Author ORCID Identifier:
Date of Graduation
12-2025
Document Type
Dissertation
Degree Name
Doctor of Philosophy in Computer Science (PhD)
Degree Level
Graduate
Department
Computer Science & Computer Engineering
Advisor/Mentor
Li, Qinghua
Committee Member
Panda, Brajendra
Second Committee Member
Wu, Jingxian
Third Committee Member
Zhang, Lu
Keywords
Biometric Authentication, Privacy-Preserving Computing, Template Protection, Secure Multi-Modal Biometrics
Abstract
The widespread adoption of server-based biometric authentication systems, often hosted in the cloud, has introduced significant privacy risks. While these systems offer convenience, they require storing sensitive biometric templates on remote servers, creating a high-value target for adversaries. Unlike passwords, compromised biometric data is immutable and cannot be reissued, leading to an irreversible loss of privacy. This threat is exacerbated by template inversion attacks, which can reconstruct a user's original biometric trait (e.g., a face image) from its stored feature vector. This dissertation addresses these critical privacy challenges by designing, implementing, and evaluating a suite of novel frameworks for privacy-preserving biometric authentication. The core of this work lies in computationally efficient, client-side methods that transform or encrypt biometric embeddings before they ever leave the client-side device, ensuring that raw biometric data is never exposed to an untrusted server. This thesis makes four primary contributions. First, we propose POP-HIT, a Partially Order-Preserving Hash-Induced Transformation for facial recognition. POP-HIT maps facial embeddings into a secure, transformed space, introducing randomness to thwart reconstruction attacks while preserving utility for both distance-based and machine-learning-based authentication. Second, we develop POP-FA, a cryptographic framework that utilizes Paillier and Order-Preserving Encryption to enable secure and efficient Manhattan distance computations directly on encrypted facial embeddings. Third, we introduce SAFE, a novel method for private multi-modal biometric authentication. SAFE generates a single, non-invertible, and cancellable template by fusing feature vectors from face, iris, and fingerprint data using a user-specific \enquote{Fusion Secret} composed of algebraic operations. Finally, we present Key-HIT, which employs a hash-induced transformation on behavioral biometrics, providing a practical and lightweight solution for privacy-preserving continuous authentication based on keystroke dynamics. Comprehensive evaluations demonstrate that these frameworks provide robust privacy, effectively mitigating template inversion attacks. Critically, they achieve this strong security with minimal computational overhead and maintain high authentication accuracy comparable to, or even exceeding, their non-private counterparts. Collectively, this work provides a practical and effective toolkit for deploying next-generation, high-security biometric systems without compromising user privacy.
Citation
Dubasi, Y. R. (2025). Privacy Protection in Cloud-Based Biometric Systems. Graduate Theses and Dissertations Retrieved from https://scholarworks.uark.edu/etd/6048
