Biometric identification on the cloud: A more secure and faster construction

Abstract

Cloud-assisted biometric identification can benefit data owners with limited resources by offloading their storage and identification tasks to cloud servers with abundant resources. However, the adoption of this computing paradigm is hindered by security and privacy concerns. To solve the dilemma, several privacy-preserving cloud-assisted biometric identification protocols have been proposed. Nevertheless, the existing designs suffer from one or more of the following restrictions: (1) support only for data owner-online query, (2) low security level, and (3) inefficiency. Motivated by these challenges, this paper aims to explore a more secure and efficient construction. Concretely, we initialize the error weighted hashing (EWH)-based data packing technique to replace the time-consuming linear scan search during the identification process. Additionally, to ensure compatibility with the EWH-based search algorithm, we formulate an identity (id)-based scoring strategy and introduce a random split-based data encryption algorithm, which circumvents the costly homomorphic encryption scheme. Within the framework of the two non-colluding servers model, the random split-based one-time pad encryption guarantees provably indistinguishable security against chosen-plaintext attacks. Finally, since only simple hash and xor operations are involved, our novel construction exhibits significantly improved performance compared to prior designs, both in theory and in practice. This superiority is validated through rigorous theoretical analysis and extensive experimental evaluation.