A Statistical Inference Attack on Privacy-Preserving Biometric Identification Scheme

Biometric identification allows people to be identified by their unique physical characteristics. Among such schemes, fingerprinting is well-known for biometric identification. Many studies related to fingerprint-based biometric identification have been proposed; however, they are based purely on heavy cryptographic primitives such as additively homomorphic encryption and oblivious transfer. Therefore, it is difficult to apply them to large databases because of the expense. To resolve this problem, some schemes have been proposed that are based on simple matrix operations rather than heavy cryptographic primitives. Recently, Liu et al. proposed an improved matrix-based scheme using the properties of orthogonal matrices. Despite being more efficient when compared to previous systems, it still fails to provide sufficient security against various types of attackers. In this paper, we demonstrate that their scheme is vulnerable to an attacker who operates with a cloud server by introducing statistical-inference attack algorithms. Moreover, we propose concrete identity confirmation parameters that an adversary must always pass, and present experimental results to demonstrate that our algorithms are both feasible and practical.

[1]  Luminita Vasiu,et al.  Biometric Recognition - Security and Privacy Concerns , 2004, ICETE.

[2]  Anil K. Jain,et al.  Decision-Level Fusion in Fingerprint Verification , 2001, Multiple Classifier Systems.

[3]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[4]  Tsuyoshi Takagi,et al.  Secure k-NN computation on encrypted cloud data without sharing key with query users , 2013, Cloud Computing '13.

[5]  Arun Ross,et al.  A hybrid fingerprint matcher , 2002, Object recognition supported by user interaction for service robots.

[6]  Ruixuan Li,et al.  Efficient multi-keyword ranked query over encrypted data in cloud computing , 2014, Future Gener. Comput. Syst..

[7]  Hui Zhu Efficient and Privacy-preserving Online Fingerprint Authentication Scheme Over Outsourced Data , 2018 .

[8]  Nikos Mamoulis,et al.  Secure kNN computation on encrypted databases , 2009, SIGMOD Conference.

[9]  Anil K. Jain,et al.  A Multichannel Approach to Fingerprint Classification , 1999, IEEE Trans. Pattern Anal. Mach. Intell..

[10]  Sharath Pankanti,et al.  Biometrics, Personal Identification in Networked Society: Personal Identification in Networked Society , 1998 .

[11]  Benny Pinkas,et al.  SCiFI - A System for Secure Face Identification , 2010, 2010 IEEE Symposium on Security and Privacy.

[12]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[13]  Raymond N. J. Veldhuis,et al.  Fingerprint Verification Using Spectral Minutiae Representations , 2009, IEEE Transactions on Information Forensics and Security.

[14]  Wenfen Liu,et al.  An Efficient Biometric Identification in Cloud Computing With Enhanced Privacy Security , 2019, IEEE Access.

[15]  Mun-Kyu Lee,et al.  Privacy-Preserving Palm Print Authentication Using Homomorphic Encryption , 2016, 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[16]  Qian Wang,et al.  Outsourced Biometric Identification With Privacy , 2018, IEEE Transactions on Information Forensics and Security.

[17]  Shucheng Yu,et al.  Efficient privacy-preserving biometric identification in cloud computing , 2013, 2013 Proceedings IEEE INFOCOM.

[18]  Tsuyoshi Takagi,et al.  Security Analysis of Collusion-Resistant Nearest Neighbor Query Scheme on Encrypted Cloud Data , 2014, IEICE Trans. Inf. Syst..

[19]  Sabih H. Gerez,et al.  Systematic Methods for the Computation of the Directional Fields and Singular Points of Fingerprints , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[20]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[21]  Nalini K. Ratha,et al.  Privacy Protection in High Security Biometrics Applications , 2010, ICEB.

[22]  Jonathan Katz,et al.  Efficient Privacy-Preserving Biometric Identification , 2011, NDSS.

[23]  Namrata Choudhary,et al.  Privacy-Preserving Multi-Keyword Top K-Ranked Search Over Encrypted Cloud Data , 2020 .

[24]  Stefan Katzenbeisser,et al.  Privacy-Preserving Face Recognition , 2009, Privacy Enhancing Technologies.

[25]  Dario Fiore,et al.  Using Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data , 2015, CCS.

[26]  Feifei Li,et al.  Secure nearest neighbor revisited , 2013, 2013 IEEE 29th International Conference on Data Engineering (ICDE).