Secure biometric verification
Biometric recognition is a booming technology with many applications under development and beginning to reach the end user. Biometrics is, for instance, a promising alternative to current methods of authentication and access control, replacing the traditional username and password credentials for some unique user biometric information such as fingerprints or iris .
The biometric data of a person are therefore becoming extremely sensitive information.
Biometric technology can already be see on mobile devices to authenticate the user . This is a local setting in which biometric data remains under the control of the user, but there are many other scenarios where the user must authenticate to non-secure environments, like cloud.
In a scenario of biometric verification in the cloud, such as access to a web service by fingerprint scanning, data should be granted the highest level of privacy. SCAPE provides a technology based on HSMs that offer this possibility, performing the biometric verification algorithm inside Secure Hardware Modules in the “CryptoNodes” installed in the cloud environment.
Biometric information is encrypted on the client side before being sent to the cloud and is compared with the encrypted biometric information stored in the database server. Only once in the Hardware Secure Module, decryption, and verification takes place. HSM guarantees that the verification has been performed in a secure environment, inaccessible to the cloud provider or any other attacker.
Private Outsourced Face Recognition
Face recognition is an important and active area of R+D whose interest has increased in recent years because of theoretical and application-driven motivations. From simple mobile phones unlocking mechanisms to complex secure biometric access control systems, face recognition is getting more and more attention. Due to the sensitivity of the involved biometric signals, privacy has shown to be a serious concern when working with digital imagery, especially for those systems that must process, recognize or classify face images (visual privacy).
Other approaches either obfuscate or partially encrypt the data, but they perform the recognition in the clear, and the recognition server has partial or total access to the sensitive user biometrics. By using advanced encryption techniques for the inputs, optimized for the encrypted processing of biometric data, CloudSEEP fully protects all the involved signals, both the user fresh biometrics (face images and biometric features extracted from those images) and the database templates. Therefore, CloudSEEP enables a secured outsourced biometric recognition that leaks no information at all to the recognition server, that works only with encrypted data.