Security Analysis on Privacy-Preserving Cloud Aided Biometric Identification Schemes

  • Shiran Pan
  • Shen Yan
  • Wen-Tao ZhuEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9723)


Biometric identification (BI) is the task of searching a pre-established biometric database to find a matching record for an enquiring biometric trait sampled from an unknown individual of interest. This has recently been aided with cloud computing, which brings a lot of convenience but simultaneously arouses new privacy concerns. Two cloud aided BI schemes pursuing privacy preserving have recently been proposed by Wang et al. in ESORICS ’15. In this paper, we propose several elaborately designed attacks to reveal the security breaches in these two schemes. Theoretical analysis is given to validate our proposed attacks, which indicates that via such attacks the cloud server can accurately infer the outsourced database and the identification request.


Biometric identification Cloud computing Security breaches Privacy preserving 



The authors would like to thank the anonymous reviewers for their valuable comments. This work was supported by the National Natural Science Foundation of China under Grant 61272479, the National 973 Program of China under Grant 2013CB338001, and the Strategic Priority Research Program of Chinese Academy of Sciences under Grant XDA06010702


  1. 1.
    Bolle, R., Pankanti, S.: Biometrics: Personal Identification in Networked Society. Kluwer Academic Publishers, Norwell (1998)Google Scholar
  2. 2.
    Jain, A.K., Hong, L., Pankanti, S.: Biometric identification. Commun. ACM 43, 90–98 (2000)CrossRefGoogle Scholar
  3. 3.
    Marstona, S., Li, Z., Bandyopadhyay, S., Zhang, J., Ghalsasi, A.: Cloud computing - The business perspective. Decis. Support Syst. 51, 176–189 (2011)CrossRefGoogle Scholar
  4. 4.
    Al-Assam, H., Jassim, S.: Security evaluation of biometric keys. Comput. Secur. 31, 151–163 (2012)CrossRefGoogle Scholar
  5. 5.
    Huang, Y., Malka, L., Evans, D., Katz, J.: Efficient privacy-preserving biometric identification. In: 18th Annual Network & Distributed System Security Symposium NDSS 2011, February 2011Google Scholar
  6. 6.
    Blanton, M., Aliasgari, M.: Secure outsourced computation of iris matching. J. Comput. Secur. 20, 259–305 (2012)CrossRefGoogle Scholar
  7. 7.
    Chun, H., Elmehdwi, Y., Li, F., Bhattacharya, P., Jiang, W.: Outsourceable two-party privacy-preserving biometric authentication. In: 9th Symposium on Information, Computer and Communications Security ASIACCS 2014, pp. 401–412. ACM (2014)Google Scholar
  8. 8.
    Yuan, J., Yu, S.: Efficient privacy-preserving biometric identification in cloud computing. In: 32nd IEEE International Conference on Computer Communications INFOCOM 2013, pp. 2652–2660. IEEE (2013)Google Scholar
  9. 9.
    Wang, N., Hu, S., Ren, K., He, M., Du, M., Wang, Z.: CloudBI: practical privacy-preserving outsourcing of biometric identification in the cloud. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS. Springer, Heidelberg (2015)Google Scholar
  10. 10.
    Strang, G.: Introduction to Linear Algebra. Wellesley, Cambridge (2009)zbMATHGoogle Scholar
  11. 11.
    Oliveira, S.R.M., Zaiane, O.R.: Privacy preserving clustering by data transformation. J. Inf. Data Manag. 1, 53–56 (2010)Google Scholar
  12. 12.
    Wong, W.K., Cheung, D.W., Kao, B., Mamoulis, N.: Secure kNN computation on encrypted databases. In: 28th ACM International Conference on Management of Data, SIGMOD 2009, pp. 139–152. ACM (2009)Google Scholar
  13. 13.
    Liu, K., Giannella, C.M., Kargupta, H.: An attacker’s view of distance preserving maps for privacy preserving data mining. In: Fürnkranz, J., Scheffer, T., Spiliopoulou, M. (eds.) PKDD 2006. LNCS (LNAI), vol. 4213, pp. 297–308. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.Data Assurance and Communication Security Research CenterChinese Academy of SciencesBeijingChina
  3. 3.University of Chinese Academy of SciencesBeijingChina

Personalised recommendations