A Statistical Inference Attack on Privacy-Preserving Biometric Identification Scheme

Biometric identification allows people to be identified by their unique physical characteristics. Among such schemes, fingerprinting is well-known for biometric identification. Many studies related to fingerprint-based biometric identification have been proposed; however, they are based purely on he...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2021, Vol.9, p.37378-37385
Main Authors: Kim, Dongmin, Kim, Kee Sung
Format: Article
Language:English
Subjects:
Algorithms
Biometric identification
Biometrics
Biometrics (access control)
cloud computing
Cryptography
Encryption
Euclidean distance
Fingerprinting
Inference algorithms
Physical properties
privacy-preserving
Protocols
Servers
Statistical inference
statistical inference attack
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Biometric identification allows people to be identified by their unique physical characteristics. Among such schemes, fingerprinting is well-known for biometric identification. Many studies related to fingerprint-based biometric identification have been proposed; however, they are based purely on heavy cryptographic primitives such as additively homomorphic encryption and oblivious transfer. Therefore, it is difficult to apply them to large databases because of the expense. To resolve this problem, some schemes have been proposed that are based on simple matrix operations rather than heavy cryptographic primitives. Recently, Liu et al. proposed an improved matrix-based scheme using the properties of orthogonal matrices. Despite being more efficient when compared to previous systems, it still fails to provide sufficient security against various types of attackers. In this paper, we demonstrate that their scheme is vulnerable to an attacker who operates with a cloud server by introducing statistical-inference attack algorithms. Moreover, we propose concrete identity confirmation parameters that an adversary must always pass, and present experimental results to demonstrate that our algorithms are both feasible and practical.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2021.3063693