CN110505047B - Double encryption method for iris feature protection - Google Patents

Double encryption method for iris feature protection Download PDF

Info

Publication number
CN110505047B
CN110505047B CN201910751345.3A CN201910751345A CN110505047B CN 110505047 B CN110505047 B CN 110505047B CN 201910751345 A CN201910751345 A CN 201910751345A CN 110505047 B CN110505047 B CN 110505047B
Authority
CN
China
Prior art keywords
encryption
following
steps
method comprises
image
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910751345.3A
Other languages
Chinese (zh)
Other versions
CN110505047A (en
Inventor
张恒
焦文明
张键
李宏然
臧奇颜
陈烽
孙雪娇
徐伟伟
许腾腾
潘家乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Ocean University
Original Assignee
Jiangsu Ocean University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Ocean University filed Critical Jiangsu Ocean University
Priority to CN201910751345.3A priority Critical patent/CN110505047B/en
Publication of CN110505047A publication Critical patent/CN110505047A/en
Application granted granted Critical
Publication of CN110505047B publication Critical patent/CN110505047B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Abstract

The invention discloses a double encryption method for iris feature protection, which comprises the following specific steps: constructing a chaotic key sequence for iris region feature mapping by utilizing a chaotic function; a first re-diffusion encryption algorithm; a second re-diffusion encryption algorithm; the parameter values are directed to the reverse decryption iris region. The algorithm of the invention fully considers the characteristics of large information quantity and high redundancy of the iris area, and adopts a chaotic system to map the characteristics of the iris area; meanwhile, the double diffusion system is used for carrying out double encryption on the chaotic key sequence, so that the timeliness and the safety of the iris characteristic information in network transmission are greatly enhanced, the personal privacy and the information safety are protected, and the method is particularly suitable for application of modern biological characteristics in places such as production, life, business and high-end confidentiality.

Description

Double encryption method for iris feature protection
The technical field is as follows:
the invention relates to the field of encryption algorithms, in particular to a double encryption method for iris feature protection.
Background art:
with the increasing popularity of the internet concept, personal information security becomes more and more important. Biometric technology is an important way to protect personal information by analyzing physiological or behavioral characteristics inherent to humans. The biological characteristics of the human body mainly include fingerprints, face, iris, voice, gait, signature and the like. In recent years, biometric identification techniques typified by fingerprints and human faces have been widely used. In the public safety field, but still has some limitations in the application process, and the uniqueness and stability of iris recognition make up for these deficiencies.
In many cases, the iris may be the only biometric function that can identify the identity. A series of international researches show that iris identification is the safest and most accurate identification method at present. The error rate of the iris can be as low as 1% compared with the error rate of the fingerprint of 0.8% and the error rate of the face of about 2%. Omnipotent iris function is the highest level of current biometric identification technology. The academic and business circles increasingly attach importance to the identification technology based on iris feature extraction. Iris recognition is increasingly applied to some sectors requiring high security performance, such as banking systems and security agencies, and some environments requiring high authentication. The improvement of the safety of iris recognition plays an important role in maintaining social and financial security.
In the network transmission process, due to the insecurity of the iris image information, a malicious attacker has the opportunity to reveal or destroy the original image information. Since the iris image is unique and immutable, once the iris image is stolen, our private information may be at risk for long-term disclosure. In the face of malicious damage of iris image information, means for improving the safety of iris images are still problems which need to be solved urgently.
The invention content is as follows:
the present invention is directed to overcoming the above-mentioned problems of the prior art by providing a dual encryption method for iris feature protection.
In order to achieve the purpose, the invention provides the following technical scheme: a double encryption method for iris feature protection, comprising the steps of:
step (1): constructing a chaotic key sequence for iris region feature mapping by using a chaotic function; wherein the chaotic function is characterized by:
(1a) the method comprises the following steps Sensitive to initial conditions;
(1b) the method comprises the following steps Must be a topological hybrid;
(1c) the method comprises the following steps At least one dense periodic track;
step (2): a first re-diffusion encryption algorithm; the diffusion encryption method comprises the following steps:
(2a) the method comprises the following steps Scrambling information of a plaintext through a scrambling algorithm;
(2b) the method comprises the following steps Performing diffusion calculation on the image pixels through a diffusion algorithm;
and (3): a second re-diffusion encryption algorithm; the diffusion encryption is characterized in that:
it is assumed that a pixel sequence of an original plaintext image to be encrypted is represented by { p (k) | k ═ 1, 2., m }; the chaotic key sequence is represented by W; the pixel sequence of the ciphertext image obtained after the diffusion encryption of step (2) is represented by { q (k) | k ═ 1, 2.. multidot.m }; the pixel sequence of the final ciphertext image obtained after the diffusion encryption in step (3) is represented by { r (k) | k ═ 1, 2.., m }: has the following characteristics:
feature (3 a): in the diffusion encryption process of the step (3), the final ciphertext R (k) and the original plaintext [ x ] 0 ,y 0 ]There is no direct connection between them;
feature (3 b): w (k) cannot be reversed by using the encryption formula in the step (3);
feature (3 c): in each encryption process, an XOR operation and a nonlinear 'modular' operation exist between the ciphertext and the plaintext;
and (4): importing the parameter value into a reverse decryption iris area; the decryption is characterized in that:
(4a) the method comprises the following steps Inputting a decryption algorithm as a chaotic key sequence, an encryption parameter value and a final key;
(4b) the method comprises the following steps The initial key and all parameter values are identical during the encryption and decryption processes;
(4c) the method comprises the following steps The final decrypted image is identical to the encrypted image.
As a preferred technical solution of the present invention, the scrambling algorithm in the step (2a) is:
(2a1) the method comprises the following steps Arnold transform scrambling: for an image of size N, the original bits of the pixelsIs put [ x 0 ,y 0 ]New pixel position x obtained by reversible two-dimensional matrix 1 ,y 1 ](ii) a Or
(2a2) The method comprises the following steps Baker transformation scrambling: the image is mapped by stretching the image horizontally and then folding the image vertically, and the process is repeated until the positions of all pixels have changed.
As a preferred technical solution of the present invention, the diffusion algorithm in the step (2b) is:
(2b1) the method comprises the following steps XOR between pixels; or
(2b1) The method comprises the following steps Modulo operations are added between pixels.
The invention has the beneficial effects that: in order to protect the characteristic information of the iris image, firstly, a chaotic encryption model blurs an iris area to protect iris information in a network process, and then, double diffusion encryption is utilized; the newly constructed chaotic mapping generates stronger sequence value distribution and more complex chaotic characteristics, and by combining an encryption algorithm, the distribution of pixel points of an iris image can be more discrete and uniform, the performance of each index is superior, and common attacks can be effectively resisted; the histogram analysis is combined with the correlation between adjacent pixels of the image, the encryption requirement of an encryption method is completely met, and the method has very high research value and significance for the development of the current information security under the circumstance that people are increasingly deeply concerned.
Description of the drawings:
FIG. 1 is a flow chart of the archival data fusion model of the present invention;
FIG. 2 is a schematic diagram of the simulation result of the algorithm;
fig. 3 and 4 are directional phase diagrams of adjacent pixels from an iris plaintext image and an iris ciphertext image.
The specific implementation mode is as follows:
the following detailed description of the preferred embodiments of the present invention, taken in conjunction with the accompanying drawings, will make the advantages and features of the invention more readily understood by those skilled in the art, and thus will more clearly and distinctly define the scope of the invention.
The invention provides a technical scheme that: a double encryption method for iris feature protection comprises the following steps:
the method comprises the following steps:
step (1): constructing a chaotic key sequence for iris region feature mapping by utilizing a chaotic function, wherein the chaotic function is characterized in that:
(1a) the method comprises the following steps Sensitive to initial conditions;
(1b) the method comprises the following steps Must be a topological hybrid;
(1c) the method comprises the following steps At least one dense periodic track;
step (2): the first re-diffusion encryption algorithm comprises the following steps of:
(2a) the method comprises the following steps Scrambling information is carried out on a plaintext through a common scrambling algorithm, wherein the scrambling algorithm mainly comprises the following steps:
(2a1) arnold transform scrambling: for an image of size NxN, the original position of the pixel x 0 ,y 0 ]New pixel position x obtained by reversible two-dimensional matrix 1 ,y 1 ];
(2a2) Baker transformation scrambling: the image is mapped by stretching the image horizontally and then folding the image vertically, and the process is repeated until the positions of all pixels have changed.
(2b) The method comprises the following steps The diffusion calculation is carried out on the image pixels through a common diffusion algorithm, and the diffusion algorithm mainly comprises the following steps:
(2b1) XOR between pixels;
(2b1) modulo operations are added between pixels.
And (3): a second re-diffusion encryption algorithm, the diffusion encryption characterized by:
it is assumed that a pixel sequence of an original plaintext image to be encrypted is represented by { p (k) | k ═ 1, 2., m }; the chaotic key sequence is represented by W; the pixel sequence of the ciphertext image obtained after the diffusion encryption of step (2) is represented by { q (k) | k ═ 1, 2.. multidot.m }; the pixel sequence of the final ciphertext image obtained after the diffusion encryption of step (3) is represented by { r (k) | k ═ 1, 2.., m }:
feature (3 a): in the diffusion encryption process of the step (3), the final ciphertext R (k) and the original plaintext [ x ] 0 ,y 0 ]There is no direct connection between them;
feature (3 b): w (k) cannot be reversed by using the encryption formula in the step (3);
feature (3 c): in each encryption process, there are XOR operations and nonlinear "modulo" operations between the ciphertext and the plaintext.
And (4): the parameter values are imported into the reverse decryption iris region, the decryption being characterized by:
(4a) inputting a decryption algorithm, wherein the main contents are a chaotic key sequence, an encryption parameter value and a final key;
(4b) the initial key and all parameter values are identical during the encryption and decryption processes;
(4c) the final decrypted image is identical to the encrypted image.
The size of the key space is an important measure of the attack resistance of the encryption scheme. If the key space is too small, the encryption scheme is vulnerable to a thorough attack, resulting in reduced security. For a good encryption algorithm, the key space should be large enough to resist exhaustive attacks. Data storage of double-precision data in a 32-bit computer is 64 bits, and the key space is 2 64 ×2 64 =2 128 And (5) maintaining. Even if an attacker attacks 1 million keys per second, 10 are required 14 The entire key space can be exhausted year by year. If the reference value is considered, the key space will be larger and require more time. Therefore, the key space of the dual encryption algorithm proposed by this patent is secure against exhaustive attacks.
The design and safety of the algorithm are closely related. Well-behaved algorithms may be based on various known attack judgment criteria. An iris map is selected to encrypt it. The simulation results are shown in fig. 2. Fig. 2(a) and 2(d) show the original image and its histogram, respectively. Fig. 2(b) and 2(e) show the encrypted image and its histogram, respectively. Fig. 2(c) and 2(f) show the decrypted image and its histogram, respectively. It can be seen that the histogram distribution of all pixels in the original image is very uneven. The histogram distribution of the pixels in the middle area of the encrypted iris image has a good linear relationship and does not provide any clue to the statistical analysis attack of the encrypted iris image. Therefore, it is possible to effectively prevent statistical analysis attacks on the encrypted iris image.
N pairs of adjacent pixels in the image are randomly selected from the horizontal, vertical and diagonal directions to test the correlation of the adjacent pixels between the plaintext image and the ciphertext image.
Fig. 3 and 4 are directional phase diagrams of adjacent pixels from an iris plaintext image and an iris ciphertext image. Experiments randomly collected 2000 pairs of adjacent pixels in the horizontal, vertical and diagonal directions of the iris plaintext image and the iris ciphertext image. Fig. 3 shows that the pixels of adjacent points in the iris plaintext image are almost equal. Fig. 4 shows that the pixels of adjacent points in the iris ciphertext image are significantly different.
The adjacent pixels of the iris plaintext image are highly correlated, and the correlation coefficient is close to 1. The low correlation coefficient of the adjacent pixels in the iris ciphertext image indicates that the statistical characteristics of the plaintext are diffused into random ciphertexts. The iris ciphertext image obtained by the algorithm achieves the purpose of destroying the correlation of adjacent pixels, so that the ciphertext has better random distribution characteristics.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that various changes and modifications can be made by those skilled in the art without departing from the spirit of the invention, and these changes and modifications are all within the scope of the invention.

Claims (3)

1. A double encryption method for iris feature protection is characterized by comprising the following steps:
step (1): constructing a chaotic key sequence for iris region feature mapping by utilizing a chaotic function; wherein the chaotic function is characterized by:
(1a) the method comprises the following steps Sensitive to initial conditions;
(1b) the method comprises the following steps Must be a topological hybrid;
(1c) the method comprises the following steps At least one dense periodic track;
step (2): a first re-diffusion encryption algorithm; the diffusion encryption method comprises the following steps:
(2a) the method comprises the following steps Scrambling information of a plaintext through a scrambling algorithm;
(2b) the method comprises the following steps Performing diffusion calculation on the image pixels through a diffusion algorithm;
and (3): a second re-diffusion encryption algorithm; the diffusion encryption is characterized in that:
assume that the sequence of pixels of the original plaintext image to be encrypted is represented by { p (k) | k ═ 1, 2. The chaotic key sequence is represented by W; the pixel sequence of the ciphertext image obtained after the diffusion encryption of step (2) is represented by { q (k) | k ═ 1, 2.. multidot.m }; the pixel sequence of the final ciphertext image obtained after the diffusion encryption in step (3) is represented by { r (k) | k ═ 1, 2.. multidot.m }: has the following characteristics:
feature (3 a): in the diffusion encryption process of the step (3), the final ciphertext R (k) and the original plaintext [ x ] 0 ,y 0 ]There is no direct connection between them;
feature (3 b): w (k) cannot be reversed by using the encryption formula in the step (3);
feature (3 c): in each encryption process, an XOR operation and a nonlinear 'modular' operation exist between the ciphertext and the plaintext;
and (4): importing the parameter value into a reverse decryption iris area; the decryption is characterized in that:
(4a) the method comprises the following steps Inputting a decryption algorithm as a chaotic key sequence, an encryption parameter value and a final key;
(4b) the method comprises the following steps The initial key and all parameter values are identical during the encryption and decryption processes;
(4c) the method comprises the following steps The final decrypted image is identical to the encrypted image.
2. The double encryption method for iris feature protection according to claim 1, wherein the scrambling algorithm in step (2a) is:
(2a1) the method comprises the following steps Arnold transform scrambling: for an image of size N x N, the original position of the pixel x 0 ,y 0 ]New pixel position x obtained by reversible two-dimensional matrix 1 ,y 1 ](ii) a Or
(2a2) The method comprises the following steps Baker transformation scrambling: the image is mapped by stretching the image horizontally and then folding the image vertically, and the process is repeated until the positions of all pixels have changed.
3. A double encryption method for iris feature protection according to claim 1, wherein the diffusion algorithm in step (2b) is:
(2b1) the method comprises the following steps XOR between pixels; or
(2b1) The method comprises the following steps Modulo operations are added between pixels.
CN201910751345.3A 2019-08-14 2019-08-14 Double encryption method for iris feature protection Active CN110505047B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910751345.3A CN110505047B (en) 2019-08-14 2019-08-14 Double encryption method for iris feature protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910751345.3A CN110505047B (en) 2019-08-14 2019-08-14 Double encryption method for iris feature protection

Publications (2)

Publication Number Publication Date
CN110505047A CN110505047A (en) 2019-11-26
CN110505047B true CN110505047B (en) 2022-08-23

Family

ID=68587462

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910751345.3A Active CN110505047B (en) 2019-08-14 2019-08-14 Double encryption method for iris feature protection

Country Status (1)

Country Link
CN (1) CN110505047B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11188320B2 (en) 2019-09-20 2021-11-30 International Business Machines Corporation Systems and methods for updating detection models and maintaining data privacy
US11216268B2 (en) 2019-09-20 2022-01-04 International Business Machines Corporation Systems and methods for updating detection models and maintaining data privacy
US11157776B2 (en) * 2019-09-20 2021-10-26 International Business Machines Corporation Systems and methods for maintaining data privacy in a shared detection model system
CN113762077B (en) * 2021-07-19 2024-02-02 沈阳工业大学 Multi-biological feature iris template protection method based on double-grading mapping
CN114781010A (en) * 2022-04-21 2022-07-22 北京工业大学 Privacy protection terminal equipment and privacy protection method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102693523A (en) * 2012-05-09 2012-09-26 华南理工大学 Image two-grade encrypting method based on double-chaos system
WO2016045217A1 (en) * 2014-09-23 2016-03-31 深圳市汇顶科技股份有限公司 Encryption method and encryption device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104751403B (en) * 2015-04-23 2018-01-05 北京航空航天大学 A kind of plaintext associated picture encryption method based on multi-chaos system
EP3588838A4 (en) * 2017-02-24 2020-09-02 Wei Chen Chaotic map-based digital chaotic encryption method
CN107330395B (en) * 2017-06-27 2018-11-09 中国矿业大学 A kind of iris image encryption method based on convolutional neural networks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102693523A (en) * 2012-05-09 2012-09-26 华南理工大学 Image two-grade encrypting method based on double-chaos system
WO2016045217A1 (en) * 2014-09-23 2016-03-31 深圳市汇顶科技股份有限公司 Encryption method and encryption device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于虹膜特征密钥的无线传感器网络安全数据融合;李敏等;《计算机系统应用》;20170815(第08期);全文 *

Also Published As

Publication number Publication date
CN110505047A (en) 2019-11-26

Similar Documents

Publication Publication Date Title
CN110505047B (en) Double encryption method for iris feature protection
Punithavathi et al. A lightweight machine learning-based authentication framework for smart IoT devices
Kaur et al. Privacy preserving remote multi-server biometric authentication using cancelable biometrics and secret sharing
Abikoye et al. A safe and secured iris template using steganography and cryptography
Barman et al. Fingerprint-based crypto-biometric system for network security
El-Shafai et al. Efficient and secure cancelable biometric authentication framework based on genetic encryption algorithm
Hikal et al. A new approach for palmprint image encryption based on hybrid chaotic maps
Abd Razak et al. Data anonymization using pseudonym system to preserve data privacy
CN108959891B (en) Electroencephalogram identity authentication method based on secret sharing
Punithavathi et al. Partial DCT-based cancelable biometric authentication with security and privacy preservation for IoT applications
Bathen et al. Selfis: Self-sovereign biometric ids
Loukhaoukha et al. Efficient and secure cryptosystem for fingerprint images in wavelet domain
Helmy et al. A hybrid encryption framework based on Rubik’s cube for cancelable biometric cyber security applications
Evangelin et al. Securing recognized multimodal biometric images using cryptographic model
Liu Chaos-based fingerprint images encryption using symmetric cryptography
Shanthini et al. Multimodal biometric-based secured authentication system using steganography
CN110503697B (en) Iris feature hiding method based on random noise mechanism
Siswanto et al. Chaotic-based encryption algorithm using henon and logistic maps for fingerprint template protection
Mohammed et al. Current multi-factor of authentication: Approaches, requirements, attacks and challenges
Sankari et al. Steganography technique to secure patient confidential information using ECG signal
CN114065169B (en) Privacy protection biometric authentication method and device and electronic equipment
Helmy et al. A novel cancellable biometric recognition system based on Rubik’s cube technique for cyber-security applications
Abiega-L’Eglisse et al. A New Fuzzy Vault based Biometric System robust to Brute-Force Attack
CN113989091A (en) Encryption method for digital archive
Nair et al. Multibiometric cryptosystem based on decision level fusion for file uploading in cloud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant