Biometric Systems Private by Design: Reasoning about privacy properties of biometric system architectures
Julien Bringer(a), Hervé Chabanne(a),(b),(*), Daniel Le Métayer(c), Roch Lescuyer(a)
Transactions on Data Privacy 11:2 (2018) 111 - 137
(a) Idemia, France.
(b) Téléecom, ParisTech, Paris, France.
(c) Inria, Université de Lyon, France.
e-mail:julien.bringer @idemia.com; herve.chabanne @idemia.com; daniel.le-metayer @inria.fr; roch.lescuyer @idemia.com
The goal of the work presented in this paper is to show the applicability of the privacy by design approach to biometric systems and the benefit of using formal methods to this end. We build on a general framework for the definition and verification of privacy architectures introduced at STM 2014 and show how it can be adapted to biometrics. The choice of particular techniques and the role of the components (central server, secure module, biometric terminal, smart card, etc.) in the architecture have a strong impact on the privacy guarantees provided by a biometric system. Some architectures have already been analysed but on a case by case basis, which makes it difficult to draw comparisons and to provide a rationale for the choice of specific options. In this paper, we describe the application of a general privacy architecture framework to specify different design options for biometric systems and to reason about them in a formal way.