1 Can an Algorithmic Solution be Proposed That Helps the CNIL to Guarantee the Privacy of our Biometric Data? Dijana PETROVSKA-DELACRÉTAZ 1 , Sanjay KANADE 1 , Rima BELGUECHI 3 , Christophe ROSENBERGER 2 , and Bernadette DORIZZI 1 1 Demartment Electronique et Physique, Institut TELECOM: TELECOM SudParis, 9 Rue Charles Fourier, 91011, Evry, France 2 Laboratoire GREYC (UMR 6072), CNRS – Université de Caen Basse Normandie -ENSICAEN, 6 boulevard Maréchal Juin, 14000 Caen, France 3 Ecole Nationale Supérieure d’Informatique ESI, Alger, Algérie dijana.petrovska@it-sudparis.eu Résumé – La biométrie est une solution émergente pour la vérification d'identité d'un individu lors des applications de contrôle d'accès physique et logique. Même si cette technologie se révèle prometteuse (forte relation entre l'individu et son authentifiant), il reste encore des problèmes importants à résoudre. Le premier concerne le respect de la vie privée des individus. En plus, si les données biométriques sont compromises, on ne peut plus les utiliser dans aucun système. Afin de résoudre ces problèmes, des algorithmes récents ont été proposés dans la littérature. Ce papier présente un état de l'art des algorithmes spécifiques, qui sont illustrés avec des travaux récents réalisés par les auteurs de ce papier dans ce domaine. Abstract – Biometrics is an emerging solution for identity verification of an individual for logical and physical access control applications. Even if this technology reveals itself as promising (strong relationship between the individual and his authenticator), two important problems have to be solved. The first problem is related to the privacy of an individual that can be compromised by cross- matching between biometric template databases. Moreover, his biometric data can be stolen but unfortunately cannot be changed. In order to solve these problems, recently some algorithms that combine cryptography with biometrics have been proposed. This paper presents a state of the art of these specific algorithms illustrated with works carried out by the authors in this domain. 1. Introduction Secure and privacy preserving management of our digital identities in the constantly evolving numerical world is of paramount importance for citizens, industries, social groups, and governments. Numerous applications are emerging related to physical access control (to buildings, restricted areas …), logical access points (for bank accounts, tax payments …) or identity documents (passport, national identity card …). In order to achieve more secure systems, biometric technologies are employed in an increasing manner in order to verify the identity of a user (to perform an authentication) or to find out his identity (identification tasks). The major reason for this widespread usage of biometrics is that biometric technologies provide the strongest proof of the physical presence of a person. The variety of biometrics characteristics available can be classified in three broad categories: 1. Biological characteristics such as, DNA, cardiac signals [phua-pr-2007], or ElectroEncephaloGram - EEG signals [ramaswamy-lncs-2006]. 2. Behavioural characteristics such as, keystroke dynamics [giot-btas-2009], online handwritten signature, or voice. 3. Morphological characteristics (the most widely employed) such as fingerprints, face, iris, or hand veins [ladoux-icb-2009]. FIG. 1 : Illustrations of biometric modalities (hand veins image and a fingerprint image after treatments to extract valleys and ridges) However, with more and more applications using biometrics, new privacy and security risks arise. For example, personal (biometric) information could be tracked from one application to another by cross-matching between biometric databases, thus compromising privacy. A crucial issue is the potential misuse of collected biometric data. Questions like “What can I do if my biometric data has been stolen or misused?” require urgent attention not only to reassure users with regards to privacy intrusion but also to prevent misuse and improve accuracy. Moreover, since standard biometric templates are