Cryptology ePrint Archive: Report 2015/1257

Security Attack on CloudBI: Practical privacy-preserving outsourcing of biometric identification in the cloud

Jiawei Yuan

Abstract: In ESORICS 2015, Wang et al. proposed a privacy-preserving outsourcing design for biometric identification using public cloud platforms, namely CloudBI. CloudBI introduces two designs: CloudBI-I and CloudBI-II. CloudBI-I is more efficient and CloudBI-II has stronger privacy protection. Based on the threat model of CloudBI, CloudBI-II is claimed to be secure even when the cloud service provider can act as a user to submit fingerprint information for identification. However, this security argument is not hold and CloudBI-II can be completely broken when the cloud service provider submit a small number of identification requests. In this technical report, we will review the design of CloudBI-II and introduce the security attack that can efficiently break it.

Category / Keywords: cryptographic protocols / cryptanalysis

Date: received 2 Jan 2016, last revised 8 Jan 2016, withdrawn 24 Mar 2016

Contact author: yuanj at erau edu

Available format(s): (-- withdrawn --)

Version: 20160325:021349 (All versions of this report)

Short URL: ia.cr/2015/1257

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]