### Citations

2501 | How to share a secret.
- Shamir
- 1979
(Show Context)
Citation Context ...ta. A major disadvantage of IT-SMC, however, is the need to maintain multiple non-colluding computing parties [58]. Here I will introduce one of main primitives of IT-SMC: Shamir’s Secret Share (SSS) =-=[59]-=-. 26 2.3.1 Shamir’s Secret Share (SSS) Let x be a number in a finite field Fm. Let n be the number of parties and t, called threshold, be a positive integer between 1 and n. A (t, n) secret-sharing sc... |

1271 |
k-anonymity: A model for protecting privacy.
- Sweeney
- 2002
(Show Context)
Citation Context ...ands biometric signals [31, 32, 33]. My k-ABAC system provides further complexity reduction in order to scale the operations up to large databases. This is similar to the well-known k-anonymity model =-=[34]-=- in that k is a controllable parameter of anonymity. However, the two approaches are fundamentally different – the k-anonymity model is a data disclosure protocol where Bob anonymizes the database for... |

982 | Public-key cryptosystems based on composite degree residuosity classes.
- Paillier
- 1999
(Show Context)
Citation Context ...tions such as Paillier cryptosystem can only support addition between two encrypted numbers, but do so over a much larger additive plaintext group, thus providing a wide dynamic range for computation =-=[87]-=-. Furthermore, as illustrated in Section 2.2.1, multiplication between encrypted numbers can be accomplished by randomization and interaction between parties. Recently, Paillier encryption is being ap... |

938 |
Analysis of a complex of statistical variables into principal components,”
- Hotelling
- 1933
(Show Context)
Citation Context ...inal distance can be approximated by the distance, usually Euclidean, in ℜm. The most well-known technique is Principal Component Analysis (PCA) which is optimal if the original distance is Euclidean =-=[40]-=-. For general distances, mapping functions can be derived by two different approaches – the first approach is Multi-dimensional Scaling (MDS) in which an optimal mapping is derived based on minimizing... |

801 |
Protocols for Secure Computations,”
- Yao
- 1982
(Show Context)
Citation Context ...f SFE which guarantees the privacy of both the biometric gallery and the probe. The two prevailing approaches of implementing SFE are to use Homomorphic Encryption (HE) [47] and Garbled Circuits (GC) =-=[48]-=-. HE is an asymmetric public-key cipher that allows certain arithmetic operations such as addition to be directly performed on the encrypted data. GC provides a generic implementation of any binary fu... |

725 |
How to generate and exchange secrets.
- Yao
- 1986
(Show Context)
Citation Context ...lues that is later used in the online OT phase to obtain the correct result from the actual input values with asymptotic complexity 2ℓt bits. 2.2.3 Garbled Circuit (GC) Yao’s Garbled Circuit approach =-=[48, 54]-=-, excellently presented in [55], is the most efficient method for secure evaluation of a boolean circuit C in the two party setting. We summarize the main ideas in the following. First, the circuit co... |

636 | Fully homomorphic encryption using ideal lattices,”
- Gentry
- 2009
(Show Context)
Citation Context ...crypted domain [47]. Recently, the homomorphic encryption scheme proposed by IBM and Stanford researcher C. Gentry has generated a great deal of excitement in using HE for encrypted domain processing =-=[84]-=-. He proposed using Ideal Lattices to develop a homomorphic encryption system that can preserve both addition and multiplication operations. This solves an open problem on whether there exists a seman... |

571 | A view of cloud computing.
- Armbrust, Fox, et al.
- 2010
(Show Context)
Citation Context ...kinds of protocols, no matter HE or GC, only two parties are involved. Since the emergence of cloud computing make possible transferring of the computing task to oursourced companies as a third party =-=[106]-=-, I will investigate if the participation of an additional unreliable computing party can make ABAC work under secure method. IT-SMC introduced in Section 2.3.1 is a good way to implement the secure i... |

510 | Privacy Preserving Data Mining”,
- Lindell, Pinkas
- 2008
(Show Context)
Citation Context ... inner product [66, 67], polynomial evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering [75, 76], decision tree =-=[77, 78, 79]-=- and other classifiers [80, 81, 69, 82] etc. A recent tutorial in SMC for signal processing community can be found in [83]. The main hurdle in applying computationally-secure SMC protocols to biometri... |

493 | FastMap: A fast algorithm for indexing, data-mining and visualization of traditional and multimedia datasets.
- Faloutsos, Lin
- 1995
(Show Context)
Citation Context ...mizing the differences between the two distances over a finite dataset [41]. The second approach is based 16 on distance relationship with random sets of points and include techniques such as Fastmap =-=[42]-=-, Lipshcitz Embedding [43] and Local Sensitivity Hashing [44]. In our system, we use both PCA and Fastmap for their low computational complexity and good performance. Here we provide a brief review of... |

376 |
How to exchange secrets by oblivious transfer
- Rabin
- 1981
(Show Context)
Citation Context ...otocol, which guarantees the privacy of both the biometric gallery and the probe. Though SMC has been used in solving relatively straightforward comparison problems such as Secure Millionaire Problem =-=[21]-=- electronic voting [22], online auction [23], keyword search [24], and anonymous routing [25], I am the first to apply SMC to biometric matching [26]. In this work, I proposed a Homomorphic Encryption... |

328 |
On Lipschitz embeddings of finite metric spaces in Hilbert space
- Bourgain
- 1985
(Show Context)
Citation Context ...ween the two distances over a finite dataset [41]. The second approach is based 16 on distance relationship with random sets of points and include techniques such as Fastmap [42], Lipshcitz Embedding =-=[43]-=- and Local Sensitivity Hashing [44]. In our system, we use both PCA and Fastmap for their low computational complexity and good performance. Here we provide a brief review of the Fastmap procedure and... |

227 |
Oblivious Transfer and Polynomial Evaluation”,
- Naor, Pinkas
- 1999
(Show Context)
Citation Context ...llaboration between Alice and Bob, normally in encrypted form. The high complexity of cryptographic primitives is often cited as the major obstacle of their widespread deployment in realistic systems =-=[15, 16, 17, 18, 19, 20]-=-. This is particularly important for biometric applications that require matching a large number of high-dimensional feature vectors in real time. My approach in addressing this problem is to exploit ... |

222 |
Efficient oblivious transfer protocols.
- Naor, Pinkas
- 2001
(Show Context)
Citation Context ...llaboration between Alice and Bob, normally in encrypted form. The high complexity of cryptographic primitives is often cited as the major obstacle of their widespread deployment in realistic systems =-=[15, 16, 17, 18, 19, 20]-=-. This is particularly important for biometric applications that require matching a large number of high-dimensional feature vectors in real time. My approach in addressing this problem is to exploit ... |

221 | Fairplay - a secure two-party computation system.
- Malkhi, Nisan, et al.
- 2004
(Show Context)
Citation Context ...e that C selects. 4) C uses the two wire values (w̃0S , w̃ 1 C) he received to decrypted all output values in Table 2.2 and only the second row can be correctly decrypted. High-Speed evaluation of GC =-=[56]-=- is feasible by using a cryptographic hash function 24 Table 2.1: Truth Table of AND Circuit (0:False; 1:True) Input output Row # S C C 1 0 0 0 2 0 1 0 3 1 0 0 4 1 1 1 Table 2.2: Garbled Table of AND ... |

216 | Introduction to modern cryptography. - Katz, Lindell - 2008 |

158 | Biometric cryptosystems: Issues and challenges,”
- Uludag, Pankanti, et al.
- 2004
(Show Context)
Citation Context ...ol and privacy data management is to encrypt the privacy information using the biometric signal itself. Methods that use biometric to protect sensitive data are referred to as biometric cryptosystems =-=[95]-=-. They have been applied in a number of practical biometric systems [96, 97, 33, 98] in which a random key is protected by a biometric signal to produce a privacy template [96, 97] or helper data [33,... |

157 |
Enhancing Security and Privacy in Biometrics-Based Authentication System,”
- Ratha, Connell, et al.
- 2001
(Show Context)
Citation Context ...eal with the privacy and security issues in biometric systems but their focus are different from this dissertation. A privacy-protecting technology called “Cancelable Biometrics” has been proposed in =-=[62]-=-. To protect the security of the raw biometric signals, a cancelable biometric system distorts a biometric signal using a specially designed non-invertible transform so that similarity comparison can ... |

147 |
Secret sharing homomorphisms: Keeping shares of a secret sharing
- Benaloh
- 1986
(Show Context)
Citation Context ...,j 6=i −kj ki−kj and K is any subset of {1, . . . , n} with at least t elements. Let x, y ∈ Fm be secret numbers and a, b ∈ Fm be constants. The following properties of Shamir’s scheme are well known =-=[60]-=-: (P1) [x+ a mod m]mi = [x] m i + a mod m (P2) [ax mod m]mi = a[x] m i mod m 1To simplify the notations, the superscript t in [x]m,ti shall be omitted if it is not affected by the operations. 27 (P3) ... |

127 |
The Foundations of Cryptography - Volume 1, Basic Techniques.
- Goldreich
- 2001
(Show Context)
Citation Context ...ven the available information to a party, the distribution of all possible values of the private input from the other party is computationally indistinguishable from the uniformly random distribution =-=[45]-=-. The first property in Definition 2 defines the concept of user anonymity, i.e. Bob knows nothing about Alice except whether her probe matches one or more biometric signals in DB. As it has been demo... |

127 | New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates
- Linnartz, Tuyls
(Show Context)
Citation Context ...ng the biometric signal itself. Methods that use biometric to protect sensitive data are referred to as biometric cryptosystems [95]. They have been applied in a number of practical biometric systems =-=[96, 97, 33, 98]-=- in which a random key is protected by a biometric signal to produce a privacy template [96, 97] or helper data [33, 98]. Such a privacy template or helper data can only be decrypted by another biomet... |

123 | Priced oblivious transfer: How to sell digital goods
- Aiello, Ishai, et al.
- 2001
(Show Context)
Citation Context ...putes Encpk(xy) in the encrypted domain as follows: Encpk(xy) = Encpk [(x− r)(y − s) + xs + yr − rs] = Encpk [(x− r)(y − s)] ·Encpk(x) s · Encpk(y) r · Encpk(−rs) efficiently with different protocols =-=[17, 50, 51]-=-. In this paper we consider the protocol described in [17], which - when implemented over a suitably chosen elliptic curve - has asymptotic communication complexity 6ℓt and is secure against malicious... |

107 | Improved garbled circuit: Free XOR gates and applications.
- Kolesnikov, Schneider
- 2008
(Show Context)
Citation Context ... bit πi is used to select the right table entry for decryption with the key ki, hence only one invocation of H() for each table is needed during evaluation. The free-XOR gates technique introduced in =-=[57]-=-, can be used to further improve the performance of the GC technique, so that XOR gates need not be created nor their corresponding garbled tables transmitted and evaluation is performed by a simple X... |

100 | Secure two-party computation is practical
- Pinkas, Schneider, et al.
- 2009
(Show Context)
Citation Context ...l. proposed a hybrid approach of GC and HE for iriscode and achieved a more efficient implementation [31] than using HE alone. Recent research efforts have significantly improved the efficiency of GC =-=[57, 90]-=-. GC is likely to become a more efficient alternative than HE as GC 35 theory relies almost exclusively on symmetric encryption and HE on asymmetric encryption. Furthermore, GC is characterized by sho... |

94 |
Foundations of Cryptography Volume II Basic Aplications.
- Goldreich
- 2004
(Show Context)
Citation Context ...s in electronic voting, online bidding, keyword search and anonymous routing. Moreover, many of the basic components in a BAC system can be made secure under this paradigm. They include inner product =-=[66, 67]-=-, polynomial evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering [75, 76], decision tree [77, 78, 79] and other ... |

92 | Extending oblivious transfers efficiently
- Ishai, Kilian, et al.
- 2003
(Show Context)
Citation Context ...ch - when implemented over a suitably chosen elliptic curve - has asymptotic communication complexity 6ℓt and is secure against malicious C and semi-honest S in the random oracle model. Extensions of =-=[52]-=- can be used to reduce the number of computationally expensive public-key operations to ≈ 6t2 + 4ℓt and is used when ℓ > 3t. Moreover OT can be precomputed [53], performing an offline OT on random val... |

89 | A proof of Yao’s protocol for secure two-party computation. Electronic Colloquium on Computational Complexity
- Lindell, Pinkas
- 2004
(Show Context)
Citation Context ...ne OT phase to obtain the correct result from the actual input values with asymptotic complexity 2ℓt bits. 2.2.3 Garbled Circuit (GC) Yao’s Garbled Circuit approach [48, 54], excellently presented in =-=[55]-=-, is the most efficient method for secure evaluation of a boolean circuit C in the two party setting. We summarize the main ideas in the following. First, the circuit constructor (server S), creates a... |

83 | One-round secure computation and secure autonomous mobile agents
- Cachin, Camenisch, et al.
- 2000
(Show Context)
Citation Context ...llaboration between Alice and Bob, normally in encrypted form. The high complexity of cryptographic primitives is often cited as the major obstacle of their widespread deployment in realistic systems =-=[15, 16, 17, 18, 19, 20]-=-. This is particularly important for biometric applications that require matching a large number of high-dimensional feature vectors in real time. My approach in addressing this problem is to exploit ... |

75 | Efficient privacypreserving face recognition.
- Sadeghi, Schneider, et al.
- 2009
(Show Context)
Citation Context ...ational and communication complexity, computations in SMC remain highly complex and the current stateof-the-art simply cannot scale to large databases that contain tens of thousands biometric signals =-=[31, 32, 33]-=-. My k-ABAC system provides further complexity reduction in order to scale the operations up to large databases. This is similar to the well-known k-anonymity model [34] in that k is a controllable pa... |

75 | On private scalar product computation for privacy-preserving data mining.
- Goethals, Laur, et al.
- 2005
(Show Context)
Citation Context ...s in electronic voting, online bidding, keyword search and anonymous routing. Moreover, many of the basic components in a BAC system can be made secure under this paradigm. They include inner product =-=[66, 67]-=-, polynomial evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering [75, 76], decision tree [77, 78, 79] and other ... |

73 |
Precomputing oblivious transfer
- Beaver
(Show Context)
Citation Context ... the random oracle model. Extensions of [52] can be used to reduce the number of computationally expensive public-key operations to ≈ 6t2 + 4ℓt and is used when ℓ > 3t. Moreover OT can be precomputed =-=[53]-=-, performing an offline OT on random values that is later used in the online OT phase to obtain the correct result from the actual input values with asymptotic complexity 2ℓt bits. 2.2.3 Garbled Circu... |

69 |
MATLAB Source Code for a Biometric Identification System based on Iris Patterns
- Masek, Kovesi
- 2003
(Show Context)
Citation Context ...AC system. 39 4.1.1 Hamming Distance The modified Hamming distance dH(x,y) described in Equation (2.2) is used to measure the dissimilarity between iris patterns x and y which are both 9600 bits long =-=[99]-=-. As the division in Equation (2.2) may introduce floating point numbers, we focus on the following distance and roll the denominator into the similarity threshold during the later stage of comparison... |

61 |
Security considerations for remote electronic voting,”
- Rubin
- 2002
(Show Context)
Citation Context ...s the privacy of both the biometric gallery and the probe. Though SMC has been used in solving relatively straightforward comparison problems such as Secure Millionaire Problem [21] electronic voting =-=[22]-=-, online auction [23], keyword search [24], and anonymous routing [25], I am the first to apply SMC to biometric matching [26]. In this work, I proposed a Homomorphic Encryption (HE)-based protocol to... |

60 | Secure computation of the kth-ranked element
- Aggarwal, Mishra, et al.
- 2004
(Show Context)
Citation Context |

59 | Preserving privacy by deidentifying face images
- Newton, Sweeney, et al.
- 2005
(Show Context)
Citation Context ...as shown in Figure 1.2, there are two general approaches: one is to use special markers such as yellow hard-hats [9], visual tags [7], or RFID [6]; the other relies on biometric signals such as faces =-=[10]-=-, skin tones [3], or irises [11]. Unfortunately, both approaches have their shortcomings. (a) Yellow hat [9] (b) Visual tag [7] (c) RFID [12] x‘ (d) Iris scan [13] Figure 1.2: Existing subject identif... |

57 | Privacy-preserving bayesian network structure computation on distributed heterogeneous data
- Wright, Yang
- 2004
(Show Context)
Citation Context ... evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering [75, 76], decision tree [77, 78, 79] and other classifiers =-=[80, 81, 69, 82]-=- etc. A recent tutorial in SMC for signal processing community can be found in [83]. The main hurdle in applying computationally-secure SMC protocols to biometric matching is their high computational ... |

55 | Improved garbled circuit building blocks and applications to auctions and computing minima,” in Cryptology and Network Security (CANS
- Kolesnikov, Sadeghi, et al.
- 2009
(Show Context)
Citation Context ...sic garbled circuits (XOR, AND, and MULtiplication), a COUNT circuit to compute the number of ones in its input [101], and a COMPARE circuit to check if the first input is lower than the second input =-=[102]-=-. Given the fact that division in (4.2) is a complicated circuit [103] and multiplication involves fewer gates than division [104], I roll the denominator M(q,Xi) of (4.2) into the similarity threshol... |

51 | Combining cryptography with biometrics effectively
- Hao, Anderson, et al.
(Show Context)
Citation Context ...ng the biometric signal itself. Methods that use biometric to protect sensitive data are referred to as biometric cryptosystems [95]. They have been applied in a number of practical biometric systems =-=[96, 97, 33, 98]-=- in which a random key is protected by a biometric signal to produce a privacy template [96, 97] or helper data [33, 98]. Such a privacy template or helper data can only be decrypted by another biomet... |

49 | A cost-effective pay-per-multiplication comparison method for millionaires
- Fischlin
- 2001
(Show Context)
Citation Context ...anonymous routing. Moreover, many of the basic components in a BAC system can be made secure under this paradigm. They include inner product [66, 67], polynomial evaluation [68, 69, 20], thresholding =-=[70, 71, 48]-=-, median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering [75, 76], decision tree [77, 78, 79] and other classifiers [80, 81, 69, 82] etc. A recent tutorial in SMC for ... |

48 |
Fuzzy keyword search over encrypted data in cloud computing,”
- Li, Wang, et al.
- 2010
(Show Context)
Citation Context ...y and the probe. Though SMC has been used in solving relatively straightforward comparison problems such as Secure Millionaire Problem [21] electronic voting [22], online auction [23], keyword search =-=[24]-=-, and anonymous routing [25], I am the first to apply SMC to biometric matching [26]. In this work, I proposed a Homomorphic Encryption (HE)-based protocol to the well-known approach by Daugman in mat... |

47 | Securing fingerprint template: Fuzzy vault with helper data
- Uludag, Jain
- 2006
(Show Context)
Citation Context ...ational and communication complexity, computations in SMC remain highly complex and the current stateof-the-art simply cannot scale to large databases that contain tens of thousands biometric signals =-=[31, 32, 33]-=-. My k-ABAC system provides further complexity reduction in order to scale the operations up to large databases. This is similar to the well-known k-anonymity model [34] in that k is a controllable pa... |

46 |
F.: A survey of homomorphic encryption for nonspecialists
- Fontaine, Galand
- 2007
(Show Context)
Citation Context ...tching process as an instance of SFE which guarantees the privacy of both the biometric gallery and the probe. The two prevailing approaches of implementing SFE are to use Homomorphic Encryption (HE) =-=[47]-=- and Garbled Circuits (GC) [48]. HE is an asymmetric public-key cipher that allows certain arithmetic operations such as addition to be directly performed on the encrypted data. GC provides a generic ... |

44 | Privacy Protecting Data Collection in Media Spaces
- Wickramasuriya, Datt, et al.
- 2004
(Show Context)
Citation Context ...tems has been devoted to visually obfuscate the images of individuals for protection. They range from the use of black boxes or large pixels in [3, 4], scrambling in [5] to complete object removal in =-=[6, 7]-=-. Some examples are shown in Figure 1.1. Most of the obfuscation schemes apply a blanket protection to every individual 1 Figure 1.1: Different visual obfuscation techniques: (a) black silhouette; (b)... |

41 |
Pico: Privacy through invertible cryptographic obscuration
- Boult
- 2005
(Show Context)
Citation Context ...acy protection in surveillance systems has been devoted to visually obfuscate the images of individuals for protection. They range from the use of black boxes or large pixels in [3, 4], scrambling in =-=[5]-=- to complete object removal in [6, 7]. Some examples are shown in Figure 1.1. Most of the obfuscation schemes apply a blanket protection to every individual 1 Figure 1.1: Different visual obfuscation ... |

41 | Verifiable homomorphic oblivious transfer and private equality test
- Lipmaa
- 2003
(Show Context)
Citation Context ...putes Encpk(xy) in the encrypted domain as follows: Encpk(xy) = Encpk [(x− r)(y − s) + xs + yr − rs] = Encpk [(x− r)(y − s)] ·Encpk(x) s · Encpk(y) r · Encpk(−rs) efficiently with different protocols =-=[17, 50, 51]-=-. In this paper we consider the protocol described in [17], which - when implemented over a suitably chosen elliptic curve - has asymptotic communication complexity 6ℓt and is secure against malicious... |

31 | Respectful Cameras: Detecting Visual Markers in Real-Time to Address Privacy Concerns
- Schiff, Meingast, et al.
- 2007
(Show Context)
Citation Context ...sitors must be monitored at all time. To identify the subjects for privacy protection, as shown in Figure 1.2, there are two general approaches: one is to use special markers such as yellow hard-hats =-=[9]-=-, visual tags [7], or RFID [6]; the other relies on biometric signals such as faces [10], skin tones [3], or irises [11]. Unfortunately, both approaches have their shortcomings. (a) Yellow hat [9] (b)... |

31 | C.-J.: Oblivious Polynomial Evaluation and Oblivious Neural Learning
- Chang, Lu
- 2001
(Show Context)
Citation Context ...idding, keyword search and anonymous routing. Moreover, many of the basic components in a BAC system can be made secure under this paradigm. They include inner product [66, 67], polynomial evaluation =-=[68, 69, 20]-=-, thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering [75, 76], decision tree [77, 78, 79] and other classifiers [80, 81, 69, 82] etc. A ... |

31 |
Homomorphic encryption and secure comparison.
- Damgård, Geisler, et al.
- 2008
(Show Context)
Citation Context ...anonymous routing. Moreover, many of the basic components in a BAC system can be made secure under this paradigm. They include inner product [66, 67], polynomial evaluation [68, 69, 20], thresholding =-=[70, 71, 48]-=-, median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering [75, 76], decision tree [77, 78, 79] and other classifiers [80, 81, 69, 82] etc. A recent tutorial in SMC for ... |

31 | The networked sensor tapestry (nest): a privacy enhanced software architecture for interactive analysis of data in video-sensor networks
- FIDALEO, NGUYEN, et al.
(Show Context)
Citation Context ...communication point between various parties and enforces the privacy regulations. Fidaleo et al. describe a secure sharing scheme in which the surveillance data is stored in a centralized server core =-=[93]-=- . A Privacy buffer zone, adjoining the central core, manages the access to this secure area by filtering appropriate personally identifiable information thereby protecting the data. Both approaches a... |

30 | Secure Distributed Linear Algebra in a Constant Number
- Cramer, Damga°rd
- 2001
(Show Context)
Citation Context ... components in a BAC system can be made secure under this paradigm. They include inner product [66, 67], polynomial evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation =-=[72, 73]-=-, logical manipulation [74], k-means clustering [75, 76], decision tree [77, 78, 79] and other classifiers [80, 81, 69, 82] etc. A recent tutorial in SMC for signal processing community can be found i... |

28 | Secure and efficient protocols for iris and fingerprint identification.
- Blanton, Gasti
- 2011
(Show Context)
Citation Context ...ational and communication complexity, computations in SMC remain highly complex and the current stateof-the-art simply cannot scale to large databases that contain tens of thousands biometric signals =-=[31, 32, 33]-=-. My k-ABAC system provides further complexity reduction in order to scale the operations up to large databases. This is similar to the well-known k-anonymity model [34] in that k is a controllable pa... |

28 | Efficient binary conversion for Paillier encrypted values
- Schoenmakers, Tuyls
- 2006
(Show Context)
Citation Context ... be made secure under this paradigm. They include inner product [66, 67], polynomial evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation =-=[74]-=-, k-means clustering [75, 76], decision tree [77, 78, 79] and other classifiers [80, 81, 69, 82] etc. A recent tutorial in SMC for signal processing community can be found in [83]. The main hurdle in ... |

26 |
Kobbi Nissim. Evaluating 2-DNF formulas on ciphertexts
- Boneh, Goh
- 2005
(Show Context)
Citation Context |

26 | Oblivious polynomial evaluation
- Naor, Pinkas
(Show Context)
Citation Context ...idding, keyword search and anonymous routing. Moreover, many of the basic components in a BAC system can be made secure under this paradigm. They include inner product [66, 67], polynomial evaluation =-=[68, 69, 20]-=-, thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering [75, 76], decision tree [77, 78, 79] and other classifiers [80, 81, 69, 82] etc. A ... |

25 |
Protection and retrieval of encrypted multimedia content: when cryptography meets signal processing
- Erkin, Piva, et al.
(Show Context)
Citation Context ...een encrypted numbers can be accomplished by randomization and interaction between parties. Recently, Paillier encryption is being applied in a number of fundamental signal processing building blocks =-=[88]-=- including basic classifiers [81] and Discrete Cosine Transform [89] in encrypted domain. Nevertheless, the public-key encryption and decryption processes in any homomorphic encryption still pose a fo... |

25 |
Biometric encryption: A positive-sum technology that achieves strong authentication, security and privacy”,
- Cavoukian, Stoianov
- 2007
(Show Context)
Citation Context ...ng the biometric signal itself. Methods that use biometric to protect sensitive data are referred to as biometric cryptosystems [95]. They have been applied in a number of practical biometric systems =-=[96, 97, 33, 98]-=- in which a random key is protected by a biometric signal to produce a privacy template [96, 97] or helper data [33, 98]. Such a privacy template or helper data can only be decrypted by another biomet... |

23 |
A new privacy-preserving distributed k-clustering algorithm
- Jagannathan, Pillaipakkamnatt, et al.
- 2006
(Show Context)
Citation Context ...s paradigm. They include inner product [66, 67], polynomial evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering =-=[75, 76]-=-, decision tree [77, 78, 79] and other classifiers [80, 81, 69, 82] etc. A recent tutorial in SMC for signal processing community can be found in [83]. The main hurdle in applying computationally-secu... |

20 |
Tools for protecting the privacy of specific individuals in video
- Chen, Chang, et al.
(Show Context)
Citation Context ...ion Management (PIM) system that uses biometric signals for encrypting and retrieving the privacy video [35]. There have been many recent works in enhancing privacy protection in surveillance systems =-=[6, 3, 4, 36, 37, 10, 38]-=-. Many of them share the common theme of identifying sensitive information and applying image processing schemes for obfuscating that sensitive information. But the security flaw overlooked in most of... |

20 |
Elementary Number Theory
- Rosen
- 2000
(Show Context)
Citation Context ...t exists in Fm. We denote the inverse operation as follows: (P7) INVERSE ([y]mi all i) −→ Pi : ([y −1]mi ) INVERSE can be implemented by repeated multiplications according to the Carmichael’s theorem =-=[61]-=-: y−1 = yλ(m)−1 mod m, where λ(m) is the (reduced) totient function. Notice that with this equation, the inverse of 0 is defined and is equal to 0. For prime m, λ(m) = m − 1. For large λ(m) − 1, the i... |

15 |
Oblivious neural network computing via homomorphic encryption
- Orlandi, Piva, et al.
(Show Context)
Citation Context ... evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering [75, 76], decision tree [77, 78, 79] and other classifiers =-=[80, 81, 69, 82]-=- etc. A recent tutorial in SMC for signal processing community can be found in [83]. The main hurdle in applying computationally-secure SMC protocols to biometric matching is their high computational ... |

14 | Secure linear algebra using linearly recurrent sequences
- Kiltz, Mohassel, et al.
- 2007
(Show Context)
Citation Context ... components in a BAC system can be made secure under this paradigm. They include inner product [66, 67], polynomial evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation =-=[72, 73]-=-, logical manipulation [74], k-means clustering [75, 76], decision tree [77, 78, 79] and other classifiers [80, 81, 69, 82] etc. A recent tutorial in SMC for signal processing community can be found i... |

14 | de Hoogh S: Improved primitives for secure multiparty integer computation. Security and Cryptography for Networks (SCN
- Catrina
- 2010
(Show Context)
Citation Context ...bservation. It is very easy to extend this protocol to the situation where only secret shares can be accessed (in this situation, start Protocol 6 from step 3). Step 4 uses the truncation protocol in =-=[107]-=- to cut the l bits from the left and extract MSB of the result of step 3 as the output. Protocol 6 COMPARE2(v, w) Require: v at P1, w at P2 Ensure: [c]mi at party Pi for i = 1, 2, 3 where c , (v > w).... |

11 |
Feasibility of generating biometric encryption keys
- Hoque, Fairhurst, et al.
- 2005
(Show Context)
Citation Context ...ic system distorts a biometric signal using a specially designed non-invertible transform so that similarity comparison can still be performed after distortion. Biometric Encryption (BE) described in =-=[63]-=- possesses all the functionality of Cancelable Biometrics, and is immune 31 against the substitution attack because it outputs a key which is securely bound to a biometric. The BE templates stored in ... |

9 |
Bigger Monster, Weaker Chains, The Growth of an American Surveillance Society.
- Stanley, Steinhardt
- 2003
(Show Context)
Citation Context ... events. From the public outcry on the use of face recognition in public events [1] to the report by the American Civil Liberties Union (ACLU) on the surveillance systems’ assault on public’s privacy =-=[2]-=-, it is unsurprising that the general public is increasingly wary about the possibility of privacy invasion with video surveillance systems. To mitigate the public’s concern and to facilitate continue... |

9 |
Multi-camera surveillance with visual tagging and generic camera placement,
- Zhao, Cheung
- 2007
(Show Context)
Citation Context ...tems has been devoted to visually obfuscate the images of individuals for protection. They range from the use of black boxes or large pixels in [3, 4], scrambling in [5] to complete object removal in =-=[6, 7]-=-. Some examples are shown in Figure 1.1. Most of the obfuscation schemes apply a blanket protection to every individual 1 Figure 1.1: Different visual obfuscation techniques: (a) black silhouette; (b)... |

7 |
Privacy-preserving svm classification
- Vaidya, Yu, et al.
(Show Context)
Citation Context ... evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering [75, 76], decision tree [77, 78, 79] and other classifiers =-=[80, 81, 69, 82]-=- etc. A recent tutorial in SMC for signal processing community can be found in [83]. The main hurdle in applying computationally-secure SMC protocols to biometric matching is their high computational ... |

7 |
Protecting and managing privacy information in video surveillance system
- Venkatesh, Cheung, et al.
(Show Context)
Citation Context ...vulnerable to concerted attacks. Cheung et al. propose a new management system within which the users and the client agents can anonymously exchange data, credential, and authorization 36 information =-=[94]-=-. This approach is reminiscent to a Data Right Management (DRM) system where the content owner can control the access of his/her content after proper payment is received. A trusted mediator agent is s... |

6 |
Monitor camera system and method of displaying picture from monitor camera thereof
- Wada, Kaiyama, et al.
- 2001
(Show Context)
Citation Context ...search effort for privacy protection in surveillance systems has been devoted to visually obfuscate the images of individuals for protection. They range from the use of black boxes or large pixels in =-=[3, 4]-=-, scrambling in [5] to complete object removal in [6, 7]. Some examples are shown in Figure 1.1. Most of the obfuscation schemes apply a blanket protection to every individual 1 Figure 1.1: Different ... |

6 | Distributed privacy preserving k-means clustering with additive secret sharing
- Doganay, Pedersen, et al.
- 2008
(Show Context)
Citation Context ...s paradigm. They include inner product [66, 67], polynomial evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering =-=[75, 76]-=-, decision tree [77, 78, 79] and other classifiers [80, 81, 69, 82] etc. A recent tutorial in SMC for signal processing community can be found in [83]. The main hurdle in applying computationally-secu... |

6 |
Recommendation for key management,” NIST special publication
- Barker, Burr, et al.
- 2009
(Show Context)
Citation Context ...ption and HE on asymmetric encryption. Furthermore, GC is characterized by shorter security parameters, which become more pronounced when we pass from short term to medium term and long term security =-=[91]-=-. As such, it is attractive to develop the iriscode matching by using only GC. In this dissertation, I demonstrate a computationally efficient GC-based iriscode matching algorithm. A novel contributio... |

6 |
Privacy preserving evaluation of signal quality with application to ECG analysis
- Barni, Guajardo, et al.
(Show Context)
Citation Context ... iris-code matching between the probe q and the entry Xi in the database. It uses the basic garbled circuits (XOR, AND, and MULtiplication), a COUNT circuit to compute the number of ones in its input =-=[101]-=-, and a COMPARE circuit to check if the first input is lower than the second input [102]. Given the fact that division in (4.2) is a complicated circuit [103] and multiplication involves fewer gates t... |

6 |
Division between encrypted integers by means of garbled circuits
- Lazzeretti, Barni
(Show Context)
Citation Context ...o compute the number of ones in its input [101], and a COMPARE circuit to check if the first input is lower than the second input [102]. Given the fact that division in (4.2) is a complicated circuit =-=[103]-=- and multiplication involves fewer gates than division [104], I roll the denominator M(q,Xi) of (4.2) into the similarity threshold ǫ and test whether D(q,Xi) < ǫ ·M(q,Xi). Since all computation shoul... |

6 |
Investigating useful and distinguishing features around the eyelash region
- Li, Savvides, et al.
(Show Context)
Citation Context ...sks do not disclose identify information and are treated as public information. While such an approach can significantly reduce complexity as alluded in Section 4.2.1, there are other studies such as =-=[105]-=- that show eyelashes positions, which make up a significant portion of the mask, have inherent correlation and can be used to infer important ethnic information about an individual. To the best of our... |

5 | An efficient protocol for private iris-code matching by means of garbled circuits
- Luo, Cheung, et al.
- 2012
(Show Context)
Citation Context ...handling binary operations needed for the hamming distance calculations in iris-code matching. Collaborating with Mauro Barni, I have provided an alternative implementation using Garbled Circuit (GC) =-=[28]-=-. This work also exploits key characteristics of iris data and results in one of the fastest anonymous iris matching at the time. Both HE and GC are computationally secure schemes and their security h... |

5 | Anonymous biometric access control
- Ye, Luo, et al.
- 2009
(Show Context)
Citation Context ...enge posed by scalability of anonymous biometric matching, I collaborate with Shuiming Ye to propose a novel framework called k-ABAC to provide a controllable trade-off between privacy and complexity =-=[30]-=-. Despite the reduction in computational and communication complexity, computations in SMC remain highly complex and the current stateof-the-art simply cannot scale to large databases that contain ten... |

4 |
Defrawy and Gene Tsudik. Alarm: anonymous location-aided routing in suspicious manets
- El
- 2011
(Show Context)
Citation Context ...has been used in solving relatively straightforward comparison problems such as Secure Millionaire Problem [21] electronic voting [22], online auction [23], keyword search [24], and anonymous routing =-=[25]-=-, I am the first to apply SMC to biometric matching [26]. In this work, I proposed a Homomorphic Encryption (HE)-based protocol to the well-known approach by Daugman in matching iris-codes [27]. The i... |

4 | Anonymous biometric access control based on homomorphic encryption
- Luo, Cheung, et al.
- 2009
(Show Context)
Citation Context ...arison problems such as Secure Millionaire Problem [21] electronic voting [22], online auction [23], keyword search [24], and anonymous routing [25], I am the first to apply SMC to biometric matching =-=[26]-=-. In this work, I proposed a Homomorphic Encryption (HE)-based protocol to the well-known approach by Daugman in matching iris-codes [27]. The initial work on using HE was computationally intensive. O... |

4 |
How Iris RecognitionWorks
- Daugman
(Show Context)
Citation Context ...outing [25], I am the first to apply SMC to biometric matching [26]. In this work, I proposed a Homomorphic Encryption (HE)-based protocol to the well-known approach by Daugman in matching iris-codes =-=[27]-=-. The initial work on using HE was computationally intensive. One reason is that HE 6 is cumbersome in handling binary operations needed for the hamming distance calculations in iris-code matching. Co... |

3 | Video data hiding for managing privacy information in surveillance systems
- Paruchuri, Cheung, et al.
- 2009
(Show Context)
Citation Context ...tion to every individual 1 Figure 1.1: Different visual obfuscation techniques: (a) black silhouette; (b) scrambling; (c) complete removal; (d) original information. Graphics adapted from original in =-=[8]-=-. in the scene. For such a strategy to work, the obfuscated video must reveal some attributes such as a body with a blurred face or a moving blob otherwise the video would be useless for surveillance.... |

3 |
Multidimensional scaling. Boca Raton
- Cox, Cox
- 2001
(Show Context)
Citation Context ...different approaches – the first approach is Multi-dimensional Scaling (MDS) in which an optimal mapping is derived based on minimizing the differences between the two distances over a finite dataset =-=[41]-=-. The second approach is based 16 on distance relationship with random sets of points and include techniques such as Fastmap [42], Lipshcitz Embedding [43] and Local Sensitivity Hashing [44]. In our s... |

3 | Privacy and security issues related to match scores
- Mohanty, Sarkar, et al.
- 2006
(Show Context)
Citation Context ...thing about Alice except whether her probe matches one or more biometric signals in DB. As it has been demonstrated that even the distance values d(q,xi) are sufficient for an attacker to recreate DB =-=[46]-=-, the second property is designed to disclose the least amount of information to Alice. 2.1.3 Security Model on Adversarial Behaviors It is impossible to design a secure system without considering the... |

3 |
Privacy preserving id3 using gini index over horizontally partitioned data
- Samet, Miri
- 2008
(Show Context)
Citation Context ... inner product [66, 67], polynomial evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering [75, 76], decision tree =-=[77, 78, 79]-=- and other classifiers [80, 81, 69, 82] etc. A recent tutorial in SMC for signal processing community can be found in [83]. The main hurdle in applying computationally-secure SMC protocols to biometri... |

3 |
Secure signal processing between distrusted network terminals
- Cheung, Nguyen
(Show Context)
Citation Context ...logical manipulation [74], k-means clustering [75, 76], decision tree [77, 78, 79] and other classifiers [80, 81, 69, 82] etc. A recent tutorial in SMC for signal processing community can be found in =-=[83]-=-. The main hurdle in applying computationally-secure SMC protocols to biometric matching is their high computational complexity. For example, the classical solution 33 to the thresholding problem1, or... |

3 |
Ibm touts encryption innovation
- Cooney
(Show Context)
Citation Context ...ion to realistic application is questionable. In an interview, Gentry estimates that performing a Google search with encrypted keywords would increase the amount of computing time by about a trillion =-=[85]-=- and even this claim is already challenged by others to be too conservative [86]. 1This problem is commonly referred to as the Secure Millionaire Problem in SMC literature. 34 More practical homomorph... |

3 |
Homomoprhic encryption breakthrough
- Schneier
- 2009
(Show Context)
Citation Context ...that performing a Google search with encrypted keywords would increase the amount of computing time by about a trillion [85] and even this claim is already challenged by others to be too conservative =-=[86]-=-. 1This problem is commonly referred to as the Secure Millionaire Problem in SMC literature. 34 More practical homomorphic encryptions such as Paillier cryptosystem can only support addition between t... |

2 |
Patent 6,067,399: Privacy mode for acquisition cameras and camcorders
- US
(Show Context)
Citation Context ...search effort for privacy protection in surveillance systems has been devoted to visually obfuscate the images of individuals for protection. They range from the use of black boxes or large pixels in =-=[3, 4]-=-, scrambling in [5] to complete object removal in [6, 7]. Some examples are shown in Figure 1.1. Most of the obfuscation schemes apply a blanket protection to every individual 1 Figure 1.1: Different ... |

2 |
Anonymous subject identification in privacyaware video surveillance
- Luo, Ye, et al.
- 2010
(Show Context)
Citation Context ...e two general approaches: one is to use special markers such as yellow hard-hats [9], visual tags [7], or RFID [6]; the other relies on biometric signals such as faces [10], skin tones [3], or irises =-=[11]-=-. Unfortunately, both approaches have their shortcomings. (a) Yellow hat [9] (b) Visual tag [7] (c) RFID [12] x‘ (d) Iris scan [13] Figure 1.2: Existing subject identification approaches The first app... |

2 | Secure multiparty computation between distrusted networks terminals
- Cheung, Nguyen
(Show Context)
Citation Context ...ing her membership status. This problem is an instance of secure multiparty computation, a subfield of cryptography in which multiple parties use the private data to achieve a common computation goal =-=[14]-=-. Second, we consider the complexity challenge posed by scaling the biometric matching process to large databases through secure collaboration between Alice and Bob, normally in encrypted form. The hi... |

2 |
Similarity search in high dimneions via hashing
- Gionis, Indyk, et al.
- 1999
(Show Context)
Citation Context ...e dataset [41]. The second approach is based 16 on distance relationship with random sets of points and include techniques such as Fastmap [42], Lipshcitz Embedding [43] and Local Sensitivity Hashing =-=[44]-=-. In our system, we use both PCA and Fastmap for their low computational complexity and good performance. Here we provide a brief review of the Fastmap procedure and will discuss its secure implementa... |

2 |
Completeness thorems for non-cryptographic faulttolerant distributed computation
- Ben-Or, Goldwasser, et al.
- 1988
(Show Context)
Citation Context ...the protocol provides no additional information, measured in entropy, about the private data. A major disadvantage of IT-SMC, however, is the need to maintain multiple non-colluding computing parties =-=[58]-=-. Here I will introduce one of main primitives of IT-SMC: Shamir’s Secret Share (SSS) [59]. 26 2.3.1 Shamir’s Secret Share (SSS) Let x be a number in a finite field Fm. Let n be the number of parties ... |

2 |
Privacy-preserving decision tree classification in horizontal collaboration. Security of Information and Networks
- Zhan
- 2007
(Show Context)
Citation Context ... inner product [66, 67], polynomial evaluation [68, 69, 20], thresholding [70, 71, 48], median [16], matrix computation [72, 73], logical manipulation [74], k-means clustering [75, 76], decision tree =-=[77, 78, 79]-=- and other classifiers [80, 81, 69, 82] etc. A recent tutorial in SMC for signal processing community can be found in [83]. The main hurdle in applying computationally-secure SMC protocols to biometri... |

2 | Discrete cosine transform of encrypted images
- Bianchi, Piva, et al.
- 2008
(Show Context)
Citation Context ...action between parties. Recently, Paillier encryption is being applied in a number of fundamental signal processing building blocks [88] including basic classifiers [81] and Discrete Cosine Transform =-=[89]-=- in encrypted domain. Nevertheless, the public-key encryption and decryption processes in any homomorphic encryption still pose a formidable complexity hurdle to overcome. For example, the fastest thr... |

2 |
Lioudakis et al. A middleware architecture for privacy protection
- V
- 2007
(Show Context)
Citation Context ...ch significantly reduces the complexity of the circuit. 3.3 Privacy Information Management (PIM) in Video Surveillance Network To tackle the problem in managing privacy information, earlier work like =-=[92]-=- introduces a framework which advocates the presence of a trusted middleware agent, referred to as Discreet Box in [92]. The Discreet Box acts as a three way mediator between the law, the users and th... |

2 | How to Combine Homomorphic Encryption and Garbled Circuits
- Kolesnikov, Sadeghi, et al.
- 2009
(Show Context)
Citation Context ...RE circuit to check if the first input is lower than the second input [102]. Given the fact that division in (4.2) is a complicated circuit [103] and multiplication involves fewer gates than division =-=[104]-=-, I roll the denominator M(q,Xi) of (4.2) into the similarity threshold ǫ and test whether D(q,Xi) < ǫ ·M(q,Xi). Since all computation should be computed over integers and ǫ is a decimal number in the... |

1 |
Tampa drops face recognition system
- Brown
- 2003
(Show Context)
Citation Context ...ce labor-intensive processes into powerful automated systems that can quickly and accurately identify visual objects and events. From the public outcry on the use of face recognition in public events =-=[1]-=- to the report by the American Civil Liberties Union (ACLU) on the surveillance systems’ assault on public’s privacy [2], it is unsurprising that the general public is increasingly wary about the poss... |

1 |
Yuguang Fang. Using homomorphic encryption to secure the combinatorial spectrum auction without the trustworthy auctioneer
- Pan, Zhu
(Show Context)
Citation Context ... the biometric gallery and the probe. Though SMC has been used in solving relatively straightforward comparison problems such as Secure Millionaire Problem [21] electronic voting [22], online auction =-=[23]-=-, keyword search [24], and anonymous routing [25], I am the first to apply SMC to biometric matching [26]. In this work, I proposed a Homomorphic Encryption (HE)-based protocol to the well-known appro... |

1 |
Sen-ching S Cheung. Privacy protected image denoising with secret shares
- SaghaianNejadEsfahani, Luo
- 2012
(Show Context)
Citation Context ...ty. Recently, I have explored the use of information-theoretic security protocols based on Shamir’s Secret Sharing to further reduce the complexity in making basic signal processing operations secure =-=[29]-=-. 2. To address the second complexity challenge posed by scalability of anonymous biometric matching, I collaborate with Shuiming Ye to propose a novel framework called k-ABAC to provide a controllabl... |

1 |
Privacy information management for video surveillance
- Luo, Cheung
(Show Context)
Citation Context ...ity of the “trusted” individual in video surveillance system, I propose a novel Privacy Information Management (PIM) system that uses biometric signals for encrypting and retrieving the privacy video =-=[35]-=-. There have been many recent works in enhancing privacy protection in surveillance systems [6, 3, 4, 36, 37, 10, 38]. Many of them share the common theme of identifying sensitive information and appl... |

1 |
Privacy-enhancing access control enforcement
- Deswarte, Roy
- 2006
(Show Context)
Citation Context ... flaw overlooked in most of these systems is that they fail to consider the security impact of modifying the surveillance videos. While sophisticated privacy policy has been studied in the literature =-=[39]-=-, the privacy visual information of an individual should be ideally treated in the same manner as any other personal information such as passport 8 or credit card numbers. That is, every access of suc... |

1 |
Paillier Library
- Bethencourt
(Show Context)
Citation Context ... good samples and one sample is set aside for testing. A total of 160 individuals are included in our dataset. Our Paillier implementation is based on the Paillier Library developed by J. Bethencourt =-=[109]-=-. The key length of the Paillier cipher is set to be 1024 bit which results in 2048-bit ciphertexts. The communication cost is measured based on total amount of information exchanged between Bob and A... |