CN113704728A - Fingerprint authentication method based on D-H key exchange and key sharing - Google Patents

Fingerprint authentication method based on D-H key exchange and key sharing Download PDF

Info

Publication number
CN113704728A
CN113704728A CN202110814999.3A CN202110814999A CN113704728A CN 113704728 A CN113704728 A CN 113704728A CN 202110814999 A CN202110814999 A CN 202110814999A CN 113704728 A CN113704728 A CN 113704728A
Authority
CN
China
Prior art keywords
key
template
fingerprint
authentication method
method based
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110814999.3A
Other languages
Chinese (zh)
Other versions
CN113704728B (en
Inventor
王会勇
罗铭君
唐士杰
丁勇
王继奎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guilin University of Electronic Technology
Original Assignee
Guilin University of Electronic Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guilin University of Electronic Technology filed Critical Guilin University of Electronic Technology
Priority to CN202110814999.3A priority Critical patent/CN113704728B/en
Publication of CN113704728A publication Critical patent/CN113704728A/en
Application granted granted Critical
Publication of CN113704728B publication Critical patent/CN113704728B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention discloses a fingerprint authentication method based on D-H key exchange and key sharing, which comprises the steps of firstly utilizing a key sharing technology to distribute keys required to be stored by each entity in a system to different servers for dispersed storage, then utilizing the D-H key exchange technology to generate the same primary random keys at a user side and a reference template storage end respectively in an inquiry stage, and encrypting an inquiry template and a reference template respectively to realize the randomness and diversity of the inquiry fingerprint template and the reference fingerprint template of a user, and finally designing a safe fingerprint authentication method with privacy protection characteristic by judging whether an authentication result passes under the condition of not specifically calculating the Euclidean distance between two fingerprints.

Description

Fingerprint authentication method based on D-H key exchange and key sharing
Technical Field
The invention relates to the technical field of key security, in particular to a fingerprint authentication method based on D-H key exchange and key sharing.
Background
The identity authentication technology based on biological characteristics is widely applied to daily life of people, and can effectively solve the problems of easy loss, forgetting and the like of the traditional identity authentication. Fingerprint identification is a mature technology in a biological characteristic identification system and is applied in different fields, but no better solution is provided for the problem of protecting template data and user characteristic information in the fingerprint identification process at present, the risk of key leakage or loss exists in the encryption storage stage, and lawless persons can easily track each server to carry out cross matching attack to acquire information in the query and template authorization stages.
Disclosure of Invention
The invention aims to provide a fingerprint authentication method based on D-H key exchange and key sharing, and aims to provide a safe fingerprint authentication method with privacy protection characteristic.
In order to achieve the above object, the present invention provides a fingerprint authentication method based on D-H key exchange and key sharing, comprising the following steps:
managing a secret key;
exchanging an encryption process by using a D-H key;
and carrying out secret comparison and authentication.
In the key management process, a plurality of null sub memories are used for storing reference fingerprint templates registered by users in a distributed mode on the basis of bilinear mapping.
And the encrypted secret number is shared and stored by the reference fingerprint template.
In the process of exchanging encryption by using the D-H key, the same primary random keys are respectively generated at the user side and the memory side of the reference template by using the D-H key exchange technology, and the inquiry fingerprint template and the reference fingerprint template are respectively encrypted.
In the process of authentication through secret comparison, under the condition that the Euclidean distance between the encrypted inquiry fingerprint template and the reference fingerprint template is not specifically calculated, the comparison with a preset threshold value is realized, and an authentication result is obtained.
The invention relates to a fingerprint authentication method based on D-H key exchange and key sharing, which comprises the steps of firstly utilizing a key sharing technology to distribute keys required to be stored by each entity in a system to different servers for dispersed storage, then utilizing the D-H key exchange technology to generate the same primary random keys at a user side and a reference template storage end respectively in an inquiry stage, and encrypting an inquiry template and a reference template respectively to realize the randomness and diversity of the inquiry fingerprint template and the reference fingerprint template of a user, and finally under the condition that the Euclidean distance between two fingerprints is not calculated specifically, designing a safe fingerprint authentication method with privacy protection characteristic by judging whether an authentication result passes or not.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a fingerprint authentication method based on D-H key exchange and key sharing according to the present invention.
Fig. 2 is a system architecture diagram of a fingerprint authentication method based on D-H key exchange and key sharing according to the present invention.
FIG. 3 is a comparative EER before and after fingerprint template protection for an emulated embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
Referring to fig. 1, the present invention provides a fingerprint authentication method based on D-H key exchange and key sharing, which includes the following steps:
s1: managing a secret key;
s2: exchanging an encryption process by using a D-H key;
s3: and carrying out secret comparison and authentication.
In the key management process, on the basis of bilinear mapping, a plurality of null sub memories are used for storing reference fingerprint templates registered by users in a distributed mode.
And the reference fingerprint template carries out encrypted secret number sharing and storage.
In the process of exchanging encryption by using the D-H key, the same primary random keys are generated at the user side and the reference template memory side respectively by using the D-H key exchange technology, and the inquiry fingerprint template and the reference fingerprint template are encrypted respectively.
In the process of carrying out authentication by secret comparison, under the condition that the Euclidean distance between the encrypted inquiry fingerprint template and the reference fingerprint template is not specifically calculated, the comparison with a preset threshold value is realized, and an authentication result is obtained.
The system architecture of the present invention is shown in FIG. 2, and the system parameters disclosed in the template storage center at the system initialization stage are
Figure RE-GDA0003293411320000031
And q (e.g., q-5) empty sub-memories prepared for distributed storage of the reference fingerprint template registered by the user are respectively
Figure RE-GDA0003293411320000032
Wherein G and GTAs a bilinear map
Figure RE-GDA00032934113200000311
Two multiplication cyclic groups of prime p in the middle, G and h being two generators of group G, yTSIs the public key of the template repository,
Figure RE-GDA0003293411320000033
for cryptographic hash functions, τ is a predetermined threshold, λTAnd λIRespectively the length of the user fingerprint template and the identity. Let the user select 3 random numbers in the key generation phase
Figure RE-GDA0003293411320000034
Computing
Figure RE-GDA0003293411320000035
Wherein KiRepresenting a secret number encrypting the registered reference fingerprint template, user UiThe private key of (A) is Uski=(Uski,1,Uski,2)=(xi,1,xi,2) The public key is Upki=(Upki,1,Upki,2)=(yi,1,yi,2). Likewise, in the key generation phase, the certification authority selects 1 random number
Figure RE-GDA0003293411320000036
Then calculate
Figure RE-GDA0003293411320000037
The private key of the certificate authority is Mskl=xlThe public key is Mpkl=yl
The specific implementation steps are as follows:
A. key management
(1) Due to the correspondence of each sub-memory
Figure RE-GDA0003293411320000038
The security problem of the template in the query process is concerned, so the template needs to be changed into share for storage. Randomly selecting q polynomials of degree t-1
Figure RE-GDA0003293411320000039
Handle
Figure RE-GDA00032934113200000310
Becomes n shares fj1),fj2),…fjn)(αi,i∈[1,n]Any number).
(2) Likewise, a secret number K for encrypting the registered reference fingerprint templateiThe security of the template is also concerned, and the template is also changed into sharing and saving. Randomly selecting a t-1 degree polynomial f (x) Ki+b1x+b2x2+…bt-1xt-1Handle KiAnd changing into n shares for storage.
B. Exchanging encryption procedures with D-H keys
(3) Let user obtain original fingerprint characteristic template through fingerprint sensor
Figure RE-GDA0003293411320000041
For template security, the user first uses K before enrollingiCarrying out encryption processing on an original fingerprint template:
Figure RE-GDA0003293411320000042
note the book
Figure RE-GDA0003293411320000043
Then the public key UpkiIdentity information of a user
Figure RE-GDA0003293411320000044
And encrypted original fingerprint template
Figure RE-GDA0003293411320000045
And sending the fingerprint template to a fingerprint template storage center. Fingerprint template storage center stores user's information
Figure RE-GDA0003293411320000046
Randomly stored in q sub-memories, corresponding to sub-memory identities
Figure RE-GDA0003293411320000047
And sending the identity to the user as the user response pseudo identity.
(4) After registration is complete, the user may initiate an authentication query to the authentication authority. Suppose that a user has obtained a fresh fingerprint feature template Y before formally initiating a certification query to a certification authorityi=(yi1,yi2,…yin)。
1) The user selects a random number
Figure RE-GDA0003293411320000048
And a positive random number
Figure RE-GDA0003293411320000049
Computing
Figure RE-GDA00032934113200000410
Carrying out the following encryption on the obtained fresh fingerprint characteristic template
Figure RE-GDA00032934113200000411
Remember Yi′=(y′i1,y′i2,…,y′in) And a handle Yi' extension to n +3 dimensions
Figure RE-GDA00032934113200000412
2) User selection of three random numbers
Figure RE-GDA00032934113200000413
Calculating ciphertext W ═ W1,w2,w3,w4,w5) Wherein
Figure RE-GDA00032934113200000414
Figure RE-GDA00032934113200000415
Figure RE-GDA00032934113200000416
Figure RE-GDA00032934113200000417
Figure RE-GDA00032934113200000418
Handle (W, T)i) Sent to a certification authority, where TiIs a time stamp.
3) Certificate authority calculation
Figure RE-GDA00032934113200000419
And checking whether or not it satisfies
Figure RE-GDA00032934113200000420
If yes, storing
Figure RE-GDA0003293411320000051
4) The authentication authority selects a random number
Figure RE-GDA0003293411320000052
Computing
Figure RE-GDA0003293411320000053
Handle
Figure RE-GDA0003293411320000054
Sending to a fingerprint template storage center, wherein
Figure RE-GDA0003293411320000055
And TlRespectively, the identity of the certification authority and the timestamp.
5) Fingerprint template storage center computation
Figure RE-GDA0003293411320000056
And checks whether the following two conditions are satisfied
Figure RE-GDA0003293411320000057
And
Figure RE-GDA0003293411320000058
if both are satisfied, receiving
Figure RE-GDA0003293411320000059
And
Figure RE-GDA00032934113200000510
then calculate
Figure RE-GDA00032934113200000511
And handle sub-memory
Figure RE-GDA00032934113200000512
In corresponding to identity of
Figure RE-GDA00032934113200000513
All the reference fingerprint templates use kiAnd (3) encryption:
Figure RE-GDA00032934113200000514
let Xi=(x″i1,x″i2,…x″in) Selecting a positive random number
Figure RE-GDA00032934113200000515
Handle XiExpansion into n +3 dimensions
Figure RE-GDA00032934113200000516
6) Fingerprint template storage center selects 2 random numbers
Figure RE-GDA00032934113200000517
Computing ciphertext tuple Gj,i=(Gj,i,1,Gj,i,2,Gj,i,3) Wherein
Figure RE-GDA00032934113200000518
Figure RE-GDA00032934113200000519
Figure RE-GDA00032934113200000520
Handle (G)j,i,Tj,i) Sent to a certification authority, where Tj,iIs a time stamp.
7) Certificate authority calculation
Figure RE-GDA00032934113200000521
And checking whether or not it satisfies
Figure RE-GDA00032934113200000522
If yes, storing
Figure RE-GDA00032934113200000523
It is marked as
Figure RE-GDA00032934113200000524
C. Secret comparison process
After the above process is finished, the certification authority can obtain the inquiry fingerprint template Y to be certifiedi"and reference fingerprint template Xi
(5) The euclidean distance of two fingerprints can be calculated using the following formula:
Figure RE-GDA0003293411320000061
(6) order the authentication result
Figure RE-GDA0003293411320000062
If the authentication result RS is 1, the authentication is successful, otherwise, the authentication fails.
Further, the correctness of the invention is theoretically demonstrated as follows:
first, W in the ciphertext W5Can be verified by equation (1):
Figure RE-GDA0003293411320000063
second is W in the ciphertext W4And VlCan pass the verification of (2) and (3) respectively
Figure RE-GDA0003293411320000064
And
Figure RE-GDA0003293411320000065
finally, a valid ciphertext Gj,iMust be able to pass the verification of equation (4):
Figure RE-GDA0003293411320000066
thus proving the correctness of the scheme.
Further, simulation experiments were performed on the above scheme using Matlab language, etc. The used database is a public fingerprint data set consisting of 408 grayscale fingerprint images acquired by a CrossMatch verifier 300 sensor, and the operating system is a Windows 10 computer with 8 cores and 3.00GHz Intel i7 CPU and 16GB RAM.
We performed comparative analysis on the performance of the template before and after protection. Table 1 and fig. 3 show the relationship between the Equal Error Rate (EER) (error rate when the error acceptance rate (FAR) and the error rejection rate (FRR) are equal) and the threshold value in the alignment before and after encryption.
TABLE 1 EER before and after protection
Figure RE-GDA0003293411320000071
Therefore, the fingerprint template protection method and the privacy comparison method which do not specifically calculate the Euclidean distance between two fingerprint characteristics have no influence on the performance of the fingerprint identification system, and fully show that the template protection scheme provided by the invention ensures the identification performance and the feasibility of the fingerprint identification system.
However, the invention researches the effectiveness of the protection of the encrypted fingerprint template instead of the fingerprint identification algorithm, so that the final identification precision of the invention is slightly different from the precision obtained by the related fingerprint identification algorithm. If advanced optimization techniques can be combined, the identification performance of the whole scheme can meet practical requirements.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (5)

1. A fingerprint authentication method based on D-H key exchange and key sharing is characterized by comprising the following steps:
managing a secret key;
exchanging an encryption process by using a D-H key;
and carrying out secret comparison and authentication.
2. The fingerprint authentication method based on D-H key exchange and key sharing of claim 1, wherein in the key management process, a plurality of blank sub-memories are used to perform distributed storage on the reference fingerprint template registered by the user based on bilinear mapping.
3. The fingerprint authentication method based on D-H key exchange and key sharing according to claim 2, wherein the reference fingerprint template performs encrypted secret number sharing saving.
4. The fingerprint authentication method based on D-H key exchange and key sharing of claim 1, wherein during the encryption process using D-H key exchange, the same primary random keys are generated at the user side and the memory side of the reference template respectively using D-H key exchange technique, and the query fingerprint template and the reference fingerprint template are encrypted respectively.
5. The fingerprint authentication method based on D-H key exchange and key sharing of claim 1, wherein in the process of authentication by security comparison, the comparison with the predetermined threshold is implemented without specifically calculating the euclidean distance between the encrypted inquiry fingerprint template and the reference fingerprint template, and the authentication result is obtained.
CN202110814999.3A 2021-07-19 2021-07-19 Fingerprint authentication method based on D-H key exchange and key sharing Active CN113704728B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110814999.3A CN113704728B (en) 2021-07-19 2021-07-19 Fingerprint authentication method based on D-H key exchange and key sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110814999.3A CN113704728B (en) 2021-07-19 2021-07-19 Fingerprint authentication method based on D-H key exchange and key sharing

Publications (2)

Publication Number Publication Date
CN113704728A true CN113704728A (en) 2021-11-26
CN113704728B CN113704728B (en) 2024-03-01

Family

ID=78649001

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110814999.3A Active CN113704728B (en) 2021-07-19 2021-07-19 Fingerprint authentication method based on D-H key exchange and key sharing

Country Status (1)

Country Link
CN (1) CN113704728B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060153371A1 (en) * 2005-01-07 2006-07-13 Beeson Curtis L Generating digital signatures using ephemeral cryptographic key
US20110040972A1 (en) * 2008-04-21 2011-02-17 Estem Limited Terminal for strong authentication of a user
CN102710417A (en) * 2012-06-18 2012-10-03 杭州电子科技大学 Fuzzy vault method based on fingerprint features and Internet key exchange protocol
CN102750529A (en) * 2012-07-24 2012-10-24 南京邮电大学 Biometric fingerprint authentication method based on quantum fuzzy commitment
CN104065487A (en) * 2014-07-08 2014-09-24 华南理工大学 Random secret value IBC identity authentication method based on digital fingerprint
CN106411533A (en) * 2016-11-10 2017-02-15 西安电子科技大学 On-line fingerprint authentication system and method based on bidirectional privacy protection
US20180375859A1 (en) * 2017-06-26 2018-12-27 Electronics And Telecommunications Research Institute Method and apparatus for authentication of user using biometric

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060153371A1 (en) * 2005-01-07 2006-07-13 Beeson Curtis L Generating digital signatures using ephemeral cryptographic key
US20110040972A1 (en) * 2008-04-21 2011-02-17 Estem Limited Terminal for strong authentication of a user
CN102710417A (en) * 2012-06-18 2012-10-03 杭州电子科技大学 Fuzzy vault method based on fingerprint features and Internet key exchange protocol
CN102750529A (en) * 2012-07-24 2012-10-24 南京邮电大学 Biometric fingerprint authentication method based on quantum fuzzy commitment
CN104065487A (en) * 2014-07-08 2014-09-24 华南理工大学 Random secret value IBC identity authentication method based on digital fingerprint
CN106411533A (en) * 2016-11-10 2017-02-15 西安电子科技大学 On-line fingerprint authentication system and method based on bidirectional privacy protection
US20180375859A1 (en) * 2017-06-26 2018-12-27 Electronics And Telecommunications Research Institute Method and apparatus for authentication of user using biometric

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HUIYONG WANG 等: "Privacy-Preserving Fingerprint Authentication Using D-H Key Exchange and Secret Sharing", 《HTTPS://DL.ACM.ORG/DOI/10.1155/2021/5344696》, pages 1 - 2 *
王会勇 等: "生物特征识别模板保护综述", 《计算机研究与发展》, vol. 57, no. 5 *

Also Published As

Publication number Publication date
CN113704728B (en) 2024-03-01

Similar Documents

Publication Publication Date Title
CN111639361B (en) Block chain key management method, multi-person common signature method and electronic device
Jiang et al. Three-factor authentication protocol using physical unclonable function for IoV
EP3069249B1 (en) Authenticatable device
CN112926092A (en) Privacy-protecting identity information storage and identity authentication method and device
Dwivedi et al. A fingerprint based crypto-biometric system for secure communication
Zhu et al. Efficient and privacy-preserving online fingerprint authentication scheme over outsourced data
Sarier Comments on biometric-based non-transferable credentials and their application in blockchain-based identity management
CN114640444B (en) Privacy protection set intersection acquisition method and device based on domestic cryptographic algorithm
Bringer et al. Extended private information retrieval and its application in biometrics authentications
CN112329519A (en) Safe online fingerprint matching method
Wang et al. Attribute-based equality test over encrypted data without random oracles
Fan et al. Verifiable attribute-based multi-keyword search over encrypted cloud data in multi-owner setting
Hossain et al. ICAS: Two-factor identity-concealed authentication scheme for remote-servers
Wu et al. Privacy-preserving cancelable biometric authentication based on RDM and ECC
CN114996727A (en) Biological feature privacy encryption method and system based on palm print and palm vein recognition
Meshram et al. An efficient remote user authentication with key agreement procedure based on convolution-Chebyshev chaotic maps using biometric
GB2578864A (en) Trusted ring
Zhu et al. A Novel and Provable Authenticated Key Agreement Protocol with Privacy Protection Based on Chaotic Maps towards Mobile Network.
Xu et al. Efficient privacy-preserving electronic voting scheme based on blockchain
Zhu et al. An efficient biometric authenticated protocol for arbitrary-domain-server with blockchain technology
Hamian et al. Blockchain-based User Re-enrollment for Biometric Authentication Systems
Wong et al. A privacy-preserving biometric matching protocol for iris codes verification
CN113704728B (en) Fingerprint authentication method based on D-H key exchange and key sharing
Soni et al. Provably secure and biometric-based secure access of E-Governance services using mobile devices
WO2021167534A1 (en) Biometric template recognition system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant