TY - GEN
T1 - Cloud-based biometrics processing for privacy-preserving identification
AU - Hahn, Changhee
AU - Shin, Hyungjune
AU - Hur, Junbeom
N1 - Funding Information:
IX. CONCLUSION In this paper, we analyzed the security of CloudBI, proved how vulnerable it could be, and proposed a countermeasure. The security assumption of CloudBI does not capture real-world attacks, e.g., registering malicious instances to databases. We carefully designed the attack model and showed how an attacker enrolls arbitrary FingerCodes and later exploits them in order to recover victim’s FingerCode This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government(MSIP) (No.R0190-16-2011, Development of Vulnerability Discovery Technolo-2017-03g-i0e6s for IoT Software Security). This work was also sup-ported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIP) (No.2016R1A2A2A05005402).
Publisher Copyright:
© 2017 IEEE.
PY - 2017/7/26
Y1 - 2017/7/26
N2 - With the increasing number of users enrolled, biometric identification requires more computing resources to scan all records of a database and locate the best match. As such, database owners are willing to delegate user biometric information (in encrypted state) to the cloud to enroll and identify users, while preserving privacy. Wang et al. proposed a cloud-based privacy-preserving biometric scheme, a.k.a. CloudBI, in ESORICS 2015, but their security assumption does not capture practical aspects of real world attacks. In this paper, we show how an attack enrolls fake biometric data and then manipulates them to recover encrypted an identification request in CloudBI. Next, we propose an effective security patch to CloudBI, which is secure against enrollment-level attackers. Experimental results show that the proposed security patch bring about little performance degradation to CloudBI.
AB - With the increasing number of users enrolled, biometric identification requires more computing resources to scan all records of a database and locate the best match. As such, database owners are willing to delegate user biometric information (in encrypted state) to the cloud to enroll and identify users, while preserving privacy. Wang et al. proposed a cloud-based privacy-preserving biometric scheme, a.k.a. CloudBI, in ESORICS 2015, but their security assumption does not capture practical aspects of real world attacks. In this paper, we show how an attack enrolls fake biometric data and then manipulates them to recover encrypted an identification request in CloudBI. Next, we propose an effective security patch to CloudBI, which is secure against enrollment-level attackers. Experimental results show that the proposed security patch bring about little performance degradation to CloudBI.
KW - Biometrics
KW - Cloud
KW - Identification
UR - http://www.scopus.com/inward/record.url?scp=85028029702&partnerID=8YFLogxK
U2 - 10.1109/ICUFN.2017.7993859
DO - 10.1109/ICUFN.2017.7993859
M3 - Conference contribution
AN - SCOPUS:85028029702
T3 - International Conference on Ubiquitous and Future Networks, ICUFN
SP - 595
EP - 600
BT - ICUFN 2017 - 9th International Conference on Ubiquitous and Future Networks
PB - IEEE Computer Society
T2 - 9th International Conference on Ubiquitous and Future Networks, ICUFN 2017
Y2 - 4 July 2017 through 7 July 2017
ER -