结合时间戳的指纹密钥数据加解密传输方案

汪佩怡; 游林; 简志华; 胡耿然

doi:10.11834/jig.190175

图像处理和编码 | 浏览量 : 0 下载量: 22 CSCD: 0

PDF
导出
分享
收藏
专辑

结合时间戳的指纹密钥数据加解密传输方案
Data encryption and decryption scheme using fingerprint bio-key combing with time stamp
2020年25卷第1期页码：60-72
收稿：2019-05-07，

修回：2019-7-5，

录用：2019-7-12，

纸质出版：2020-01-16
DOI： 10.11834/jig.190175
稿件说明：

移动端阅览

汪佩怡, 游林, 简志华, 胡耿然. 结合时间戳的指纹密钥数据加解密传输方案[J]. 中国图象图形学报, 2020,25(1):60-72. DOI： 10.11834/jig.190175.

Peiyi Wang, Lin You, Zhihua Jian, Gengran Hu. Data encryption and decryption scheme using fingerprint bio-key combing with time stamp[J]. Journal of Image and Graphics, 2020, 25(1): 60-72. DOI： 10.11834/jig.190175.

摘要

目的

对于生物密钥而言，生物特征数据的安全与生物密钥的管理存储都很关键。为了构造能够应用在通信数据传输场景的生物密钥，同时保证生物特征本身的模糊性与密码学的精确性处于一种相对平衡状态，提出一种基于时间戳与指纹密钥的数据加解密传输方案。

方法

利用发送方指纹特征点之间的相对信息，与保密随机矩阵生成发送方指纹密钥；借助通信双方的预先设定数与时间戳，生成接收方恢复指纹密钥时所需的辅助信息；利用发送方指纹密钥加密数据，实现密文数据的传输。

结果

本文方法在仿真通信双方数据加解密的实现中，测试再生指纹密钥的识别率（GAR）与误识率（FAR）。通过实验数据分析，表明了本文提出的指纹密钥生成方法的可用性，以及指纹密钥作为数字身份所具备的可认证性，其中真实发送方的再生指纹密钥识别率可高达99.8%，并且本方案还可用于即时通信、对称加密等多种场景当中。

结论

本文方法利用时间戳确定了通信事件的唯一性与不可否认性，同时实现了指纹密钥恢复时的"一次一密"。此外，方案通过保密随机矩阵实现了发送方指纹密钥的可撤销，极大程度保障了指纹数据的安全性。

Abstract

Objective

In modern times

individuals and communities have devoted increasing attention to privacy problems. With the development of multidirectional technologies

the digital secret key exposes its insufficient in vulnerable to loss

easy to be stolen and difficult to remember. Although biometrics exhibits great advantages in identity recognition technology due to their uniqueness and stability

they also characterized by inaccuracy due to feature instability. Moreover

the security problem of the biometric template should be urgently addressed. Therefore

the biometric key generation and protection technology

which is a branch of biometric encryption technology

has emerged. This technology combines biometrics and cryptography and retains the properties of the biometrics and the secret key while ensuring the security of the biological data. Although the secret key is the most important factor in any cryptosystem

the security of the biometric data is as critical as the management of the keys for the biometric key. To construct a bio-key that can be used in data transmission and can keep a good balance between the ambiguity of the biometrics and accuracy of the cryptography

this study proposes a data encryption and decryption scheme using fingerprint bio-key combing with time stamp.

Method

First

all minutiae from the fingerprint of the communication sender are extracted. The fingerprint feature-line set of the communication sender is then generated based on the relative information among the minutiae. A 2D coordinate model is generated and segmented by two segmentation metrics (horizontal and vertical). The size of the segmentation metrics can be adjusted through practical application. The feature lines in the set are individually mapped into the given 2D coordinate model to generate a 2D 0-1 matrix called fingerprint feature-line set matrix. The elements in this matrix are multiplied with a confidential random matrix stored by the sender to obtain a fingerprint bio-key matrix. The fingerprint bio-key is the bit string transformed from the fingerprint bio-key matrix

which is a connection of the individual lines in the matrix. The bit string is also protected by this random matrix in the proposed scheme. Then

a preset number

which is predefined by the two communicators

and time stamp are utilized to generate a 256-bit long SHA256 hash value. The hash value is processed to obtain an auxiliary bit-string

which is as long as the fingerprint bio-key

and do the xor(enclusive OR) operation with the fingerprint bio-key to obtain the auxiliary data

which is transmitted to the receiver and used for the fingerprint bio-key recovery. Finally

the fingerprint bio-key of the communication sender is used to encrypt the plain communication data. The encrypted cipher and auxiliary data

along with the SHA256 hash value of the confidential random matrix

are transmitted to the communication receiver in the final step of the encryption stage. At the decryption stage

the communication receiver should use the same preset number and the time stamp to generate the same auxiliary data to obtain the fingerprint bio-key of the communication sender so that the communication receiver can decrypt the cipher date and obtain the original plain data with the help of the sender's fingerprint bio-key. In addition

the authentication of the communication sender is illustrated. When the receiver requests the identity authentication of the sender

the communication sender should provide the regenerated fingerprint bio-key through the same key generation method and calculate the similarity value between the original and regenerated one. The authentication of the communication sender is successful only if the similarity value is not less than the predefined threshold. Moreover

the receiver should check the SHA256 hash value of the received bio-key

as well as the one provided by the sender

which means that only the two hash values are equal

the identity authentication of the sender is complete.

Result

We simulated the data encryption and decryption interfaces for the proposed scheme. Then

to prove the identity authentication function of the generated fingerprint bio-key

we tested the genuine acceptance rate (GAR) and the FAR (false acceptance rate) of the regenerated fingerprint bio-key for the genuine and impostors based on our fingerprint database. The test data proved that the fingerprint bio-key

which also served as a digital identity

was available and verifiable. In addition

the GAR of the regenerated fingerprint bio-key of the genuine reached 99.8%

whereas that of the impostor is close to 0.2%. Moreover

the proposed scheme can be applied in many different scenarios

such as instant communication and symmetric encryption algorithms (e.g.

aclvanced encryption standard (AES) and SM4). The length of the fingerprint bio-key can be adjusted using different segmentation metrics.

Conclusion

The proposed scheme utilizes a fingerprint key generation method to generate the unique fingerprint bio-key of the communication sender. In addition

the scheme determines the uniqueness and undeniability of every communication event and implements the vital conception "one secret key

one event" of the fingerprint bio-key recovery using time stamp. The revocability of the fingerprint bio-key was realized with the help of the confidential random matrix

which effectively ensures the security of the fingerprint data. Then

a detailed analysis of the availability and security of the proposed scheme is conducted. The innovations and advantages are also identified. However

these experiments are mainly based on the laboratory fingerprint database

so the influence of different feature extraction methods on our scheme is not investigated. Thus

further research is imminent.

关键词

Keywords

references

Dodis Y, Reyzin L and Smith A. 2004. Fuzzy extractors: how to generate strong keys from biometrics and other noisy data//Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques. Interlaken, Switzerland: Springer: 523-540.[ DOI:10.1007/978-3-540-24676-3_31 http://dx.doi.org/10.1007/978-3-540-24676-3_31 ]

Huang C Y and Tang B Y. 2014. Two-party authenticated key exchange protocol based on bilinear pairings. Computer Engineering and Design, 35(8):2671-2674, 2684

黄朝阳, 汤碧玉. 2014.基于双线性对的双向认证密钥交换协议.计算机工程与设计, 35(8):2671-2674, 2684)[DOI:10.3969/j.issn.1000-7024.2014.08.010]

Karimian N, Guo Z M, Tehranipoor M and Forte D. 2017. Highly reliable key generation from electrocardiogram (ECG). IEEE Transactions on Biomedical Engineering, 64(6):1400-1411[DOI:10.1109/TBME.2016.2607020]

Li G Q, Yang B, Rathgeb C and Busch C. 2015. Towards generating protected fingerprint templates based on bloom filters//Proceedings of the 3rd International Workshop on Biometrics and Forensics. Gjovik, Norway: IEEE: 1-6[ DOI:10.1109/IWBF.2015.7110224 http://dx.doi.org/10.1109/IWBF.2015.7110224 ]

Li S, Zhang X P, Qian Z X, Feng G R and Ren Y. 2018. Key based artificial fingerprint generation for privacy protection. IEEE Transactions on Dependable and Secure Computing, 1-14[DOI:10.1109/TDSC.2018.2812192]

Marimuthu M and Kannammal A. 2015. Dual fingerprints fusion for cryptographic key generation. International Journal of Computer Applications, 122(23):20-25[DOI:10.5120/21865-5194]

Mariño R Á, Álvarez F H and Encinas L H. 2012. A crypto-biometric scheme based on iris-templates with fuzzy extractors. Information Sciences, 195:91-102[DOI:10.1016/j.ins.2012.01.042]

Mittal Y, Varshney A, Aggarwal P, Matani K and Mittal V K. 2015. Fingerprint biometric based access control and classroom attendance management system//Proceedings of 2015 Annual IEEE India Conference. New Delhi, India: IEEE: 1-6[ DOI:10.1109/INDICON.2015.7443699 http://dx.doi.org/10.1109/INDICON.2015.7443699 ]

Panchal G and Samanta D. 2016. Comparable features and same cryptography key generation using biometric fingerprint image//Proceedings of the 2nd International Conference on Advances in Electrical, Electronics, Information, Communication and Bio-Informatics. Chennai, India: IEEE: 691-695[ DOI:10.1109/AEEICB.2016.7538381 http://dx.doi.org/10.1109/AEEICB.2016.7538381 ]

Partheeba S and Radha N. 2016. Fingerprint Bio-Crypto key generation using scale invariant feature transform (SIFT). International Journal of Computer Applications, 153(8):35-41[DOI:10.5120/ijca2016912129]

Qiu J H, Feng J, Guo W and Zhou S J. 2016. Biometric Identification-a Revolution of Identity Authentication. Beijing:Tsinghua University Press

邱建华, 冯敬, 郭伟, 周淑娟. 2016.生物特征识别:身份认证的革命.北京:清华大学出版社)

Rathgeb C and Uhl A. 2010. Privacy preserving key generation for iris biometrics//Proceedings of the 11th IFIP International Conference on Communications and Multimedia Security. Linz, Austria: Springer: 191-200[ DOI:10.1007/978-3-642-13241-4_18 http://dx.doi.org/10.1007/978-3-642-13241-4_18 ]

Sandhya M and Prasad M V N K. 2015. k-Nearest neighborhood structure (k-NNS) based alignment-free method for fingerprint template protection//Proceedings of 2015 International Conference on Biometrics. Phuket, Thailand: IEEE: 386-393[ DOI:10.1109/ICB.2015.7139100 http://dx.doi.org/10.1109/ICB.2015.7139100 ]

Tomko G J, Soutar C and Schmidt G J. 1996. Fingerprint controlled public key cryptographic system. U.S. No.5541994

Velciu M A, Pǎtraşcu A and Patriciu V V. 2014. Bio-cryptographic authentication in cloud storage sharing//Proceedings of the 9th IEEE IEEE International Symposium on Applied Computational Intelligence and Informatics. Timisoara, Romania: IEEE: 165-170[ DOI:10.1109/SACI.2014.6840054 http://dx.doi.org/10.1109/SACI.2014.6840054 ]

Wang C X, Gao M Z, Liu Q and Zhou X W. 2014. Design of united identity authentication and key agreement protocol for hybrid cloud. Telecommunications Science, 30(4):95-99, 108

王崇霞, 高美真, 刘倩, 周贤伟. 2014.混合云联合身份认证与密钥协商协议设计.电信科学, 30(4):95-99, 108)[DOI:10.3969/j.issn.1000-0801.2014.04.014]

Wu Z D, Tian L W, Li P, Wu T, Jiang M and Wu C M. 2018. Generating stable biometric keys for flexible cloud computing authentication using finger vein. Information Sciences, 433, 431-447[DOI:10.1016/j.ins.2016.12.048]

Yang W C, Hu J K and Wang S. 2012. A delaunay triangle-based fuzzy extractor for fingerprint authentication//Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. Liverpool, UK: IEEE: 66-70[ DOI:10.1109/TrustCom.2012.23 http://dx.doi.org/10.1109/TrustCom.2012.23 ]

Yu J P, Zhang P, Wang Y and Yang Y J. 2013. Secure and efficient scheme to construct a cancelable fingerprint template. Journal of Image and Graphics, 18(1):39-44

喻建平, 张鹏, 王瑶, 张懿竣. 2013.安全高效的可撤销指纹模板构造.中国图象图形学报, 18(1):39-44)[DOI:10.11834/jig.20130104]

Zhang N, Zang Y L and Tian J. 2015. The integration of biometrics and cryptography——a new solution for secure identity authentication. Journal of Cryptologic Research, 2(2):159-176

张宁, 臧亚丽, 田捷. 2015.生物特征与密码技术的融合——一种新的安全身份认证方案.密码学报, 2(2):159-176)[DOI:10.13868/j.cnki.jcr.000068]

文章被引用时，请邮件提醒。

提交

暂无数据