A protocol for incorporating biometrics in 3G with respect to privacy

Christos K. Dimitriadis, Despina Polemi

Abstract

This paper proposes a protocol, called BIO3G, for embedding biometrics in 3G security. BIO3G is an enhanced alternative to the common practice of utilizing biometrics locally, for gaining access to the device. BIO3G pro- vides real end-to-end strong user authentication to the mobile operator, requir- ing no storing or transferring of biometric data and eliminating the need for biometric enrolment and administration procedures, which are time-consuming for the user and expensive for the mobile operator.

References

  1. Neimi, V., Nyberg, K.: UMTS Security. John Wiley & Sons (2003)
  2. 3rd Generation Partnership Project: TS 33.102 - 3G Security; Security architecture (2004)
  3. 3rd Generation Partnership Project: TS 33.210 - 3G Security; IP network layer security (2004)
  4. Wisely, D., Eardley, P., Burness, L.: IP for 3G-Networking Technologies for Mobile Communications. John Wiley & Sons (2002)
  5. Mitchell, C., J.: Security for Mobility. IEE Telecommunication Series 51 (2004)
  6. 3rd Generation Partnership Project: TS 31.101 - UICC terminal interface; physical and logical characteristics (2005)
  7. Benoit, O., Dabbous, N., Gauteron, L., Girard, P., Handschuh, H., Naccache, D., Socile, S., Whelan, C.:Mobile Terminal Security. Cryptology ePrint Archive: Report 2004/158 (2004)
  8. ISO/IEC JTC1, SC37/SG1: Biometric vocabulary corpus (2004)
  9. Dimitriadis, C., Polemi, D.: Biometrics -Risks and Controls. Information Systems Control Journal (ISACA), vol.4 (2004) 41-43
  10. IST-1999-20078 Business environment of biometrics involved in e-commerce - BEE: Deliverable D7.1 Conclusions and Recommendations. http://expertnet.net.gr/bee (2002)
  11. Prabhakar, S., Pankanti, S., Jain, A.,K.: Biometric Recognition Security and Privacy Concerns. IEEE Security and Privacy, vol. 1, no. 2 (2003) 33-42
  12. IST - 2002 -001766 Biometrics and Security (BIOSEC): Deliverable D3.3 - Security recommendations: biometric systems integration, basic research on security, network protocols and PKI. Biosec consortium (2005)
  13. Atricle 29 - EC data protection working party: Working document on biometrics (2003)
  14. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. Lecture Notes in Computer Science, Vol. 2162. Springer-Verlag (2001) 251-261
  15. Matsumoto, T.: Gummy finger and paper iris - an update. Proceeding of workshop on information security research, Japan (2004)
  16. Davida, G. I., Frankel, Y., Matt, B.:On enabling secure applications through off-line biometric. In Symposium on Security and Privacy (1998)
  17. Juels, A., Wattenberg, M.: A Fuzzy Commitment Scheme. In Proc. ACM Conf. Computer and Communications Security (1999) 28-36
  18. Juels, A., Sudan, M.: A fuzzy vault scheme. In Conference on Computer and Communications Security (2002)
  19. Linnartz, J.-P.,. Tuyls, P.:New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates. In AVBPA (2003) 393-402.
  20. Verbitskiy, E., Tuyls, P., Denteneer, D., Linnartz, J.-P.: Reliable Biometric Authentication with Privacy Protection. In Proc. 24th Benelux Symposium on Information theory (2003)
  21. Csirmaz, L., Katona, G.O.H.: Geometrical Cryptography. In Proc. International Workshop on Coding and Cryptography (2003)
  22. Frykholm, N., Juels, A.: Error-Tolerant Password Recovery. In Proc. ACM Conf. Computer and Communications Security (2001) 1-8
  23. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors: How to generate strong keys from biometrics and other noisy data. Advances in Cryptology -- Eurocrypt 2004, Lecture Notes in Computer Science 3027, Springer-Verlag (2004) 523-540
  24. Shaltiel, R.: Recent developments in Explicit Constructions of Extractors. Bulletin of the EATCS, 77 (2002) 67-95
  25. 3rd Generation Partnership Project: TS 22.022 - Personalisation of Mobile Equipment (ME); Mobile functionality specification (2005)
  26. Dimitriadis, C., Polemi, D.: Risk Analysis of Biometric Systems. - Proceeding of the 2nd International Workshop on Security in Information Systems, WOSIS 2004, International Conference on Enterprise Information Systems ICEIS 2004, INSTICC Press (ISBN: 972- 8865-07-4), Porto, Portugal (2004) 23-33
  27. Common Criteria Biometric Evaluation Methodology Working Group: Biometric Evaluation Methodology (2002)
  28. ISO/IEC 15408 Information technology - Security techniques - Evaluation criteria for IT security (1999)
  29. CC-Protection Profile: US Government biometric verification mode protection - profile for medium robusness environment (2003)
  30. CC-Protection Profile: UK Biometric Device - Draft (2002)
Download


Paper Citation


in Harvard Style

K. Dimitriadis C. and Polemi D. (2005). A protocol for incorporating biometrics in 3G with respect to privacy . In Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005) ISBN 972-8865-25-2, pages 123-135. DOI: 10.5220/0002560701230135


in Bibtex Style

@conference{wosis05,
author={Christos K. Dimitriadis and Despina Polemi},
title={A protocol for incorporating biometrics in 3G with respect to privacy},
booktitle={Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)},
year={2005},
pages={123-135},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002560701230135},
isbn={972-8865-25-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)
TI - A protocol for incorporating biometrics in 3G with respect to privacy
SN - 972-8865-25-2
AU - K. Dimitriadis C.
AU - Polemi D.
PY - 2005
SP - 123
EP - 135
DO - 10.5220/0002560701230135