EP4732508A1 - A system for protecting security and privacy of biometric data in autonomous vehicles - Google Patents

A system for protecting security and privacy of biometric data in autonomous vehicles

Info

Publication number
EP4732508A1
EP4732508A1 EP25824210.6A EP25824210A EP4732508A1 EP 4732508 A1 EP4732508 A1 EP 4732508A1 EP 25824210 A EP25824210 A EP 25824210A EP 4732508 A1 EP4732508 A1 EP 4732508A1
Authority
EP
European Patent Office
Prior art keywords
attack
traffic
biometric
determining whether
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP25824210.6A
Other languages
German (de)
French (fr)
Inventor
Banu ALTAY
Serkan GONEN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gelisim Ueniversitesi
Original Assignee
Gelisim Ueniversitesi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gelisim Ueniversitesi filed Critical Gelisim Ueniversitesi
Publication of EP4732508A1 publication Critical patent/EP4732508A1/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/25Means to switch the anti-theft system on or off using biometry

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Biomedical Technology (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Evolutionary Computation (AREA)
  • Mathematical Physics (AREA)
  • Artificial Intelligence (AREA)
  • Data Mining & Analysis (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Molecular Biology (AREA)
  • Medical Informatics (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This invention relates to a system that ensures the security and protects the privacy of biometric authentication systems in autonomous vehicles, characterized in that it comprises the process steps of; determining the IP addresses and MAC addresses of all devices in the network and scanning the biometric device (100), determining whether the device is found (101), executing the attack on the target device (102), evaluating whether the attack is successful (103), copying the network traffic (104), determining whether the information obtained from the network traffic is sufficient for deep learning (200), determining whether the captured attack has the necessary feature (201), detecting the traffic flow from biometric devices (202), observing the traffic flow in real time (203), determining whether deep learning is sufficient (204), evaluating whether the traffic is sufficient (205), alerting the administrator via SMS/email if the traffic is authorized and limiting the authorized traffic (300), and alerting the administrator via SMS/email if the traffic is unauthorized and blocking the unauthorized traffic (301).

Description

A SYSTEM FOR PROTECTING SECURITY AND PRIVACY OF BIOMETRIC DATA IN AUTONOMOUS VEHICLES
Technical Field:
This invention relates to a system that ensures the security and protects the privacy of biometric authentication systems in autonomous vehicles.
State of the Art:
In today's digital age, biometric data has become a cornerstone for secure identification and access control systems in a variety of sectors, including law enforcement, banking, and personal device security. However, the sensitivity and uniqueness of biometric data raises significant privacy and security concerns. Unlike passwords or PINs, biometric data, once compromised, cannot be changed or revoked, making its protection crucial.
One of the biggest anticipated challenges with systems in the current art is the balance between safety and user convenience. In particular, while providing biometric security, some problems may occur between the security protocol and the user. These problems are usually related to user experience, perception of security, data privacy, and accuracy of biometric data. Users may have privacy concerns about the storage and processing of their biometric data (e.g. fingerprints, facial recognition data). The theft or misuse of this data can have irreversible consequences. Biometric systems sometimes fail to correctly identify the user. False positive (identifying an unauthorized person as authorized) and false negative (identifying an authorized person as unauthorized) errors can negatively impact security and user experience. It is also important for biometric systems to be user-friendly and easy to use. Complex and difficult to understand systems can lead users to have a negative attitude towards biometric security protocols.
As one of the world's leading biometric system manufacturers, Thales is also known for its cyber security efforts in the field of biometrics. Ensuring Protection against security vulnerabilities, especially in the collection, processing, verification, transmission, and storage processes of biometric data, is one of the most critical issues in this field. Thales group uses artificial intelligence and machine learning methods to detect and prevent common cyber security threats in various sectors. Especially with the increasing use of biometric data in loT and HoT systems, the potential of expert systems in this field has emerged. Thales Group offers a wide range of cyber security services in the fields of aerospace, defense and technology, as well as the automotive sector. However, while Thales offers a wide range of security solutions, it does not appear to have enough depth to offer specific solutions in more niche fields such as biometric data security.
As a result, there is a need for a new technology which can overcome the disadvantages mentioned above.
Definition of the Invention:
This invention aims to raise awareness of potential threats and teach methods for effectively securing personal and organizational biometric data. It offers an innovative solution that addresses not just improvements like systems in the current art, but also the limitations of existing biometric security technologies. Similarly, it offers an unprecedented level of data protection unlike traditional data security methods such as BDIAF. This system is designed to meet the needs of a rapidly evolving digital environment, ensuring robust security measures are in place to protect against increasingly sophisticated cyber threats.
The invention addresses an established market, such as the autonomous vehicle industry, which has long recognized the importance of cyber security, and a different approach to address new needs emerging with technological advances and digital transformation initiatives.
The aim of the invention is to revolutionize the way biometric data is protected. The invention aims to develop a robust expert system that can automatically detect security vulnerabilities in biometric data processing systems, from data capture to storage and analysis. Thus, applications through loT/lloT concepts will be clarified with an industrial approach through the application of biometric data in infotainment systems in autonomous vehicles. The invention encompasses a software process achieved with a cyber security infrastructure that is proactive, intelligent, and adaptable to evolving threats.
The invention is differentiated by being proactive in nature. The developed expert system aims to prevent breaches before they happen through continuous monitoring and learning. Furthermore, while existing solutions can provide protection piece by piece, the present invention envisages a holistic security architecture that takes into account all aspects of biometric data processing. The integration of Al (artificial intelligence) and ML (machine learning) not only allows for real-time threat detection, but also facilitates a dynamic response capability that traditional static defenses lack. This adaptability ensures that the system remains effective against rapidly evolving cyber threats.
The invention focuses on solutions that are seamless for the end user, such as background security checks and non-intrusive authentication methods. In this way, there are no problems between security and user convenience.
The invention aims to develop a flexible framework that can be tailored to specific system requirements and ensures broad applicability across different technologies and industries. Successful implementation of the invention has the potential to set a new standard in biometric data security. A structure that not only protects the privacy and security of individuals, but also increases trust in biometric systems.
Face data found as a result of searches in the database is presented to the request initiator in an impersonal format and contains only encrypted images that match the target face data. Each attack vector in the flow diagram mentioned in the scope of the invention has specific features. Therefore, different algorithms need to be used for the features detected for each attack vector. Agile method will be preferred as the software development methodology of optimal algorithms in the biometric data processing phase. This method will involve the preparation of a development environment in which algorithms and expert systems will be integrated in accordance with the requirements. In this process, algorithms will be made compatible with the biometric system, software interfaces are created, and testing and verification stages are passed. This approach is an important step to ensure reliable and effective use of the software. As part of the software developed with the Agile method of the obtained optimal algorithms, an effective logging system is available for the detection and reporting of attacks. This logging system continuously monitors and records user activities, system events, and potential security breaches. In addition, when attacks or security breaches are detected, these events are automatically reported and the relevant teams are immediately notified. This will be a critical component to enhance the ability of biometric systems to maintain security and respond quickly to attacks. This software will be deployed and operated on a cloud-based system. This cloud-based approach is preferred to increase the scalability of systems, ensure security, and make it easier for users to access from anywhere. Furthermore, cloud-based infrastructure supports more effective management of logging, monitoring and security measures. This is an important component in improving the security of biometric systems and ensuring that users get a better experience and achieve their goals.
The invention uses artificial intelligence and machine learning algorithms to detect anomalies and potential security threats with high accuracy. Biometric data can be combined with other forms of verification to provide an additional layer of security and reduce the risk of unauthorized access.
Description of the Drawings:
The invention will be described with reference to the accompanying figures, so that the features of the invention will be more clearly understood and appreciated, however it is not intended to limit the invention to these particular embodiments. On the contrary, it is intended all alternatives, modifications, and equivalences that may be included in the field of the invention as defined by the accompanying claims are within the scope. It should be understood that the details shown are for the sole purpose of illustrating preferred embodiments of the present invention and are intended to provide the most useful and easily understandable description of both the embodiment of the methods and the rules and conceptual features of the invention. In the drawings;
Fig. 1 is a schematic diagram showing the operation of the system of the invention.
Fig. 2 is a schematic diagram showing the operation of the system of the invention.
The figures which will help understand this invention are numbered as indicated in the accompanying drawing and are given below with their names. Description of the References:
100. Biometric device scanning
101 . Evaluation of whether the device is found
102. Execution of the attack
103. Evaluation of the success of the attack
104. Copying of network traffic
200. Determination of the adequacy of deep learning
201 . Determination of whether it has the feature
202. Detection of traffic flow
203. Observation in real time
204. Determination of the adequacy of deep learning
205. Determination of whether the traffic is sufficient
300. Limiting of authorized traffic
301 . Blocking of unauthorized traffic
Detailed Description of the Invention:
The process steps of the system of the invention generally comprise the process steps of; determining the IP addresses and MAC addresses of all devices in the network and scanning the biometric device (100), determining whether the device is found (101), executing the attack on the target device (102), evaluating whether the attack is successful (103), copying the network traffic (104), determining whether the information obtained from the network traffic is sufficient for deep learning (200), determining whether the captured attack has the necessary feature (201), detecting the traffic flow from biometric devices (202), observing the traffic flow in real time (203), determining whether deep learning is sufficient (204), evaluating whether the traffic is sufficient (205), alerting the administrator via SMS/email if the traffic is authorized and limiting the authorized traffic (300), and alerting the administrator via SMS/email if the traffic is unauthorized and blocking the unauthorized traffic (301).
A network map including the IP addresses and MAC addresses of all devices on the network is created. This process is for determining the scope of the scan. If required, it is also possible to perform scanning in specific IP ranges. Particular device-specific information such as the brand, model, and software versions of biometric devices are recorded in the scan results. Then, once the device is found, a number of attacks are executed on the device. These attacks can belong to any of the following types: DoS/DDoS attack, pass the hass (PtH) attack, replay attack, false data attack, brute force attack, web attack, and mobile attack. A DoS/DDoS attack is an attack to overload a system, network or service to render it unusable. It engages the target system with a large volume of requests usually from a single source. Pass the Hash attack is a technique that an attacker uses to log in directly with the hash value (encrypted version) of a user's password. This attack makes it possible to move around the system by impersonating a user whose hash value has been compromised. A replay attack is an attack on a network in which a valid data transmission is intercepted and then resent. In this way, the attacker can gain unauthorized access by forging a previously valid communication. A false data attack (false data injection) is an attack that sends false data to systems or sensor networks, causing the system to make incorrect decisions or execute incorrect actions. A brute force attack is an attack that tries all possible combinations to guess a user's password. This attack method can be made difficult by using strong and complex passwords. Web attacks can be attack types such as SQL, XSS, CSRF. Mobile attacks, on the other hand, can be one of the attacks in the form of malware, fake mobile applications, etc. to be installed on the device.
After the attack, if the attack is successful, firstly, the network traffic is copied to detect the attack. Once the network traffic is copied, the network traffic is monitored and analyzed to detect malicious activity. In order to understand whether this attack has the necessary features, the analysis of whether the attack has the specified features is carried out through artificial intelligence. Artificial intelligence has a deep learning model and is retrained with new data each time, enhancing its performance and improving itself over time. In addition, with the deep learning model, large data sets can be processed and analyzed. This model will also be able to handle images, audio and other types of unstructured data. In addition, various network protocols such as TCP/IP, UDP, HTTP, HTTPS can be used for monitoring the network traffic mentioned in the invention. Traffic data will be collected and analyzed instantly. In this way, abnormal data traffic flows and behaviors can be detected and necessary measures can be taken. Lastly, it will be determined whether the traffic has an authorized use. If said use is authorized, the administrator will be alerted via SMS/email and a limit will be placed on authorized traffic. If the traffic network is unauthorized, the administrator will be alerted via SMS/email in the same way and unauthorized traffic will be blocked.
Said attacks are implemented to test the resilience of devices against known vulnerabilities.

Claims

1. A system for protecting the security and privacy of biometric data in autonomous vehicles, characterized in that it comprises the process steps of;
- determining the IP addresses and MAC addresses of all devices in the network and scanning the biometric device (100),
- determining whether the device is found (101),
- executing the attack on the target device (102),
- evaluating whether the attack is successful (103),
- copying the network traffic (104),
- determining whether the information obtained from the network traffic is sufficient for deep learning (200),
- determining whether the captured attack has the necessary feature (201),
- detecting the traffic flow from biometric devices (202),
- observing the traffic flow in real time (203),
- determining whether deep learning is sufficient (204),
- evaluating whether the traffic is sufficient (205),
- alerting the administrator via SMS/email if the traffic is authorized and limiting the authorized traffic (300),
- alerting the administrator via SMS/email if the traffic is unauthorized and blocking the unauthorized traffic (301).
2. The process step of executing the attack (102) according to claim 1 , characterized in that it comprises DoS/DDoS attack, pass the hass (PtH) attack, replay attack, false data attack, brute force attack, web attack, and mobile attack types.
EP25824210.6A 2024-08-09 2025-02-10 A system for protecting security and privacy of biometric data in autonomous vehicles Pending EP4732508A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR2024/010429A TR2024010429A2 (en) 2024-08-09 2024-08-09 A SYSTEM THAT PROVIDES SECURITY AND PRIVACY OF BIOMETRIC DATA IN AUTONOMOUS VEHICLES
PCT/TR2025/050100 WO2025264196A1 (en) 2024-08-09 2025-02-10 A system for protecting security and privacy of biometric data in autonomous vehicles

Publications (1)

Publication Number Publication Date
EP4732508A1 true EP4732508A1 (en) 2026-04-29

Family

ID=98213623

Family Applications (1)

Application Number Title Priority Date Filing Date
EP25824210.6A Pending EP4732508A1 (en) 2024-08-09 2025-02-10 A system for protecting security and privacy of biometric data in autonomous vehicles

Country Status (3)

Country Link
EP (1) EP4732508A1 (en)
TR (1) TR2024010429A2 (en)
WO (1) WO2025264196A1 (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12184697B2 (en) * 2015-10-28 2024-12-31 Qomplx Llc AI-driven defensive cybersecurity strategy analysis and recommendation system
CN116684181A (en) * 2023-06-28 2023-09-01 深圳钰丰信息技术有限公司 Data information security protection method
CN118300834A (en) * 2024-03-28 2024-07-05 鹏城实验室 Attack traffic generation method, device and related equipment based on network target range

Also Published As

Publication number Publication date
TR2024010429A2 (en) 2024-11-21
WO2025264196A1 (en) 2025-12-26

Similar Documents

Publication Publication Date Title
US8522349B2 (en) Detecting and defending against man-in-the-middle attacks
US11902307B2 (en) Method and apparatus for network fraud detection and remediation through analytics
Ho et al. Statistical analysis of false positives and false negatives from real traffic with intrusion detection/prevention systems
CN107659583B (en) Method and system for detecting attack in fact
CN114598540A (en) Access control system, method, device and storage medium
CN112351017A (en) Transverse penetration protection method, device, equipment and storage medium
CN115694928B (en) Cloud honeypot for the entire ship computing environment, attack event perception, and behavior analysis methods
CN113411295A (en) Role-based access control situation awareness defense method and system
CN119561787B (en) Secure encryption transmission system for game data
CN115460023B (en) Method and system for integrally guaranteeing network security
Kotlaba et al. Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques.
CN113079182B (en) Network security control system
CN119276617A (en) Zero trust security identification method, device, electronic device and storage medium
US11916953B2 (en) Method and mechanism for detection of pass-the-hash attacks
CN121217419A (en) A device fingerprint-based MCP client authentication method for information security
Palmieri et al. Automatic security assessment for next generation wireless mobile networks
Goli et al. A survey on securing iot ecosystems and adaptive network vision
Al Makdi et al. Trusted security model for IDS using deep learning
WO2019159809A1 (en) Access analysis system and access analysis method
CN110430199B (en) Method and system for identifying attack source of IoT botnet
EP4732508A1 (en) A system for protecting security and privacy of biometric data in autonomous vehicles
Uyyala Multilevel authentication system using hierarchical intrusion detection architecture for online banking
Saini et al. Vulnerability and Attack Detection Techniques: Intrusion Detection System
CN119232440A (en) A network attack prevention method, device, terminal equipment and storage medium
Rahim et al. Improving the security of internet of things (iot) using intrusion detection system (ids)

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20260112

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC ME MK MT NL NO PL PT RO RS SE SI SK SM TR