A Framework for Secure Cloud- Empowered Mobile Biometrics

1  

A  Framework  for  Secure  Cloud-­‐Empowered  

Mobile  Biometrics  

A.  Bommagani1_{,  M.  C.  ValenA}1_{,  and  A.  Ross}2    

1_{West  Virginia  University,  Morgantown,  WV,  USA}   2_{Michigan  State  University,  East  Lansing,  MI,  USA}  

This  research  was  funded  by  the  Center  for  IdenBficaBon  Technology  Research  (CITeR),  a  NaBonal  Science   FoundaBon  (NSF)  Industry/University  CooperaBve  Research  Center  (I/UCRC).

2   2  

Outline

1.

IntroducBon  

2.

Homomorphic  LBP-­‐based  face  

recogniBon  

3.

A  framework  for  secure  cloud  

biometrics  

4.

System  analysis  

3   3  

Outline

1.

IntroducAon  

2.

Homomorphic  LBP-­‐based  face  

recogniBon  

3.

A  framework  for  secure  cloud  

biometrics  

4.

System  analysis  

4   4  

IntroducAon  

•  The   cloud   provides   unbounded,  

c o s t -­‐ e ff e c B v e ,   a n d   e l a s B c   compuBng  resources.  

•  Biometrics   can   leverage   the  

efficiency  of  the  cloud.    

•  The   cloud   provides   an   opportunity  

to   offload   compute-­‐intensive   operaBons  from  the  mobile  device.  

•  Conversely,   biometrics   can   help   to  

5   5  

Mobile  +  Cloud  +  Biometrics  

The  Cloud   Mobile   _Biometrics   Cloud-­‐empowered   Apps   Device  Security   Cloud-­‐based   biometric   authenBcaBon  

6   6  

The  Cloud  

leveraging Biometrics

•  Biometric  authenBcaBon  for  cloud  clients.  

•  e.g.,  Cloud  Iris  VerificaBon  System  (CIVS),  Kesava,  2010,    

CorrelaBon  keystroke  verificaBon,  Xi  et  al.,  2011.  

•  Securing  cloud  data  storage  with  biometrics.  

•  Biocryptographic  systems    

•  Using  biometrics  for  key  generaBon:  Fuzzy  extractor.  

•  Using  biometrics  for  key  binding:  Fuzzy  vault,  Fuzzy  commitment,  

BiparBte  token.  

•  AuthenBcaBon  as  a  service  (AaaS)  

•  Outsource  system  authenBcaBon  to  the  cloud.  

7   7  

Security  threats  

•  Biometric  dilemma  threat  

•  Acacker  compromises  a  less  secure  system  to  obtain  

biometric  data.  

•  Then  uses  the  biometric  data  to  gain  access  to  a  secure,  

high-­‐value  system.  

•  Doppleganger  threat  

•  Acacker  presents  a  large  amount  of  biometric  data,  in  the  

hopes  of  achieving  a  match.  

•  Exploits  non-­‐zero  False  Accept  Rates  (FAR)  

•  Analogous  to  a  dicBonary  acack.  

•  Trust  Issues  

8   8  

Biometrics  leveraging  the  Cloud  

•  Using  the  cloud  to  store  biometric  data.  

•  The  cloud  is  a  cost  effecBve  and  elasBc  way  to  store  and  share  data.  

•  Need  to  preserve  privacy  of  biometric  data  while  in  the  cloud,  and  during  

transfer  to/from  the  cloud.  

•  PotenBal  to  support  access  from  different  enBBes  under  different  policies.  

•  Laws  may  dictate  where  the  data  is  stored.  

•  PotenBal  to  share  biometric  data  among  research  organizaBons.   •  Using  the  cloud  to  perform  biometric  computaBons  

•  Rapid  analyBcs:  e.g.,  idenBficaBon  through  parallelizaBon.  

•  “Big  data”  biometrics  using  Hadoop,  ZooKeeper,  and  Accumulo.   •  Biometrics  as  a  service  

•  Allow  access  to  different  algorithms  provided  by  different  service  providers  and/

or  developers.  

9   9  

Literature  review  

•  A  Hadoop-­‐based  prototype  for  using  the  cloud  for  biometric  idenBficaBon  

is  proposed  in  [3],  but  it  does  not  describe  biometric  database  security.  

•  Fingerprint   authenBcaBon   and   storage   of   cancelable   biometrics   in   the   cloud   is   proposed   in   [7].   However,   in   this   work   matching   is   performed   locally.  

•  A  privacy-­‐preserving   biometric   idenBficaBon   scheme   is   proposed   in   [10].  

However,   it   does   not   offer   a  soluBon   to   minimize   the   damage   resulBng   from  a  compromised  biometric  database.  

•  Secure   authenBcaBon   of   mobile   cloud   users   using   a   fingerprint   image   (using  a  mobile  device  camera)  is  proposed  in  [12],  but  data  security  is  not   addressed  in  this  work.  

10   10  

Outline

1.

IntroducBon  

2.

Homomorphic  LBP-­‐based  face  

recogniAon  

3.

A  framework  for  secure  cloud  

biometrics  

4.

System  analysis  

11   11  

MoAvaAon  and  Goals    

•  There  is  a  need  to  know  when  and  how  to  best  leverage  cloud  

compuBng  for  biometric  applicaBons.    

•  There   is   also   a   need   to   characterize   the   risks  and   benefits  of  

using  cloud  compuBng  for  biometric  systems.  

•  Goal:   To   demonstrate   the   ability   to   leverage   CC   services   for  

mobile   biometrics,   while   sBll   maintaining   the   privacy   of   the   underlying  biometric  database.  

•  Developed  a  proof  of  concept  demo  featuring:  

•  Facial  recogniBon  based  on  the  LBP  algorithm.  

•  Homomorphic   templates   to   protect   privacy   of   individual’s  

12   12  

Enrollment  –  Secure  model  generaAon  

LBP  

Histogram  

Orthonormal  matrix  (A)  

Cancelable  template  

Random  permutaBon  matrix  (P)   Blinding  vector  (b)  

Image  database   Face  detecBon   Image  _{preprocessing}   Template  generaBon  

Template  (h)   Feature  extracBon   Random  projecBon   ((A*P)  *  h)  +  b   Key  (K)   Cancelable  template      database  (Model)  

13   13  

Local  Binary  PaPerns  (LBP)-­‐based  template  generaAon  

Face%image% Face%image%% regions% LBP%Histogram% for%each%region% LBP%Histogram% 60   55   58   86   48   98   83   72   87   -­‐5   -­‐2   26   -­‐12   38   23   12   27   1   0 1   1   1   1   0 0

3  x  3  pixel  neighborhood   Difference   Threshold  

(11101100)₂   236  =  (27_{*1  +  2}6_{*1  +  2}5_{*1  +  2}4_{*0  +  2}3_{*1  +  2}2_{*1  +  2}1_{*0  +  2}0_*0)

14   14  

Template  generaAon  contd.,  

•  Uniform  LBP  

– e.g.  01110000,  11001111    è    at  most  2  bitwise  transiBons  

– Each  uniform  pacern  a  separate  label.  

– All  non  uniform  pacerns  have  a  single  label.  

15   15  

Template  generaAon  contd.,  

•  Cancelable  template  generaAon:  cancelable  template  for  

template,  h  is  generated  using,    

– an  l  x  l  orthonormal  matrix,  A.    

– (for  addiBonal  security,  an  l  x  l  secret  permuta+on  matrix,  P  

and  a  length  l  blinding  vector,  b).  

16   16  

Face  recogniAon  

Pick  closest  matches   or  verify  idenBty  

Cancelable  template      database  (Model)   Probe  image  

17   17  

Transformed  template  matching  

•  For  a  transformed  probe  template,  z  =  Qx+b,  and  a  

transformed  gallery  template  y_j,  Euclidean  distance  is    

•  Distance  between  templates  before  and  aver  transformaBon  

is  preserved  because  of  orthogonal  nature  of  matrix  Q.  

•  The  closest  image  Î_j  

•  IdenBficaBon  

– The  subject  corresponding  to  the  closest  template.  

– A  ranked  list  of  matches  can  be  provided  to  the  user.  

    d_j2 = z −y_j """"""""""""""""""""""""""""""""""""""""""" j = arg$min j

{ }

18   18  

Outline

1.

IntroducBon  

2.

Homomorphic  LBP-­‐based  face  

recogniBon  

3.

A  framework  for  secure  cloud  

biometrics  

4.

System  analysis  

19   19  

Parallel biometric template generation

………..   Task  1   Task  2   Task  η   1.  Face  images     database   2.  Task  division   3.  Generate     cancelable     templates      

{y₁₁,  y₁₂,…y_1λ}   ………..   {yη1,  yη2,…yηλ}  

4.  Cancelable     template    data  model   {y₁,  y₂,  y₃,…y_T}  

20   20  

Parallel distance matching

Cancelable  template,  z  

(z,  {y₁,  y₂,  y₃,…y_T})  

Task  1   Task  η  

(z,  {y₁₁,  y₁₂,…y_1λ})   _………..   (z,  {y_η1,  y_η2,…y_ηλ})  

{d₁₁,  d₁₂,…d_1λ})   ………..   {d_η1,  d_η2,…d_ηλ}   Model   Probe  image   1.  Preprocessing   2.  Task  division   3.  Calculate    distance     4.  Establish    idenBty    

21   21  

System  framework  

<User home directory> Projects

PLBP

JobIn JobRunning JobOut

TaskIn TaskRunning TaskOut Gallery files: Cancelable templates Tasks 3 6 Job Manager 4 12 5 11 node 1 node 2 node 3 node 4 node 5 node 6 cluster 7 9 Task Manager 8 10 server web server 2 1 13 14

22   22  

Outline

1.

IntroducBon  

2.

Homomorphic  LBP-­‐based  face  

recogniBon  

3.

A  framework  for  secure  cloud  

biometrics  

4.

System  analysis  

23   23  

System  analysis  

24   24  

IdenAficaAon  system  analysis  -­‐XM2VTS  database  and  uniform   LBP  algorithm  

-­‐-­‐Best  LBP  parameters  (P,R)  are  found   through  experimentaBon.  

-­‐-­‐Use  of  cancelable  templates  does  not   noBceably  degrade  the  matching  

performance   CumulaBve   match   characterisBc  (CMC)     IR  vs  F   ROC   CMC   0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

False Positive Rate

True Positive Rate

LBP_4,3u2 LBP 4,2 u2 0 5 10 15 20 25 30 35 40 45 50 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Identification Rate Rank LBP 4,2

u2_{, w/o cancelable templates}

LBP

4,2

u2_{, w/ cancelable templates}

LBP

4,3

u2_{, w/o cancelable templates}

LBP 4,3 u2_{, w/ cancelable templates} 0 50 100 150 200 250 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 Identification Rate # of features R=1 R=2 R=3

25   25  

ComputaAonal  performance  

enAty  type   #  comparisons  per  second  

Full  cluster   1348.4  

Node  type  1   127.49  

Node  type  2   80.74  

26   26  

Security  assessment  

•  A  single  key  is  used  to  create  the  cancelable  templates.  

–  The  key  is  kept  secure  by  generaBng  a  hash  value  using  bcrypt.  

–  The  key  cannot  be  derived  from  the  templates.  

•  VulnerabiliBes  if  key  is  compromised  

–  If  the  key  is  known,  the  naBve  template  could  be  derived.  

–  However,  original  picture  gallery  is  not  compromised.  

–  The  key  should  be  periodically  changed  to  prevent  its  compromise.  

•  Steps  to  take  if  templates  are  compromised.  

–  Just  need  to  change  the  key  and  generate  new  templates.  

•  Matched  images  stored  in  user’s  cache.  

27   27  

Outline

1.

IntroducBon  

2.

Homomorphic  LBP-­‐based  face  

recogniBon  

3.

A  framework  for  secure  cloud  

biometrics  

4.

System  analysis  

28   28  

Conclusion  and  ObservaAons  

•  By   leveraging   cloud   services,   biometric   operaBons   can   be  

parallelized   to   improve   the   system   performance  

computaBonally.  

•  Secure   storage   of   massive   biometric   data   on   the   cloud   is  

possible    using  biometric  template  protecBon  techniques.  

– An   approach   for   generaBng   cancelable   templates   allows  

templates   to   be   fully   revocable   with   negligible   loss   on   matching  accuracy.  

•  MulBple   mobile   devices   can   be   supported   by   interfacing  

29   29  

Future  work  

• 

Address

scalability

issues

.  

• 

Formulate  

key-­‐management  and  access  policies

.  

• 

Reduce  

latency

 through  improved  implementaBon.  

• 

Integrate  

improved  idenBficaBon  algorithms

.  

30  

Thank  you  for  your  aPenAon.  

31   31  

References  

[3]  E.Kohlwey,  A.Sussman,  J.Trost,  and  A.Maurer,“Leveraging  the  cloud  for  big  data  biometrics:   MeeBng  the  performance  requirements  of  the  next  generaBon  biometric  systems,”  in  Proc.  IEEE   World  Congress  on  Services,  (Los  Alamitos,  CA,  USA),  pp.  597–601,  Jul.  2011.    

[7]  J.  Yang,  N.  Xiong,  A.  V.  Vasilakos,  Z.  Fang,  D.  Park,  X.  Xu,  S.  Yoon,  S.  Xie,  and  Y.  Yang,  “A   fingerprint  recogniBon  scheme  based  on  assembling  invariant  moments  for  cloud  compuBng   communicaBons,”  IEEE  Systems  Journal,  vol.  5,  pp.  574–583,  Dec.  2011.    

[10]  J.  Yuan  and  S.  Yu,  “Efficient  privacy-­‐preserving  biometric  idenBficaBon  in  cloud  compuBng,”   in  Proc.  IEEE  INFOCOM,  pp.  2652–2660,  Apr.  2013.    

[12]  I.  A.  Rassan  and  H.  AlShaher,  “Securing  mobile  cloud  using  finger  print  authenBcaBon,”  

Interna+onal  Journal  of  Network  Security  &  Its  Applica+ons,  vol.  5,  Nov.  2013.