Paper 2015/1257

Security Attack on CloudBI: Practical privacy-preserving outsourcing of biometric identification in the cloud

Jiawei Yuan

Abstract

In ESORICS 2015, Wang et al. proposed a privacy-preserving outsourcing design for biometric identification using public cloud platforms, namely CloudBI. CloudBI introduces two designs: CloudBI-I and CloudBI-II. CloudBI-I is more efficient and CloudBI-II has stronger privacy protection. Based on the threat model of CloudBI, CloudBI-II is claimed to be secure even when the cloud service provider can act as a user to submit fingerprint information for identification. However, this security argument is not hold and CloudBI-II can be completely broken when the cloud service provider submit a small number of identification requests. In this technical report, we will review the design of CloudBI-II and introduce the security attack that can efficiently break it.

Metadata
Available format(s)
-- withdrawn --
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
cryptanalysis
Contact author(s)
yuanj @ erau edu
History
2016-03-25: withdrawn
2016-01-02: received
See all versions
Short URL
https://ia.cr/2015/1257
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.