Title: Security and Privacy in Biometrics-Based Systems

Erkam Uzun

Ph.D. Student in Computer Science

School of Computer Science

College of Computing

Georgia Institute of Technology

Date: July 7, 2021

Time: 04:00 PM to 06:00 PM (EST)

Location (remote via Bluejeans): https://bluejeans.com/407778156/8114

Committee

Dr. Wenke Lee (Advisor, School of Computer Science, Georgia Institute of Technology)

Dr. Mustaque Ahamad (School of Computer Science, Georgia Institute of Technology)

Dr. Irfan Essa (School of Interactive Computing, Georgia Institute of Technology)

Dr. Alexandra Boldyreva (School of Computer Science, Georgia Institute of Technology)

Dr. Vladimir Kolesnikov (School of Computer Science, Georgia Institute of Technology)

Dr. Nasir Memon (Tandon School of Engineering, New York University)

Abstract

Advancement in deep learning (DL) based biometric identification and the proliferation of affordable sensors made biometrics pivotal players in authentication and surveillance systems. On the one hand, major companies (e.g., MasterCard, AliPay) already adopted facial/voice-based authentication as part of their security measures, while governments and private sectors are using biometric recognition for a broader impact, such as identifying and catching “person of interest”, or targeted advertisement. Although these technologies could have enormous impacts, existing biometric authentication and surveillance systems are vulnerable to several kinds of attacks and jeopardize the privacy of people's sensitive data. 

In this dissertation, I aim to provide solutions to these challenges. First, I will present vulnerabilities against impersonation attacks in an authentication setting. Our study shows that many cloud-based audio/visual recognition systems (e.g., Amazon Rekognition) can be defeated by the crudest impersonations. Then, I will briefly present our live biometric verification system, the Real Time Captcha (rtCaptcha), a practical approach that places a formidable computational burden on the attacker by combining dynamic, live detection with a randomized Captcha challenge for stronger security. Then, I will briefly cover our privacy-preserving remote biometric authentication system, Justitia, which makes DL-inferences of biometric data compatible with the standard privacy-preserving primitives, like fuzzy extractors. Justitia lets a remote server to authenticate a client without receiving his/her biometric data in the process of enrollment and authentication. I will mainly discuss our recent protocol Fuzzy Labeled Private Set Intersection (FLPSI) that uses secure multi-party computation techniques for a privacy-preserving biometric search. FLPSI brings a middle-ground solution to biometric surveillance instead of completely banning them. More specifically, it builds a privacy layer between a client (query maker) and server (biometric database owner) where the server learns nothing and client learns the matching label iff there is a match.

----------------------------------

Additional Meeting Details

Meeting URL

https://bluejeans.com/407778156/8114?src=join_info

Meeting ID

407 778 156

Participant Passcode

8114

Want to dial in from a phone?

Dial one of the following numbers:

+1.408.419.1715 (United States (San Jose))

+1.408.915.6290 (United States (San Jose))

(see all numbers - https://www.bluejeans.com/numbers)

Enter the meeting ID and passcode followed by #

Connecting from a room system?

Dial: bjn.vc or 199.48.152.152 and enter your meeting ID & passcode