ESR 7: Privacy in nomadic cross-system mobile biometrics

Objectives: Alongside the evolution of mobile user devices, a very strong additional trend can be observed: the ambient transition of usage of services on different devices by individuals, often also referred to as nomadic computing. For example, in today’s daily life users expect to seamlessly make use of internet services such as email, social networks or media regardless of whether a mobile device (smart phone), a smart TV or a home computer is being used. Since, for the vast majority of online services, a robust cross-system user authentication is required, recent research addresses the challenge of non-biometric (re-)authentication by non-cookie technology like browser or canvas fingerprinting. Obviously, when enhancing mobile biometrics towards cross-system authentication, there also arises a strong necessity to preserve the privacy of the biometric data itself plus additional challenges to avoid usage and location profiling, linkage and cross-service aggregation, as well as leakage of biometric information. In this project the ESR will research technical approaches to cross-system biometrics both in centralised (server-based), as well peer-based authentication scenarios. The work is designed as a three year project and will a) research use-case scenarios of services in nomadic usage involving biometrics and suggest new technical concepts addressing the challenges arising by integrating biometrics together with an industrial partner, b) elaborate a privacy requirement model for these use-cases allowing the derivation of operational measures, c) study and assess recent concepts and advances in homomorphic cryptography (allowing for computations in the encrypted domain) towards their potential to solve the privacy requirements and d) design, demonstrate and evaluate a privacy preserving protocol for at least one selected use-case in cooperation with a team partner institution.

Expected Results: The expected results include reports detailing the research as to better understanding nomadic use-case scenarios for mobile biometrics. Based on these scenarios, a privacy requirement model will be formulated and documented by the ESR, as well as a thorough review of the state-of-the art homomorphic cryptosystems and a compilation of building blocks to enable the project goals. Finally, this research will result in the design and implementation of a demonstrator, as well as documented evaluation results based on the application of test data from partner teams using the demonstrator.

Planned secondment(s): There are two secondments planned within this project: The first six month secondment would be an early stage internship with SKALLI wherein the ESR would have the opportunity to study use-case scenarios in context of a professional network service provider and their customer requirements. The expected results of this secondment are: technical elaboration and definition of use-case scenarios in the context of the requirements and constraints of network service company and customer needs. Further, the researcher will gain insights in the productivity chain of a commercial enterprise and the challenges and competences required for introducing new technologies in an operating company. The second four month secondment would be temporally allocated towards the later project phase and would focus on the evaluation of privacy results with the team at UC3M, incorporating their expertise on wider biometric systems evaluation. The expected results of this secondment are: experimental studies on the inter-relation of the elaborated methods for privacy protection in nomadic and unobserved environments, for example with respect to recognition performance and/or accuracy.

Start Date: July 2017