PrivFace: Fast Privacy-Preserving Face Authentication With Revocable and Reusable Biometric Credentials
Jing Lei, Qingqi Pei, Yao Wang, Wenhai Sun, Xuefeng Liu
Abstract
Privacy concerns of using sensitive biometric data as credentials arise with the wide adoption of user-friendly face authentication. To protect the facial features of users, two important functions, i.e., <i>revocability</i> and <i>reusability</i> , are anticipated to be realized in a privacy-preserving face authentication design. Revocability requires an effective approach to deregister or replace user credentials when the authentication server is compromised; For reusability, the same credentials should appear independently to non-cooperating applications. Accomplishing these two properties is challenging as the uniqueness of facial features. In this article, we present <small>PrivFace</small> , a fast privacy-preserving face authentication, supporting revocable, and reusable biometric credentials. The core innovation is a novel secure inner product protocol that employs a lightweight random masking technique instead of time-consuming public-key cryptographic operations to efficiently measure facial data similarity. We rigorously analyze the security to show that the server cannot acquire the user's sensitive biological features during the authentication. Our experiment with real-world datasets shows that <small>PrivFace</small> is friendly to edge smart devices, which takes less than <inline-formula><tex-math notation="LaTeX">$100 ms$</tex-math></inline-formula> per successful authentication on a common smartphone and outperforms the prior art J. Lei, Q. Pei <i>et al.</i> [1]. by <inline-formula><tex-math notation="LaTeX">$20 \times$</tex-math></inline-formula> . We have made the relevant codes open-source to the community for further research.