Bio: Edlira Martiri is an academic researcher from Norwegian University of Science and Technology. The author has contributed to research in topics: Password & Biometrics. The author has an hindex of 5, co-authored 19 publications receiving 58 citations. Previous affiliations of Edlira Martiri include University of Tirana & Gjøvik University College.
TL;DR: A general biometric template protection scheme based on honey templates and Bloom filters is proposed, in order to grant privacy protection to the enrolled subject and detect the use of stolen templates.
Abstract: Biometric verification can be considered one of the most reliable approaches to person authentication. However, biometrics are highly sensitive personal data and any information leakage poses severe security and privacy risks. Biometric templates should hence be protected and impersonation with stolen templates must be prevented, while preserving system's performance. In this study, a general biometric template protection scheme based on honey templates and Bloom filters is proposed, in order to grant privacy protection to the enrolled subject and detect the use of stolen templates. The performance and security evaluations show the soundness of the proposed scheme for facial verification. The benchmark is conducted with the publicly available BioSecure Multimodal DB and the free Bob image processing toolbox, so that research is fully reproducible.
••30 Nov 2011
TL;DR: This article introduces a new vocabulary, FOAF-Academic, which is built up on the OAF vocabulary by restricting it to communication in academic communities, as well as extending it were required to cover academic-specific terms and relationships.
Abstract: The aim of Semantic Web is to add machineprocessable information to the Web. Our focus is on information related to people. This problem in Semantic Web is addressed by the FOAF Vocabulary. FOAF Vocabulary describes people, their activities and the people they know. The terms defined in this vocabulary let us say general things about us and people we know. But the terms in FOAF define people generally, and for example don't let us talk about professional achievements and bring us near to specific academic communities of our interest. The entire social network is composed of communities, and we have chosen to contribute on academic community. In this article we introduce a new vocabulary, FOAF-Academic, which we have built up on the OAF vocabulary by restricting it to communication in academic communities (e.g., exclude personal data), as well as extending it were required to cover academic-specific terms and relationships (e.g., add the co-author relationship). We have described this ontology and the technologies under which it is implemented. This ontology will help the academic community in saying anything about their achievements, their qualifications, activities and the communities that are near to them, in a machine readable format in order to be processed by both human and machine.
TL;DR: This paper is going to introduce a digital signature scheme which is based on Rabin scheme, and built an ID generation scheme which can be used in many situations where is needed such a level of security.
••01 Jul 2015
TL;DR: This paper proposes to use BTPS for his purpose and presents a machine learning based protected template generation protocol to ensure the best anonymity of the generated sugar template (from a user's genuine biometric feature) among other honey ones (from synthesized biometric features).
Abstract: Hash based biometric template protection schemes (BTPS), such as fuzzy commitment, fuzzy vault, and secure sketch, address the privacy leakage concern on the plain biometric template storage in a database through using cryptographic hash calculation for template verification. However, cryptographic hashes have only computational security whose being cracked shall leak the biometric feature in these BTPS; and furthermore, existing BTPS are rarely able to detect during a verification process whether a probe template has been leaked from the database or not (i.e., being used by an imposter or a genuine user). In this paper we tailor the "honeywords" idea, which was proposed to detect the hashed password cracking, to enable the detectability of biometric template database leakage. However, unlike passwords, biometric features encoded in a template cannot be renewed after being cracked and thus not straightforwardly able to be protected by the honeyword idea. To enable the honeyword idea on biometrics, diversifiability (and thus renewability) is required on the biometric features. We propose to use BTPS for his purpose in this paper and present a machine learning based protected template generation protocol to ensure the best anonymity of the generated sugar template (from a user's genuine biometric feature) among other honey ones (from synthesized biometric features).
••25 May 2020
TL;DR: A game between the attacker and the defender is simulated in this work to assess their possible strategies in a honeyword system where all of the original passwords are machine-generated is simulated and the hybrid PassGAN-based techniques can be considered as the best honeywords generations strategy for the defender.
Abstract: A game between the attacker and the defender is simulated in this work to assess their possible strategies in a honeyword system where all of the original passwords are machine-generated is simulated Five PassGAN-based honeywords generation strategies are used by the defender while three guessing strategies are employed by the attacker including TopPW attack and two PassGAN-based methods The experiment results show that both the PassGAN-based attack obtained a higher success rate than the Top-PW attack that consider the most popular password as the correct password Meanwhile, from the defender’s point of view, the hybrid PassGAN-based techniques can be considered as the best honeywords generations strategy for the defender due to its ability to combine the benefit provided by the PassGAN trained on leaked password dataset and the PassGAN trained on the random password dataset
01 Jan 2018
TL;DR: This work develops a series of practical experiments using 10 large-scale datasets, a total of 104 million real-world passwords, to quantitatively evaluate the security that these four honeyword-generation methods can provide and resolves three open problems in honeyword research, as defined by Juels and Rivest.
Abstract: Honeywords are decoy passwords associated with each user account, and they contribute a promising approach to detecting password leakage. This approach was first proposed by Juels and Rivest at CCS’13, and has been covered by hundreds of medias and also adopted in various research domains. The idea of honeywords looks deceptively simple, but it is a deep and sophisticated challenge to automatically generate honeywords that are hard to differentiate from real passwords. In JuelsRivest’s work, four main honeyword-generation methods are suggested but only justified by heuristic security arguments. In this work, we for the first time develop a series of practical experiments using 10 large-scale datasets, a total of 104 million real-world passwords, to quantitatively evaluate the security that these four methods can provide. Our results reveal that they all fail to provide the expected security: real passwords can be distinguished with a success rate of 29.29%∼32.62% by our basic trawling-guessing attacker, but not the expected 5%, with just one guess (when each user account is associated with 19 honeywords as recommended). This figure reaches 34.21%∼49.02% under the advanced trawling-guessing attackers who make use of various state-of-the-art probabilistic password models. We further evaluate the security of Juels-Rivest’s methods under a targeted-guessing attacker who can exploit the victim’ personal information, and the results are even more alarming: 56.81%∼67.98%. Overall, our work resolves three open problems in honeyword research, as defined by Juels and Rivest.
TL;DR: A digital signature scheme in which the public key is fixed but the secret signing key is updated at regular intervals so as to provide a forward security property: compromise of the current secret key does not enable an adversary to forge signatures pertaining to the past.
Abstract: We describe a digital signature scheme in which the public key is fixed but the secret signing key is updated at regular intervals so as to provide a forward security property: compromise of the current secret key does not enable an adversary to forge signatures pertaining to the past. This can be useful to mitigate the damage caused by key exposure without requiring distribution of keys. Our construction uses ideas from the Fiat-Shamir and Ong-Schnorr identification and signature schemes, and is proven to be forward secure based on the hardness of factoring, in the random oracle model. The construction is also quite efficient.
TL;DR: The docschain is introduced to tackle the three mentioned limitations of the blockcerts and seamlessly incorporates within the existing workflow of degree issuance by operating over the hard copies of the degree documents.
Abstract: Degree verification is the process of verifying the academic credentials of successfully graduated students. It is a time-consuming and costly process as universities annually spend millions of dollars on handling the degree verification requests. Hence, there is a dire need to improve the degree verification process, and the Massachusetts Institute of Technology, Cambridge, MA, USA, has introduced the blockcerts, a blockchain-based solution for freely handling the degree verification requests. Although blockcerts eliminates the cost of the degree verification process, it also alters the existing workflow of degree issuance. This is because blockcerts are primarily focused on facilitating the students, and there is room for improvement from the perspective of educational institutes. In this article, we have introduced the docschain to tackle the three mentioned limitations of the blockcerts. Docschain seamlessly incorporates within the existing workflow of degree issuance by operating over the hard copies of the degree documents. This is achieved through optical character recognition (OCR), and the record of each degree document is stored along with the details of the corresponding OCR template to understand the semantics of the data stored at different sections of the degree document. In contrast to blockcerts, docschain also supports the bulk submission of degree details for both the previously and newly graduated students.
TL;DR: The final result of this study is that the digital signature system has a significant impact on increasing motivation to facilitate authorization and secure documents.
Abstract: At present, the process of validating documents for certain purposes cannot be done face-to-face because of the Covid-19 pandemic. Therefore, this research aims to maximize the existence of smart digital signature technology that guarantees its safety and validity without having to meet face to face. Encrypted digital signatures with RSA-SHA256 with cloud storage features that can share documents. The waterfall method for building systems, the collection of data generated for analysis by observation, and online questionnaires using Google Form. Based on the characteristics of the system, the satisfaction factor analysis of the system with the Slovin formula processed by the SUS score resulted in a score of 95 > 70. The final result of this study is that the digital signature system has a significant impact on increasing motivation to facilitate authorization and secure documents.
TL;DR: The performance are compared to the state-of-the-art methods for the superiority of the proposed feature extraction technique and individual performance analysis has been performed at all the security levels of the propose Cancelable FaceHashing Technique.
Abstract: A novel cancelable FaceHashing technique based on non-invertible transformation with encryption and decryption template has been proposed in this paper. The proposed system has four components: face preprocessing, feature extraction, cancelable feature extraction followed by the classification, and encryption/decryption of cancelable face feature templates. During face preprocessing, the facial region of interest has been extracted out to speed the process for evaluating discriminant features. In feature extraction, some optimization techniques such as Sparse Representation Coding, Coordinate descent, and Block coordinates descent have been employed on facial descriptors to obtain the best representative of those descriptors. The representative descriptors are further arranged in a spatial pyramid matching structure to extract more discriminant and distinctive feature vectors. To preserve them, the existing BioHashing technique has been modified and extended to some higher levels of security attacks and the modified BioHashing technique computes a cancelable feature vector by the combined effect of the facial feature vector and the assigned token correspond to each user. The elements of computed cancelable feature vector are in a numeric form that has been employed to perform both verifications as well as identification task in online while the original facial feature vectors are kept offline either in hard drive or disc. Then, to enhance more security levels and also to preserve the cancelable face features, an RSA based encryption-decryption algorithm has been introduced. The proposed system has been tested using four benchmark face databases: CASIA-FACE-v5, IITK, CVL, and FERET, and performance are obtained as correct recognition rate and equal error rate. The performance are compared to the state-of-the-art methods for the superiority of the proposed feature extraction technique and individual performance analysis has been performed at all the security levels of the proposed Cancelable FaceHashing Technique. These comparisons show the superiority of the proposed system.