Skip to Main Content
This tutorial will cover the ethics, privacy and security of biometrics. The first part, will address the concept of identity and its ethical implications. The concept of personal identity is important from several perspectives. From a cultural perspective, the more the world converges, the more individual cultures wish to maintain their separate identities. From an individual perspective, the greater the population and the tendency to reduce people to stereotypes, the greater the desire to establish an individual identity. There is, however, another level where identity and the verification of identity, is becoming increasingly important in relation to all manner of transactions, from those related to mobility, to those related to legal, and political, rights and obligations, finally to financial and economical transactions. The intrusion of technology into these areas is not new, but their heightened visibility and ubiquity can create anxiety. This holds particularly true for biometrics. The tutorial will then present the security and privacy issues with traditional biometrics, introduce the Biometrics Dilemma, various threats it poses and a model for biometric DB risk highlighting the problem with standard large-scale biometrics. The tutorial will explain why standard encryption does not solve the key problems, but also explore best practices in using standard encryption, which can improve security. Moving to security, the tutorial will examine security system architectures, the role of authentication in such systems and the standard architectures for authentication using biometrics. It will examine the advantages that biometrics bring, how biometrics can improve security and even privacy in such systems, and then discuss their weakness in both security and privacy. The tutorial will briefly discusses the Nobel Prize winning Economic theory of asymmetric information, Akerlof's market for lemons and Kerckhoffs' principles for security, and their implications for biometrics systems, especially large scale deployments. The last component the tutorial is an in-depth review of the state of the art in what is sometimes called biometric template protection, including biometric encryption, fuzzy vaults, fuzzy extractors, biometric hashing, and cancelable biometrics. The tutorial will walk through a security analysis of these technologies including the published attacks.