserving techniques to avoid that an eavesdropper gets information about the biometric data of the traveller during his interactions with the authorities. We provide implementation figures for our proposal showing that it is practical.

Reasoning about Privacy Properties of Biometric Systems Architectures in the Presence of Information Leakage

Motivated by the need for precise definitions of privacy requirements, foundations for formal reasoning, and tools for justifying privacy-preserving design choices, a recent work introduces a formal model for the description of system architectures and the formal verification of their privacy properties. A subsequent work uses this framework to reason about privacy properties of biometric system architectures. In these studies, the description of an architecture specifies each component, their computations and the communications between them. This static approach makes it possible to reason about design choices at the very architectural level, leaving aside the implementation details. Although it is important to express privacy properties at this level, this approach fails to catch some leakage which may result from the system runtime. In particular, in the case of biometric systems, known attacks allow to recover some biometric information following a black-box approach, without breaking any part of the system. In this paper, we extend the existing formal model in order to deal with such side-channel attacks and we apply the extended model to analyse biometric information leakage in several variants of a biometric system architecture.

Software-Only Two-Factor Authentication Secure Against Active Servers

In most password-based authentication protocols, the server owns a value, the so-called verifier, that depends on the registered password. This verifier is often a one-way function of the password. Despite this protection, an unauthorized person who gets access to the verifier can mount a brute-force attack to recover the password. If the entropy of the password is low, which is often the case in practice, such an attack might be successful. Motivated by the growing need to face databases compromises, we propose a two-factor password-based authentication protocol where no information about the password leak from the servers side nor from the clients side, and where the password is not sent to the server when the user authenticates. During the registration, a user gets a value, called the token, while the server records the verifier. Our security model ensures that brute-force attacks are impossible if the server is compromised. Moreover, only on-line attempts are possible if a token is stolen. The solutions that we describe fit well into scenarios where the token is stored on a mobile phone. We provide constructions, proven secure in the random-oracle model, under standard assumptions.

A Verifiable System for Automated Face Identification

In this paper, we consider a use case where an airport passenger travels and uses an automated gate to cross a border.We detail three phases: a pre-check before the arrival at the airport, the travel of the passenger from his check-in to the automated border gates and finally, the crossing of the gate. To accelerate the throughput at the border gates, we want to identify his face among a flight passenger list during the second phase. This identification is split between the passenger who takes a picture of his face with his smartphone and the immigration authorities. We rely on cryptographic verifiable computation techniques to ensure the security of the process. Experimental results show that our protocol is practical.

Study of a Verifiable Biometric Matching

In this paper, we apply verifiable computing techniques to a biometric matching. The purpose of verifiable computation is to give the result of a computation along with a proof that the calculations were correctly performed. We adapt a protocol called sumcheck protocol and present a system that performs verifiable biometric matching in the case of a fast border control. This is a work in progress and we focus on verifying an inner product. We then give some experimental results of its implementation. Verifiable computation here helps to enforce the authentication phase bringing in the process a proof that the biometric verification has been correctly performed.