Study of Cloud Computing Security Based on Private Face Recognition Chenguang Wang, Huaizhi Yan School of Software, Beijing Institute of Technology Lab of Computer Network Defense Technology, Beijing Institute of Technology Beijing 100081, China {2007270702, yhzhi }@bit.edu.cn Abstract—Supporting study of a method to solve cloud [2] introduced the basic concepts of secure computing. Later, computing security issue with private face recognition. The people provided a lot of secure calculation solutions, namely method has three parts: user part provides face images; cloud combinatorial circuits [3, 4], ordered binary decision diagrams initialization part has a face subspace and templates database; [5], branching programs [6, 7], or one-dimensional look-up cloud private matching identification part contains the core table [6].However, the computational complexity of these algorithm of the method, comparing two encrypted numbers methods are too high to meet the paper, for the considering of under double-encrypted conditions. The experimental results combining biometric with cloud computing. Therefore, specific show the method can ensure that cloud neither know user’s real methods must be improved. face data, nor the face private matching identification result, to make user’s face data secure, we develop a credible, efficient, Some people try to use the private biometric matching low-complex method to guarantee cloud computing security. identification, especially in fingerprint and iris [8,9,10].However, these show more concerns on hardware Keywords-cloud computing security; private matching architecture, such as biological data hash template is stored on identification; face recognition the server. Server can know the result of matching (to only ensure the template is stored securely). In contrast, our I. INTRODUCTION scenario allows hide this information, and apply it to cloud Cloud computing is the network trend, with which people's computing .As far as we know, there is no helpful solution to lives have more relationship. However, a major characteristic solve the problem, when cloud computing involved with of cloud computing is distributed computation based on biometrics, efficiency and security problems appears. unfixed nodes, operations often carried out without trusted nodes, so the calculation involved with user privacy III. APPROACH information is insecure. Assume that cloud is B, user is A. The diagram of our In this paper, we focus on how to solve the security issues approaching method is summarized in Fig. 1. of cloud computing. Cloud computing security based on private face recognition ‘s significance is that face recognition will be applied to the cloud computing for the first time, supporting proof of private matching identification resolves security issues of cloud computing credibly, efficiently. Calculation of face recognition and matching is under encrypted conditions, user sends a double encrypted face image to cloud, and cloud operates face recognition and matching under the encrypted conditions, the result is encrypted again before encrypted transmission to user [1]. In this way, cloud neither knows user’s real face data, nor which face and the face matches in templates, ensure no leakage of user privacy data. The remainder of the paper is organized as follows. In Section 2 we provide a brief overview of the related work. In Section 3, we give detailed analysis of cloud computing security based on private face recognition method. Section 4 Figure 1. Method diagram. shows our experimental data and results .Our conclusion is provided in Section 5.. Our method is divided into three parts: user, cloud initialization and private matching identification part of cloud. II. RELATED WORK User part uses a series of face preprocessing method to do with original images, using Paillier [11] encryption algorithm The solution to the issue needs three-part collaboration; encrypt processed images; cloud initialization part uses the therefore, secure multi-collaborative computing is needed. Yao This work is supported by a grant from the Basic Research Program of Beijing Institute of Technology. 978-1-4244-5392-4/10/$26.00 ©2010 IEEE processed original images to establish subspaces and face Step4.When B received the information, it will be encoded templates database through PCA [12] algorithm; cloud private to be transmitted to the point M on Ep(a,b), and generates a matching identification part has projection, distance random integer r(r<n). calculation, minimum distance finding [13] combined to achieve a face matching and recognition under encrypted Step5.B calculates points C1=M+rK; C2=r. conditions; cloud and user’s communication is also in Step6.B passes C1、C2 to A. encrypted domain. Experimental results show that the method is credible and efficient to support cloud computing security Step7.After receiving the information, A calculates C1-kC2; study. the result is the point M. Because C1-kC2=M+rK- k(rG)=M+rK-r(kG)=M, then the point M can be explicitly A. User Part decode. A reads the original image, firstly preprocessing , then face B. Cloud Initialization Part detection and graying, also face vectoring ,after double- encrypt each pixel data ,data sent to B. Processing diagram The role of the part is to establish face subspace and the shown in Fig. 2 below: matching face templates database. Suppose there are M face images for matching. After a series of preprocessing described above, like detection, graying, and vectoring to get M face vectors, denoted as . Using PCA algorithm, the input data is M individual face vectors, then obtain eigenvector matrix , set , the matrix ’s column k denoted as . Use the formula to get projection coefficient of each face templates image , denoted as and Figure 2. User processing diagram. Preprocessing including image light, color, size, etc. makes Pass the feature vector matrix and the projection of each the input of each original image uniform and consistent; face face templates’ coefficient to private matching identification detection and graying contain finding the face region from part of cloud. original image, and cutting face down in unifying size, then convert each pixel’s RGB three-color value to gray scale data; In order to ensure private matching identification simple, face vectoring transforms the two-dimensional face image to the mean face needs calculated, denoted by , is defined one-dimensional vector, Denoted as , Double encryption as . Finally, pass the mean face to private firstly use Paillier encryption algorithm to encrypt each pixel’s matching identification part. gray value, following paper presents "[]" on behalf of Paillier encryption process, Encryption will be denoted by C. Cloud Private Matching Identification Part vector .Then, use Elliptical encryption, Denoted by , represent Elliptic encryption process in following paper with This part is the core of B, achieving face matching "[[]]".Finally, is passed to B. recognition in encrypted domain, using Paillier encryption algorithm and Elliptic encryption algorithm for double Encryption algorithm uses Paillier, because the Paillier encryption. encryption algorithm is additively homomorphic, and the encryption process is more simple and efficient. Paillier This section is divided into three steps, namely, projection, encryption algorithm is additively homomorphic because: distance calculation, minimum distance finding. , further: . Cloud private 1) Projection matching identification are based on the above two properties. This step is to project the high-dimensional original data Using Elliptic encryption for the distributed computation into lower-dimensional subspace, then obtain the projection and poor security when communicating with cloud computing. coefficients of original face. Set data received by B is . Because the group protocol based on Elliptic encryption In the case of non-encrypted condition, firstly, using enables cloud and user’s communication data secure, credible, original one-dimensional face vector subtract the average face, and complete when in an insecure, open network namely: communication environment. Elliptic encryption is described as follows: Step1.A selects an Elliptic curve Ep(a,b), y2=x3+ax+b(mod p), and get a point on the Elliptic curve as point G. (1) Step2.A selects a private key k, and generates public key K=kG. Then project to the subspace, namely: Step3. A sends Ep(a,b)and point K，G to B. (2) Where and so transmission doesn’t leak. Later, B sends M to A. is the decrypted by A with their own private key to obtain projection coefficient of input face and also a computing base and , double encrypted to , then pass to B. Following for the following distance calculation. diagram Fig. 3 show the transmission: But for B, to protect user privacy, the operation must be carried out in the encrypted domain. Because Paillier encryption algorithm is additively homomorphic, the following Cloud B User A operations happen: Figure 3. Double encrypted transmission diagram. (3) So B's projection calculation becomes: When B obtain , decrypt to , then process obey below: (4) (8) After the M times’ operation, B can receive encrypted projection coefficient . Later, multiply together each to compute .. Note’s As B knows and each , the operation is very calculation performs only once. The computation of distance convenient. More importantly, these operations are without A, between each template and input face can directly use . face templates database will not be leaked to A. Operation of both sides