On a general scale, doubtlessly system security has become a major challenge in modern society. Along with the enormous spreading of applications of technologies such as biometrics, cloud computing and Internet-of-Things (IoT), at the same time, the range and intensity of attacks to such systems has dramatically increased. Consequently, information technology (IT) security as the discipline of actively defending against such threats is a very active and flourishing domain in computer sciences, in which many different strategies have emerged over the years as how to improve the way in which we protect vital systems and sensitive data throughout the broad variety of technologies. The common goals in IT security research are the preservation of confidentiality, authenticity, integrity and privacy of information during the processing of data in the presence of existence of threats such as targeted attacks.

Online handwritten signals analysis for biomedical applications has received lesser attention from the international scientific community than other biometric signals such as electroencephalogram (EEG), electrocardiogram (ECG), magnetic resonance imaging signals (MRI), speech, etc. However, handwritten signals are useful for biometric security applications, especially in the case of signature, but to support pathology diagnose/monitoring as well. Obviously, while utilising handwriting in one field, there are implications in the other one and privacy concerns can arise. A good example is a biometric security system that stores the whole biometric template. It is desirable to reduce the template to the relevant information required for security, removing those characteristics that can permit the identification of pathologies. In this paper, we summarize the main aspects of handwritten signals with special emphasis on medical applications (Alzheimer's disease, Parkinson's disease, mild cognitive impairment, essential tremor, depression, dysgraphia, etc.) and security. In addition, it is important to remark that health and security issues cannot be easily isolated, and an application in one field should take care of the other.

This chapter discusses lessons that can be learned in biometrics from the field of the forensic sciences. It acknowledges the fact that biometrics and forensics are both very old research disciplines which have a very different perspective in life: While work in biometrics is mostly focused on application issues, like achieving certain error levels, forensics need a very thorough backing to achieve the ultimate goal in this field, admissability in court. This automatically results in high standards for methods that exceed simple performance issues by far. One aspect that is used in this chapter as the focus of the discussions is the matter of privacy. In the first half of the chapter it is illustrated by example how current research work in one digitized forensics field, here digitised dactyloscopy (i.e. the science of forensic analysis of fingerprint traces), influences the current view on fingerprint biometrics and which lessons in regards to privacy can be derived. In the second half, the ever popular field of face biometrics is addressed as an example of an widely used biometric modality in desperate need of not only digital image forensics but also guidelines for privacy preserving methods.

This chapter compares and describes the biometrics and physical object security fields, based on physical unclonable functions. Both lay at the foundation of authentication and identification architectures based on the assumption that the used primitives are both nonclonable and unique. First, it will cover the physical phenomena that form the basis for both biometrics and physical object security next to highlighting the specificities of the used verification schemes. Second, it will cover relevant properties and requirements such as the security principles, feature extraction, the effect of leaks, possible attack vectors and the practical technological requirements needed for the implementation.

Biometric systems can be implemented following different schemas and also deployed in a huge variety of scenarios. Each of these combinations should be studied individually as to guarantee both, a proper functionality and a high level of preservation of the users' privacy. Obviously, covering all different possibilities in a single book chapter is impossible, so this chapter will first create a taxonomy of the possibilities, in order to choose a group of them to be studied in detail. As the chapter title shows, this chapter will be focussed on those implementations working in an unsupervised environment and where identification tokens, such as smart cards, can play an important role.

In addition to an overall improvement of their performance, the widespread deployment of biometric recognition systems has also led to the disclosure of privacy and security concerns related to the use of these sensitive data. In particular, the early common belief that biometric templates are irreversible has been proven wrong. Over the last decade numerous works have studied the challenging problem of how to reconstruct synthetic samples from the stored templates, which match the original biometric samples. Such a process, known as inverse biometrics, poses a severe threat to the privacy offered by biometric systems: not only personal data can be derived from compromised and unprotected templates, but those synthetic samples can be as well used to launch other attacks (e.g., presentation attacks). Due to these serious implications, three different aspects of inverse biometrics have been analysed in the recent past: i. how to generate synthetic samples, ii. how to reconstruct a particular sample from its template, and iii. how to evaluate and counterfeit the aforementioned reconstruction techniques. This chapter summarises the works dealing with these three aspects in the biometric field.

In this chapter, we proposed a new way to preserve the privacy of user by the combination of steganography and biometrics template protection. The secret image to be shared is protected by double layers of steganography: embedding it into the transformed fingerprint images, which are to be hidden into casual images to prevent unauthorised access when stored online. In order for authorised users to recover the secret image, a matching between their fingerprint and the version into which the secret image is embedded is performed in the transformed domain of the cancellable template, which is used to protect the raw biometric information. With this new framework, the problem of dishonest participant that Yang etal. mentioned can be fully resolved since the stego-images are stored in a cloud server. Moreover, this system is no longer dependent on cryptographic key. The main contribution of this chapter is to present a novel scheme that utilizes the power of not only steganography but also biometrics to protect the identity of the user. Although the results produced in experiments are fairly accepted, it is believed that certain factors can be improved to increase the quality of the outcome images, such as: using a wider field to process full range of the pixel values and generating output of PNG format to prevent the degradation caused by lossy compression. In the near future, looking for an appropriate algorithm and developing new techniques to apply in this system are promising research topics. In addition, in order to better evaluate the performance of the system, a new metric that shows the relationship of biometric data matching and steganographic embedding should be devised.

Nowadays, biometric recognition represents an integral component of identity management and access control systems, replacing PINs or passwords. However, the wide deployment of biometric recognition systems in the past decades has raised numerous privacy concerns regarding the storage and use of biometric data. Due to the fact that the link between individuals and their biometric characteristics, e.g. fingerprints or iris, is strong and permanent, biometric reference data (templates) need to be protected in order to safeguard individuals' privacy and biometric systems' security. In particular, unprotected biometric templates can be abused to crossmatch biometric databases, i.e. tracking individuals without consent, and to launch presentation attacks employing specific inversion techniques. Technologies of biometric template protection offer solutions to privacy preserving biometric authentication, which improves the public confidence and acceptance of biometric systems. While biometric template protection has been an active research topic over the last 20 years, proposed solutions are still far from gaining practical acceptance. The existing gap between theory and practice, which results in a trade-off between privacy protection and recognition accuracy, is caused by numerous factors. To facilitate a standardized design and application of biometric template protection schemes, researchers have to solve several open problems. This chapter provides an overview of state-of-the-art technologies of biometric template protection and discusses main issues and challenges.

Designing a biometric system, the identification of appropriate features is mostly done based either on expert knowledge or intuition. But there is no guaranty that the extracted features are leading to an optimal authentication performance. In this chapter, statistic methods are proposed to analyse biometric features to select those having a high impact to authentication or hash generation performance and discard those having no or bad impact. Therefore, a short overview on recent related work is given, and appropriate feature-selection strategies are suggested. An exemplary experimental evaluation of the suggested methods is carried out based on two algorithms performing verification as well as biometric hash generation using online handwriting. Test results are determined in terms of equal error rate (EER) to score-verification performance as well as collision reproduction rate to assess hash generation performance. Experimental evaluation shows that the feature subsets based on sequential backward selection provide the best results in 39 out of 80 studied cases in sum for verification and hash generation. In the best case regarding verification, the same feature analysis method leads to a decrease of the EER from 0.07259 down to 0.03286 based on only 26 features out of 131. In hash generation mode, the best results can be determined by only 26 features. Here, the collision reproduction rate decreases from 0.26392 using all 131 features to 0.03142.

In this chapter, however, we focus on PAD in voice biometrics, i.e., automatic speaker verification (ASV) systems. We discuss vulnerabilities of these systems to presentation attacks (PAs), present different state-of-the-art PAD systems, give the insights into their performances, and discuss the integration of PAD andASV systems.

It is obvious that tampering of raw biometric samples is becoming an important security and privacy concern. The Benford's law, which is also called the first digit law, has been reported in the forensic literature to be very effective in detecting forged or tampered data. In this chapter, besides an introduction to the concept and state-ofthe-art reviews, the divergence values of Benford's law are used as input features for a neural network for the classification of biometric images. Experimental analysis shows that the classification of the biometric images can achieve good accuracies between the range of 90.02% and 100%.

The extraordinary speed with which new models of communication and computing technologies have advanced over the last few years is mind boggling. New exciting opportunities are emerging all the time to facilitate high volume of global commercial activities, enable the citizens to enjoy convenient services as well as mobile leisure activities. These exciting opportunities and benefits come with increased concerns about security and privacy due to a plethora of reasons mostly caused by blurring of control over own data. Conventional access control to personal/organisational data assets use presumed reliable and secure mechanisms including biometric authentication, but little attention is paid to privacy of participants. Moreover, digitally stored files of online transactions include traceable personal data/reference. Recent increase in serious hacking incidents deepens the perception of lack of privacy. The emerging concept of personal and biometric data de-identification seem to provide the most promising approach to deal with this challenge. This chapter is concerned with constructing and using personalised random projections (RPs) for secure transformation of biometric templates into a domain from which it is infeasible to retrieve the owner identity. We shall describe the implications of the rapid changes in communication models on the characteristics of privacy, and describe the role that RP is, and can, play within biometric data de-identification for improved privacy in general and for cloud services in particular.

De-identification, which is defined as the process of removing or concealing personal identifiers or replacing them with surrogate personal identifiers to prevent direct or indirect identification of a person, is recognized as an efficient tool for protection of a person's privacy that is one of the most important social and political issues of today's information society. The chapter “De-identification for privacy protection in biometrics” aims to review the progress of recent research on the de-identification of biometric personal identifiers. The chapter covers de-identification of physiological biometric identifiers (face, fingerprint, iris, ear), behavioural biometric identifiers (voice, gait, gesture), as well as soft biometrics identifiers (body silhouette, gender, tattoo) and discuss different threats to person's privacy in biometrics.

Cognitive biometric recognition systems, based on the exploitation of nervous tissues' responses as identifiers, have recently attracted an always-growing interest from the scientific community, thanks to the several advantages they could offer with respect to traditional biometric approaches based on physical or behavioral characteristics, such as fingerprint, face, signature, and so forth. Biosignals are in fact much more robust against presentation attacks, being hard, if not impossible, to covertly capture and then replicate them. Liveness detection is also inherently provided. Nevertheless, their usage could expose several sensitive information regarding people's health and capability, making the system prone to function creep issues. With the aim of guaranteeing proper privacy and security to the users of the such systems, different general cryptosystem architectures for cognitive biometric traits are therefore presented in this chapter. Their effectiveness is evaluated by applying the proposed approaches to brain signals sensed through electroencephalography (EEG). A multi-session EEG dataset comprising recordings taken in three distinct occasions from each of 50 subjects is employed to perform the reported experimental test.

With the advent of advanced technologies, including big data, Internet of Things (IoT) and cloud computing, biometric technologies enter in a whole new era. Great limitations regarding their applicability, robustness, effectiveness and efficiency can now be overcome bringing biometric systems much closer to large-scale deployment and application. Meanwhile, the major social issues related to biometrics stem from the irrevocable tight link between an individual's biometric traits and informational trails of this person, either in the form of records or within the biometric traits themselves, which raise serious debate and cause important restrictions in the realization of their full potential. This chapter will present Information and Communications Technology (ICT) developments, such as cloud computing, IoT and big data, which drive the way for the large-scale operation of robust biometric systems, as well as real world examples of biometric solutions. Moreover, it will analyse the privacy and ethical concerns and the societal implications of the introduction of biometrics systems for society as a whole and individually for citizens.

The need for recognition schemes is inherent to human civilization itself. Each epoch has been characterized by different identification practices and has posed different challenges. Today we are confronted with “identification in the globalization age”. Biometrics can be an important element of the answer to this challenge. With biometrics, for the first time in the history, human beings have really enhanced their capacity for personal recognition by amplifying their natural, physiological, recognition scheme, based on the appreciation of physical and behavioural appearances. Biometric technology can offer an identification scheme applicable at global level, indipendently of Nation States. Yet, when one speaks of global biometric identifiers, people immediately think of a nightmarish scenario, a unique world database, including billions of individuals, run by a global superpower. This is (bad) science fiction. We lack the technical and financial capacity, not to mention the international agreement, for creating such a database, which cannot exist today, and will hardly ever exist in the future. One could instead imagine a system based on many decentralized applications. An ongoing rhizome, made up of several distributed, interoperable, biometric databases, owned by local collaborative organizations and agencies. This system could increasingly support identity transactions on a global basis, at the beginning only in specific areas (e.g., refugees, migrants), siding traditional systems, and then, gradually, enlarging its scope and substituting old systems. This is expected to overturn many current ethical and privacy standards.