Study of Computing Security Based on Private Face Recognition

Chenguang Wang, Huaizhi Yan School of Software, Beijing Institute of Technology Lab of Defense Technology, Beijing Institute of Technology Beijing 100081, China {2007270702, yhzhi }@bit.edu.cn

Abstract—Supporting study of a method to solve cloud [2] introduced the basic concepts of secure computing. Later, computing security issue with private face recognition. The people provided a lot of secure calculation solutions, namely method has three parts: user part provides face images; cloud combinatorial circuits [3, 4], ordered binary decision diagrams initialization part has a face subspace and templates ; [5], branching programs [6, 7], or one-dimensional look-up cloud private matching identification part contains the core table [6].However, the computational complexity of these algorithm of the method, comparing two encrypted numbers methods are too high to meet the paper, for the considering of under double-encrypted conditions. The experimental results combining biometric with . Therefore, specific show the method can ensure that cloud neither know user’s real methods must be improved. face data, nor the face private matching identification result, to make user’s face data secure, we develop a credible, efficient, Some people try to use the private biometric matching low-complex method to guarantee . identification, especially in fingerprint and iris [8,9,10].However, these show more concerns on hardware Keywords-cloud computing security; private matching architecture, such as biological data hash template is stored on identification; face recognition the server. Server can know the result of matching (to only ensure the template is stored securely). In contrast, our I. INTRODUCTION scenario allows hide this information, and apply it to cloud Cloud computing is the network trend, with which people's computing .As far as we know, there is no helpful solution to lives have more relationship. However, a major characteristic solve the problem, when cloud computing involved with of cloud computing is distributed computation based on biometrics, efficiency and security problems appears. unfixed nodes, operations often carried out without trusted nodes, so the calculation involved with user privacy III. APPROACH information is insecure. Assume that cloud is B, user is A. The diagram of our In this paper, we focus on how to solve the security issues approaching method is summarized in Fig. 1. of cloud computing. Cloud computing security based on private face recognition ‘s significance is that face recognition will be applied to the cloud computing for the first time, supporting proof of private matching identification resolves security issues of cloud computing credibly, efficiently. Calculation of face recognition and matching is under encrypted conditions, user sends a double encrypted face image to cloud, and cloud operates face recognition and matching under the encrypted conditions, the result is encrypted again before encrypted transmission to user [1]. In this way, cloud neither knows user’s real face data, nor which face and the face matches in templates, ensure no leakage of user privacy data. The remainder of the paper is organized as follows. In Section 2 we provide a brief overview of the related work. In Section 3, we give detailed analysis of cloud computing security based on private face recognition method. Section 4 Figure 1. Method diagram. shows our experimental data and results .Our conclusion is provided in Section 5.. Our method is divided into three parts: user, cloud initialization and private matching identification part of cloud. II. RELATED WORK User part uses a series of face preprocessing method to do with original images, using Paillier [11] encryption algorithm The solution to the issue needs three-part collaboration; encrypt processed images; cloud initialization part uses the therefore, secure multi-collaborative computing is needed. Yao

This work is supported by a grant from the Basic Research Program of Beijing Institute of Technology.

978-1-4244-5392-4/10/$26.00 ©2010 IEEE processed original images to establish subspaces and face Step4.When B received the information, it will be encoded templates database through PCA [12] algorithm; cloud private to be transmitted to the point M on Ep(a,b), and generates a matching identification part has projection, distance random integer r(r

coefficient of each face templates image , denoted as and Figure 2. User processing diagram. . Preprocessing including image light, color, size, etc. makes Pass the feature vector matrix and the projection of each the input of each original image uniform and consistent; face face templates’ coefficient to private matching identification detection and graying contain finding the face region from part of cloud. original image, and cutting face down in unifying size, then convert each pixel’s RGB three-color value to gray scale data; In order to ensure private matching identification simple, face vectoring transforms the two-dimensional face image to the mean face needs calculated, denoted by , is defined one-dimensional vector, Denoted as , Double encryption as . Finally, pass the mean face to private firstly use Paillier encryption algorithm to encrypt each pixel’s matching identification part. gray value, following paper presents "[]" on behalf of Paillier encryption process, Encryption will be denoted by C. Cloud Private Matching Identification Part vector .Then, use Elliptical encryption, Denoted by , represent Elliptic encryption process in following paper with This part is the core of B, achieving face matching "[[]]".Finally, is passed to B. recognition in encrypted domain, using Paillier encryption algorithm and Elliptic encryption algorithm for double Encryption algorithm uses Paillier, because the Paillier encryption. encryption algorithm is additively homomorphic, and the encryption process is more simple and efficient. Paillier This section is divided into three steps, namely, projection, encryption algorithm is additively homomorphic because: distance calculation, minimum distance finding. , further: . Cloud private 1) Projection matching identification are based on the above two properties. This step is to project the high-dimensional original data Using Elliptic encryption for the distributed computation into lower-dimensional subspace, then obtain the projection and poor security when communicating with cloud computing. coefficients of original face. Set data received by B is . Because the group protocol based on Elliptic encryption In the case of non-encrypted condition, firstly, using enables cloud and user’s communication data secure, credible, original one-dimensional face vector subtract the average face, and complete when in an insecure, open network namely: communication environment. Elliptic encryption is described as follows: Step1.A selects an Elliptic curve Ep(a,b), y2=x3+ax+b(mod p), and get a point on the Elliptic curve as point G.   (1)

Step2.A selects a private key k, and generates public key K=kG. Then project to the subspace, namely: Step3. A sends Ep(a,b)and point K,G to B. (2) Where and so transmission doesn’t leak. Later, B sends M to A. is the decrypted by A with their own private key to obtain projection coefficient of input face and also a computing base and , double encrypted to , then pass to B. Following for the following distance calculation. diagram Fig. 3 show the transmission: But for B, to protect user privacy, the operation must be carried out in the encrypted domain. Because Paillier encryption algorithm is additively homomorphic, the following Cloud B User A operations happen:

Figure 3. Double encrypted transmission diagram. (3) So B's projection calculation becomes: When B obtain , decrypt to , then process obey below: (4)

(8) After the M times’ operation, B can receive encrypted projection coefficient . Later, multiply together each to compute .. Note’s As B knows and each , the operation is very calculation performs only once. The computation of distance convenient. More importantly, these operations are without A, between each template and input face can directly use . face templates database will not be leaked to A. Operation of both sides doesn’t need the other’s participation, privacy- Each face template performs the above algorithm to obtain information security will be guaranteed. each template’s distance with the input face . The implementation of the algorithm is 2) Distance Calculation in the encrypted domain. After receiving the input encrypted face projection coefficient , calculate the distance between the input face 3) Minimum Distance Finding and each template in face templates database. Distance defined When the distances are calculated as: complete, begin to find the shortest distance among M encrypted distances. Tree structure is used to obtain the (5) minimum distance , M distances are first divided by even and odd neighboring into M/2 groups, each group will leave the smaller one, reject the bigger one, then remain M/2 distances. Follow the above flow, the minimum distance can be

found. The key to the issue is to compare and. In other words, to compare the two encrypted numbers and . To solve the issue, the algorithm is as follows:

Step1.B produces a random number r, encrypted to[r]; Distance formula is transformed into three-part, , and . Where , , .In Step2.B passes and to A; the encrypted domain, distance calculation becomes: Step3.A decrypt, obtain a+r and b+r, subtract the two (6) numbers, if result is negative, then ,, otherwise ;; It's easy to B to compute , because the projection Step4. A passes to B; coefficient of face templates is already known. B needs to Step5. B brings to the following formula: calculate first, then encrypted by A’s public key. ’s calculation follows the formula: (9) The result [m] is the smaller one of a and b‘ sciphertext, show the credible, efficient result of comparing two encrypted (7) numbers. For , the computation is slightly complex, which requires Finally, Elliptical encryption algorithm encrypts the smaller B and A’s collaboration. First, B generates a random number number based on the above method, obtain [[m]], then pass for each , followed with Paillier encrypted, then [[m]] back to A, A uses private key to decrypt [[m]], soon calculates , transform into using knows result. Elliptic encryption. Random number can increase ambiguity, IV. EXPERIMENTS TABLE III. RELATION BETWEEN STRETCHING AND RECOGNITION RATE Stretching Factor Recognition Rate A. Dataset 0 5.2% We use "ORL Database of Faces" [14], a widely used image database in the experiment, The following TABLE I 1 10.1% show how we use the data: 2 62.3%

3 93.5% TABLE I. DATASET DISTRIBUTION 4 94.2% Image Type Example Quantity Image In Individual In 5 94.3% With the base-10 stretching factor, when the factor Cloud 10*5 Yes Yes Database increases to 3, the recognition rate remains at 93%, TABLE II default set factor to 3, not only can this factor be able to ensure the recognition rate but also reduce the complexity of the algorithm. User images 1 10*3 No No 2) Complexity of the algorithm We can analysis the algorithm time complexity through User images 2 10*3 Yes Yes TABLE II directly, with the change of image type, algorithm time consuming varies, in different cases, the private matching User images 3 10*3 No Yes identification has different time-consuming when finding the minimum distance. Following TABLE IV shows: “Cloud Database” is the face templates database of Cloud, the rest image sets is used to test our method.“Image In” infers TABLE IV. PRIVATE TIME CONSUMING “Image in Templates Database”, and” Individual In” is short for “Individual in Templates Database”. Image Type Private Time Consuming User images 1 <>16s

B. Results User images 2 <>12s We use the above dataset; the final results are as follows User images 3 <>13s TABLE II: Complexity of the algorithm varies when the dimension generated by the images’ lower-dimensional process differs. As TABLE II. EXPERIMENTAL RESULTS TABLE II shows above, it is much more time-consuming because both images’ encryption and initialization require large Image Type Encryption number operation. TABLE V show: Total Time / Initialized Recognition Rate Consuming Data -10051685 - TABLE V. RELATION WITH DIMENSION Cloud Database <>15s - 485…

1925816029 User images 1 <>21s 91.2% Dimension Total Time Consuming 6… 92*112 <>240s 1206575204 User images 2 <>16s 93.5% 0… 10*10 <>60s 1417282294 User images 3 <>17s 92.6% 1*10 <>15s 5… With the algorithm’s credibility and complexity analysis, Combined with the above results, analysis the algorithm the experimental results can ensure the credibility, efficiency, from two sides as follows: low-complexity of the private matching identification, and 1) Credibility support the study of cloud computing security. By credibility testing, we find the recognition rate satisfied. The traditional PCA face recognition algorithm’s recognition CONCLUSION rate is 95%, so with the combination of double encryption This paper focuses on the fast-developing cloud computing algorithm and cloud computing model, face recognition security issue, combined with face recognition, presents a accuracy does not decrease obviously, which makes the creative method called cloud computing security based on credibility of our algorithm guaranteed. However, after deep private face recognition, which is a way to solve the issue. The analysis, along with the image stretching factor changing, core of the method is proposed to compare numbers in the varieties in recognition rate are shown in TABLE III: encrypted domain, allow user obtain same, correct result as under non-encrypted conditions. The method proves to be credible, efficient, low-complex, and supports further study of cloud computing security. As the future work, we now use PCA algorithm for face [6] Naor, M., Nissim, K.: Communication complexity and secure function recognition, and algorithm having higher recognition rate evaluation. Electronic Colloquium on Computational Complexity appears, due to the higher complexity of these algorithms, it’s (ECCC), 8(062) (2001) [7] Naor, M., Nissim, K.: Communication preserving protocols for secure difficult to apply to encrypted domain, so we leave this as our function evaluation. In: ACM Symposium on Theory of Computing, pp. future work; and we will modify the implemented algorithms 590–599 (2001) using multiple threads to improve performance of the [8] Kevenaar, T.: Protection of Biometric Information. In: Security with algorithms. Noisy Data,pp. 169–193. Springer, Heidelberg (2007) [9] Ratha, N., Connell, J., Bolle, R., Chikkerur, S.: Cancelable biometrics: A REFERENCES case study in fingerprints. In: Proceedings of the 18th International Conference on Pattern Recognition (ICPR), vol. IV, pp. 370–373. IEEE [1] Blake, I.F., Kolesnikov, V.: Conditional Encrypted Mapping and Press, Los Alamitos (2006) Comparing Encrypted Numbers. In: Di Crescenzo, G., Rubin, A. (eds.) [10] Tuyls, P., Akkermans, A.H.M., Kevenaar, T.A.M., Schrijen, G.-J., FC 2006. LNCS, vol. 4107, pp. 206–220. Springer, Heidelberg (2006) Bazen, A.M., Veldhuis, R.N.J.: Practical biometric authentication with [2] Yao, A.C.-C.: Protocols for Secure Computations (Extended Abstract). template protection.In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA In: Annual Symposium on Foundations of Computer Science – FOCS 2005. LNCS, vol. 3546,pp. 436–446. Springer, Heidelberg (2005) 1982, November 3-5,pp. 160–164. IEEE Computer Society Press, Los [11] Damg˚ard, I., Jurik, M.: A Generalization, a Simplification and some Alamitos (1982) Applications of Paillier’s Probabilistic Public-Key System. Technical [3] Goldreich, O., Micali, S., Wigderson, A.: How to Play any Mental Game report, Department of Computer Science, University of Aarhus (2000) or A Completeness Theorem for Protocols with Honest Majority. In: [12] Turk, M.A., Pentland, A.P.: Face recognition using eigenfaces. In: IEEE ACM Symposium on Theory of Computing – STOC 1987, May 25-27, Computer Society Conference on Computer Vision and Pattern pp. 218–229. ACM Press, New York (1987) Recognition, pp. 586–591(1991) [4] Jacobsson, M., Juels, A.: Mix and match: Secure function evaluation via [13] Z. Erkin, M. Franz, J. Guajardo, S. Katzenbeisser, I. Lagendijk, and T. ciphertexts.In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, Toft, “Privacy-preserving face recognition,” Privacy Preserving pp. 162–177.Springer, Heidelberg (2000) Technologies, LNCS, vol. 5672, pp. 235–253, 2009. [5] Kruger, L., Jha, S., Goh, E.-J., Boneh, D.: Secure function evaluation [14] The Database of Faces, (formerly‘The ORL Database of Faces’) with ordered binary decision diagrams. In: Proceedings of the 13th ACM AT&T Laboratories Cambridge, conference on Computer and communications security CCS 2006, Virginia, U.S.A, pp. 410–420. ACM Press, New York (2006) http://www.cl.cam.ac.uk/research/dtg/attarchive/facedatabase.html