Janus: Safe Biometric Deduplication for Humanitarian Aid Distribution (2308.02907v1)

Abstract: Humanitarian organizations provide aid to people in need. To use their limited budget efficiently, their distribution processes must ensure that legitimate recipients cannot receive more aid than they are entitled to. Thus, it is essential that recipients can register at most once per aid program. Taking the International Committee of the Red Cross's aid distribution registration process as a use case, we identify the requirements to detect double registration without creating new risks for aid recipients. We then design Janus, which combines privacy-enhancing technologies with biometrics to prevent double registration in a safe manner. Janus does not create plaintext biometric databases and reveals only one bit of information at registration time (whether the user registering is present in the database or not). We implement and evaluate three instantiations of Janus based on secure multiparty computation, somewhat homomorphic encryption, and trusted execution environments. We demonstrate that they support the privacy, accuracy, and performance needs of humanitarian organizations. We compare Janus with existing alternatives and show it is the first system that provides the accuracy our scenario requires while providing strong protection.

• The paper introduces Janus, a novel system that ensures safe biometric deduplication for humanitarian aid while preserving user privacy.
• The paper details three technical instantiations—SMC, SHE, and TEE—to balance performance, accuracy, and security.
• The paper demonstrates fast deduplication with SHE completing operations in under one minute and TEE in less than 50 milliseconds for up to 8,000 users.

Overview of "Janus: Safe Biometric Deduplication for Humanitarian Aid Distribution"

The paper presents Janus, a system designed to ensure safe biometric deduplication in the context of humanitarian aid distribution. This solution aims to prevent duplicate registrations without compromising the privacy or security of the individuals involved. The International Committee of the Red Cross (ICRC) serves as a case paper for understanding the essential requirements for such a system. Janus leverages biometrics and privacy-enhancing technologies to address these challenges.

Key Aspects of the Janus System

1. Privacy and Security: Janus avoids creating plaintext biometric databases. It instead implements a system where only a single bit—indicating whether a person is already registered—can be revealed during the registration process. This approach minimizes the risk of sensitive data leaks.
2. Technical Framework: Janus supports its operations through three different technological instantiations—secure multiparty computation (SMC), somewhat homomorphic encryption (SHE), and trusted execution environments (TEE). These instantiations allow the system to balance performance requirements with security assurances tailored to varied deployment situations.
3. Implementation and Evaluation: The paper details the implementation of each Janus instantiation and evaluates them on the basis of privacy, accuracy, and performance. By demonstrating the satisfaction of privacy and efficiency needs, Janus is positioned as an appealing alternative to existing biometrics-based deduplication mechanisms.

Strong Claims and Numerical Results

• Janus demonstrates that it is the first system providing the necessary accuracy for humanitarian scenarios while also offering strong privacy protection. The system can be executed under a single minute for deduplicating against databases with several thousand entries, especially when leveraging SHE.
• With the TEE implementation, the deduplication operations are extremely efficient, taking less than 50 milliseconds for databases containing up to 8000 users.

Implications and Future Prospects

Janus highlights significant potential for transforming biometric deduplication processes in humanitarian contexts, ensuring the efficiency and equitable distribution of aid without compromising user privacy. This research introduces a pivotal advancement, particularly in dealing with vulnerable populations that may lack government-issued identification.

Future prospects for Janus include scaling up deployments and exploring additional biometric data handling techniques. There is also scope for Janus' methodologies to be expanded beyond humanitarian aid to other sectors where privacy-preserving deduplication systems are beneficial.

By spearheading privacy-integrated biometric deduplication, Janus sets a precedent for future research and development initiatives in Artificial Intelligence and privacy-enhanced data management, fostering safer data processing standards globally. The choice of leveraging multiple biometric modalities and adjustable accuracy parameters ensures Janus remains versatile across different regions and challenges within the humanitarian domain.