Ricerc@Sapienza

Biometric-based identity management is becoming more and more popular. Alongside classical applications like biometric passports, border monitoring and access control, biometric data are increasingly used to access cloud-based services, wherein users' recognition needs to be carried out by mobile devices.

Though desirable for the many benefits it may bring, the diffusion of biometric based recognition is proceeding at a much slower pace than expected. In fact, despite most research has focused on performance analysis and investigation of methods of biometric acquisition and feature extraction, only little attention has been paid to security and privacy threats.
A serious and very general concern regards the possibility that a biometric template is stolen, e.g., because the database with the biometric templates of enrolled users is violated. Due to the non-revocability of biometric templates, theft of biometric data may have serious consequences, which cannot be easily remedied. Moreover, the use of biometric data poses serious privacy concerns, given the indissoluble link with the data owner. Unluckily, privacy protection is rarely addressed in most practical systems, even if addressed from a theoretical point of view in several studies. As a matter of fact, concerns regarding the privacy of users are among the most important factors precluding the acceptance of biometric systems in our society.

Due to their importance, several solutions have been proposed to cope with the above problems; however, no fully satisfactory solution exists especially when the biometric recognition system operates in a mobile environment to ensure access to cloud computing and storage services. In addition, the great majority of research has considered each of the above threats by themselves providing stand-alone solutions, whose integration into an overall system taking into account all possible security threats is not easy, if at all possible.