CloudID

Trustworthy cloud-based and cross-enterprise biometric identification

Mohammad Haghighat, Saman Zonouz, Mohamed Abdel-Mottaleb

Research output: Contribution to journalArticle

131 Citations (Scopus)

Abstract

In biometric identification systems, the biometric database is typically stored in a trusted server, which is also responsible for performing the identification process. However, a standalone server may not be able to provide enough storage and processing power for large databases. Nowadays, cloud computing and storage solutions have provided users and enterprises with various capabilities to store and process their data in third-party data centers. However, maintenance of the confidentiality and integrity of sensitive data requires trustworthy solutions for storage and processing of data with proven zero information leakage. In this paper, we present CloudID, a privacy-preserving cloud-based and cross-enterprise biometric identification solution. It links the confidential information of the users to their biometrics and stores it in an encrypted fashion. Making use of a searchable encryption technique, biometric identification is performed in encrypted domain to make sure that the cloud provider or potential attackers do not gain access to any sensitive data or even the contents of the individual queries. In order to create encrypted search queries, we propose a k-d tree structure in the core of the searchable encryption. This helps not only in handling the biometrics variations in encrypted domain, but also in improving the overall performance of the system. Our proposed approach is the first cloud-based biometric identification system with a proven zero data disclosure possibility. It allows different enterprises to perform biometric identification on a single database without revealing any sensitive information. Our experimental results show that CloudID performs the identification of clients with high accuracy and minimal overhead and proven zero data disclosure.

Original languageEnglish (US)
Pages (from-to)7905-7916
Number of pages12
JournalExpert Systems with Applications
Volume42
Issue number21
DOIs
StatePublished - Jul 6 2015

Fingerprint

Biometrics
Identification (control systems)
Industry
Cryptography
Servers
Cloud computing
Processing

Keywords

  • Biometric identification
  • Cloud security
  • Encrypted biometrics
  • Face recognition
  • Search over encrypted data

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Science Applications
  • Engineering(all)

Cite this

CloudID : Trustworthy cloud-based and cross-enterprise biometric identification. / Haghighat, Mohammad; Zonouz, Saman; Abdel-Mottaleb, Mohamed.

In: Expert Systems with Applications, Vol. 42, No. 21, 06.07.2015, p. 7905-7916.

Research output: Contribution to journalArticle

@article{523d22f20e984b7f814dd76df278e0cc,
title = "CloudID: Trustworthy cloud-based and cross-enterprise biometric identification",
abstract = "In biometric identification systems, the biometric database is typically stored in a trusted server, which is also responsible for performing the identification process. However, a standalone server may not be able to provide enough storage and processing power for large databases. Nowadays, cloud computing and storage solutions have provided users and enterprises with various capabilities to store and process their data in third-party data centers. However, maintenance of the confidentiality and integrity of sensitive data requires trustworthy solutions for storage and processing of data with proven zero information leakage. In this paper, we present CloudID, a privacy-preserving cloud-based and cross-enterprise biometric identification solution. It links the confidential information of the users to their biometrics and stores it in an encrypted fashion. Making use of a searchable encryption technique, biometric identification is performed in encrypted domain to make sure that the cloud provider or potential attackers do not gain access to any sensitive data or even the contents of the individual queries. In order to create encrypted search queries, we propose a k-d tree structure in the core of the searchable encryption. This helps not only in handling the biometrics variations in encrypted domain, but also in improving the overall performance of the system. Our proposed approach is the first cloud-based biometric identification system with a proven zero data disclosure possibility. It allows different enterprises to perform biometric identification on a single database without revealing any sensitive information. Our experimental results show that CloudID performs the identification of clients with high accuracy and minimal overhead and proven zero data disclosure.",
keywords = "Biometric identification, Cloud security, Encrypted biometrics, Face recognition, Search over encrypted data",
author = "Mohammad Haghighat and Saman Zonouz and Mohamed Abdel-Mottaleb",
year = "2015",
month = "7",
day = "6",
doi = "10.1016/j.eswa.2015.06.025",
language = "English (US)",
volume = "42",
pages = "7905--7916",
journal = "Expert Systems with Applications",
issn = "0957-4174",
publisher = "Elsevier Limited",
number = "21",

}

TY - JOUR

T1 - CloudID

T2 - Trustworthy cloud-based and cross-enterprise biometric identification

AU - Haghighat, Mohammad

AU - Zonouz, Saman

AU - Abdel-Mottaleb, Mohamed

PY - 2015/7/6

Y1 - 2015/7/6

N2 - In biometric identification systems, the biometric database is typically stored in a trusted server, which is also responsible for performing the identification process. However, a standalone server may not be able to provide enough storage and processing power for large databases. Nowadays, cloud computing and storage solutions have provided users and enterprises with various capabilities to store and process their data in third-party data centers. However, maintenance of the confidentiality and integrity of sensitive data requires trustworthy solutions for storage and processing of data with proven zero information leakage. In this paper, we present CloudID, a privacy-preserving cloud-based and cross-enterprise biometric identification solution. It links the confidential information of the users to their biometrics and stores it in an encrypted fashion. Making use of a searchable encryption technique, biometric identification is performed in encrypted domain to make sure that the cloud provider or potential attackers do not gain access to any sensitive data or even the contents of the individual queries. In order to create encrypted search queries, we propose a k-d tree structure in the core of the searchable encryption. This helps not only in handling the biometrics variations in encrypted domain, but also in improving the overall performance of the system. Our proposed approach is the first cloud-based biometric identification system with a proven zero data disclosure possibility. It allows different enterprises to perform biometric identification on a single database without revealing any sensitive information. Our experimental results show that CloudID performs the identification of clients with high accuracy and minimal overhead and proven zero data disclosure.

AB - In biometric identification systems, the biometric database is typically stored in a trusted server, which is also responsible for performing the identification process. However, a standalone server may not be able to provide enough storage and processing power for large databases. Nowadays, cloud computing and storage solutions have provided users and enterprises with various capabilities to store and process their data in third-party data centers. However, maintenance of the confidentiality and integrity of sensitive data requires trustworthy solutions for storage and processing of data with proven zero information leakage. In this paper, we present CloudID, a privacy-preserving cloud-based and cross-enterprise biometric identification solution. It links the confidential information of the users to their biometrics and stores it in an encrypted fashion. Making use of a searchable encryption technique, biometric identification is performed in encrypted domain to make sure that the cloud provider or potential attackers do not gain access to any sensitive data or even the contents of the individual queries. In order to create encrypted search queries, we propose a k-d tree structure in the core of the searchable encryption. This helps not only in handling the biometrics variations in encrypted domain, but also in improving the overall performance of the system. Our proposed approach is the first cloud-based biometric identification system with a proven zero data disclosure possibility. It allows different enterprises to perform biometric identification on a single database without revealing any sensitive information. Our experimental results show that CloudID performs the identification of clients with high accuracy and minimal overhead and proven zero data disclosure.

KW - Biometric identification

KW - Cloud security

KW - Encrypted biometrics

KW - Face recognition

KW - Search over encrypted data

UR - http://www.scopus.com/inward/record.url?scp=84935496015&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84935496015&partnerID=8YFLogxK

U2 - 10.1016/j.eswa.2015.06.025

DO - 10.1016/j.eswa.2015.06.025

M3 - Article

VL - 42

SP - 7905

EP - 7916

JO - Expert Systems with Applications

JF - Expert Systems with Applications

SN - 0957-4174

IS - 21

ER -