Cryptology ePrint Archive: Report 2017/169

UFace: Your Universal Password That No One Can See

Nicholas Hilbert, Christian Storer, Dan Lin, Wei Jiang

Abstract: With the advantage of not having to memorize long passwords, people are more interested in adopting face authentication for use with mobile devices. However, since facial images are widely shared in social networking sites, it becomes a challenging task to securely employ face authentication for web services to prevent attackers from impersonating the legal users by using the usersí online face photos. Moreover, existing face authentication protocols either require users to disclose their unencrypted facial images to the authentication server or require users to execute computationally expensive secure multiparty computation protocols. For mobile devices with limited computational power, this presents a problem that cannot be overlooked. In this paper, we present a novel privacy preserving face authentication system, called UFace, which has users take close-up facial images for authentication to prevent against impersonation attacks of usersí online facial images. UFace also guarantees that the facial images are only seen by the users and not by any other party (e.g., web service providers and authentication servers). UFace was implemented through two facets: an Android client application to obtain and encrypt the feature vector of the userís facial image, and server code to securely authenticate a feature vector across multiple servers. The experimental results demonstrate that UFace not only can correctly authenticate a user, but also can be done within seconds which is significantly faster than any existing privacy preserving authentication protocol.

Category / Keywords: cryptographic protocols / Privacy preserving, Face Authentication

Date: received 20 Feb 2017

Contact author: lindan at mst edu

Available format(s): PDF | BibTeX Citation

Version: 20170227:144740 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]