Abstract
With the increasing number of users enrolled, biometric identification requires more computing resources to scan all records of a database and locate the best match. As such, database owners are willing to delegate user biometric information (in encrypted state) to the cloud to enroll and identify users, while preserving privacy. Wang et al. proposed a cloud-based privacy-preserving biometric scheme, a.k.a. CloudBI, in ESORICS 2015, but their security assumption does not capture practical aspects of real world attacks. In this paper, we show how an attack enrolls fake biometric data and then manipulates them to recover encrypted an identification request in CloudBI. Next, we propose an effective security patch to CloudBI, which is secure against enrollment-level attackers. Experimental results show that the proposed security patch bring about little performance degradation to CloudBI.
| Original language | English |
|---|---|
| Title of host publication | ICUFN 2017 - 9th International Conference on Ubiquitous and Future Networks |
| Publisher | IEEE Computer Society |
| Pages | 595-600 |
| Number of pages | 6 |
| ISBN (Electronic) | 9781509047499 |
| DOIs | |
| Publication status | Published - 2017 Jul 26 |
| Event | 9th International Conference on Ubiquitous and Future Networks, ICUFN 2017 - Milan, Italy Duration: 2017 Jul 4 → 2017 Jul 7 |
Publication series
| Name | International Conference on Ubiquitous and Future Networks, ICUFN |
|---|---|
| ISSN (Print) | 2165-8528 |
| ISSN (Electronic) | 2165-8536 |
Other
| Other | 9th International Conference on Ubiquitous and Future Networks, ICUFN 2017 |
|---|---|
| Country/Territory | Italy |
| City | Milan |
| Period | 17/7/4 → 17/7/7 |
Bibliographical note
Publisher Copyright:© 2017 IEEE.
Keywords
- Biometrics
- Cloud
- Identification
ASJC Scopus subject areas
- Computer Networks and Communications
- Computer Science Applications
- Hardware and Architecture