CN113704728B - Fingerprint authentication method based on D-H key exchange and key sharing - Google Patents
Fingerprint authentication method based on D-H key exchange and key sharing Download PDFInfo
- Publication number
- CN113704728B CN113704728B CN202110814999.3A CN202110814999A CN113704728B CN 113704728 B CN113704728 B CN 113704728B CN 202110814999 A CN202110814999 A CN 202110814999A CN 113704728 B CN113704728 B CN 113704728B
- Authority
- CN
- China
- Prior art keywords
- key
- template
- fingerprint
- key exchange
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000005516 engineering process Methods 0.000 claims abstract description 9
- 230000015654 memory Effects 0.000 claims abstract description 8
- 238000013507 mapping Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000010835 comparative analysis Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a fingerprint authentication method based on D-H key exchange and key sharing, which comprises the steps of firstly distributing keys required to be stored by each entity in a system to different servers for scattered storage by using a key sharing technology, then respectively generating the same primary random keys at a user end and a reference template memory end by using the D-H key exchange technology in a query stage, respectively encrypting a query template and the reference template, realizing randomness and diversity of the user query fingerprint template and the reference fingerprint template, and finally designing a safe fingerprint authentication method with privacy protection characteristics by judging whether authentication results pass or not under the condition that Euclidean distance between two fingerprints is not calculated.
Description
Technical Field
The invention relates to the technical field of key security, in particular to a fingerprint authentication method based on D-H key exchange and key sharing.
Background
The identity authentication technology based on biological characteristics has been widely applied to the daily life of people, and can effectively solve the problems of easy loss, forgetting and the like of the traditional identity authentication. Fingerprint identification is a mature technology in a biological characteristic identification system and is applied to different fields, but at present, a better solution to the problem of protecting template data and user characteristic information in the fingerprint identification process does not exist, the risk of key leakage or loss exists in an encryption storage stage, and in a query and template authorization stage, lawbreakers can easily track each server to carry out cross matching attack to acquire information.
Disclosure of Invention
The invention aims to provide a fingerprint authentication method based on D-H key exchange and key sharing, and aims to provide a safe fingerprint authentication method with privacy protection characteristics.
In order to achieve the above purpose, the invention adopts a fingerprint authentication method based on D-H key exchange and key sharing, which comprises the following steps:
key management;
an encryption process using a D-H key exchange;
and (5) performing confidentiality comparison for authentication.
In the key management process, on the basis of bilinear mapping, a plurality of empty sub-memories are used for carrying out distributed storage on a reference fingerprint template registered by a user.
And the secret number encrypted by the reference fingerprint template is shared and stored.
In the process of using the D-H key exchange encryption process, the D-H key exchange technology is used for respectively generating the same primary random key at the user end and the reference template memory end, and respectively encrypting the inquiry fingerprint template and the reference fingerprint template.
In the authentication process of secret comparison, comparison with a preset threshold value is realized under the condition that the Euclidean distance between the encrypted inquiry fingerprint template and the reference fingerprint template is not calculated specifically, and an authentication result is obtained.
The invention relates to a fingerprint authentication method based on D-H key exchange and key sharing, which comprises the steps of firstly distributing keys required to be stored by each entity in a system to different servers for decentralized storage by using a key sharing technology, then respectively generating the same primary random keys at a user end and a reference template memory end by using the D-H key exchange technology in a query stage, respectively encrypting a query template and the reference template, realizing randomness and diversity of the user query fingerprint template and the reference fingerprint template, and finally designing a safe fingerprint authentication method with privacy protection characteristics by judging whether authentication results pass or not under the condition that Euclidean distance between two fingerprints is not calculated specifically.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a fingerprint authentication method based on D-H key exchange and key sharing according to the present invention.
Fig. 2 is a system architecture diagram of a fingerprint authentication method based on D-H key exchange and key sharing according to the present invention.
FIG. 3 is a graph comparing EER before and after fingerprint template protection in accordance with an exemplary embodiment of the present invention.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative and intended to explain the present invention and should not be construed as limiting the invention.
Referring to fig. 1, the invention provides a fingerprint authentication method based on D-H key exchange and key sharing, comprising the following steps:
s1: key management;
s2: an encryption process using a D-H key exchange;
s3: and (5) performing confidentiality comparison for authentication.
In the key management process, a plurality of empty sub memories are used for carrying out distributed storage on a reference fingerprint template registered by a user on the basis of bilinear mapping.
And sharing and storing the secret number encrypted by the reference fingerprint template.
In the process of using the D-H key exchange encryption process, the D-H key exchange technology is used for respectively generating the same primary random key at the user end and the reference template memory end, and respectively encrypting the inquiry fingerprint template and the reference fingerprint template.
In the process of authentication by secret comparison, under the condition that the Euclidean distance between the encrypted query fingerprint template and the reference fingerprint template is not calculated specifically, comparison with a preset threshold value is realized, and an authentication result is obtained.
The system architecture of the invention is shown in figure 2, and the system parameters disclosed in the template storage center in the system initialization stage are set asQ (e.g., q=5) empty memories prepared by the method for distributively storing the reference fingerprint templates registered by the user are respectively +.>Wherein G and G T For bilinear mapping->In which two orders are the multiplication cyclic group of prime number p, G and h are two generator elements of group G, y TS For the public key of the template storage center,for cryptographic hash functions, τ is a predetermined threshold, λ T And lambda (lambda) I The length of the user fingerprint template and identity, respectively. Let the user select 3 random numbers in the key generation stageCalculate->Wherein K is i Representing the secret number that encrypts the enrolled reference fingerprint template, user U i The private key of (1) is Usk i =(Usk i,1 ,Usk i,2 )=(x i,1 ,x i,2 ) The public key is Upk i =(Upk i,1 ,Upk i,2 )=(y i,1 ,y i,2 ). Similarly, in the key generation phase, the certification authority selects 1 random number +.>Then calculateThe private key of the certification authority is Msk l =x l The public key is Mpk l =y l 。
The specific implementation steps are as follows:
A. key management
(1) Due to the correspondence of the sub-memoriesThe security problem of the template in the query process is related, so that the template is changed into sharing for storage. Randomly selecting q t-1 th degree polynomials
HandleBecomes n shares f j (α 1 ),f j (α 2 ),…f j (α n )(α i ,i∈[1,n]Arbitrary number) is stored.
(2) Likewise, the secret number K for encrypting the registered reference fingerprint template i Also regarding the security of the template, it is also to be changed to a shared save. Randomly selecting a polynomial f (x) =k of degree t-1 i +b 1 x+b 2 x 2 +…b t-1 x t-1 Handle K i Become n shares to store.
B. Encryption process using D-H key exchange
(3) Let the user obtain the original fingerprint feature template through the fingerprint sensorFor template security, the user first uses K before registering i Encrypting the original fingerprint template:
recording deviceThen public key Upk i Identity information of the user->And encrypted original fingerprint template->And sending the fingerprint template to a fingerprint template storage center. The fingerprint template storage center stores the information of the user +.>Randomly storing in q sub-memories +.>And sending the identity to the user as a user response pseudo identity.
(4) After registration is completed, the user may initiate an authentication query to the authentication authority. Assume that a user has obtained a fresh fingerprint feature template Y before formally initiating a certification query to a certification authority i =(y i1 ,y i2 ,…y in )。
1) The user selects a random numberAnd a positive random number +.>Calculate->The obtained fresh fingerprint feature template is encrypted as follows
Record Y i ′=(y′ i1 ,y′ i2 ,…,y′ in ) And Y is taken as i ' extended to n+3 dimensions
2) The user selects three random numbersCalculate ciphertext w= (W) 1 ,w 2 ,w 3 ,w 4 ,w 5 ) Wherein
Handle (W, T) i ) Sent to a certification authority, wherein T i Is a time stamp.
3) Certification authority calculationAnd check whether or not it satisfies
If yes, save
4) The certification authority selects a random numberCalculate->HandleIs sent to a fingerprint template storage center, wherein +.>And T l The identity and timestamp of the certification authority, respectively.
5) Fingerprint template storage center computingAnd checks whether the following two conditions are satisfied
And
if all of them are satisfied, then receiveAnd->Then calculate +.>And sub-memory->Corresponding to (a)Identity of->All use k for reference fingerprint templates i Encryption is carried out:
let X% i =(x″ i1 ,x″ i2 ,…x″ in ) Selecting a positive random numberX', is a handle i Expansion into n+3 dimensions
6) 2 random numbers are selected by the fingerprint template storage centerComputing ciphertext tuples G j,i =(G j,i,1 ,G j,i,2 ,G j,i,3 ) Wherein
Handle (G) j,i ,T j,i ) Sent to a certification authority, wherein T j,i Is a time stamp.
7) Certification authority calculationAnd checks whether or not it satisfies
If yes, saveIt is marked +.>
C. Secret comparison process
After the process is finished, the authentication mechanism can obtain the query fingerprint template Y to be authenticated i "and reference fingerprint template X i 。
(5) The Euclidean distance of two fingerprints can be calculated using the following formula:
(6) Let the authentication resultIf the authentication result rs=1, the authentication is successful, otherwise the authentication is failed.
Further, the correctness of the invention is demonstrated in theory as follows:
first is W in ciphertext W 5 Verification that can pass equation (1):
next is W in ciphertext W 4 And V is equal to l Can pass the verification of (2) and (3) respectively
And
finally, an activeCiphertext G j,i It must be able to pass verification of equation (4):
thereby proving the correctness of the scheme.
Further, simulation experiments were performed on the above scheme using Matlab language or the like. The database used was a common fingerprint dataset consisting of 408 Zhang Huidu fingerprint images acquired by the CrossMatch Verifineer300 sensor, and the operating system was a computer of Windows 10 with 8 cores 3.00GHz Intel i7 CPU and 16GB RAM.
We performed a comparative analysis of the performance of the templates before and after protection. Table 1 and fig. 3 show the relationship between the Equal Error Rate (EER) (error rate when the error acceptance rate (FAR) and the error rejection rate (FRR) are equal) and the threshold value in the comparison before and after encryption.
TABLE 1 EER before and after protection
Therefore, the fingerprint template protection method and the secret comparison method which does not specifically calculate the Euclidean distance between two fingerprint features have no influence on the performance of the fingerprint identification system, fully illustrate that the template protection scheme provided by the invention ensures the identification performance and the feasibility of the fingerprint identification system.
However, as the invention researches the effectiveness of the protection of the encrypted fingerprint template, rather than the fingerprint identification algorithm, the final identification precision is somewhat different from the precision obtained by the related fingerprint identification algorithm. If some advanced optimization techniques can be combined, the identification performance of the whole scheme can meet the practical requirements.
The above disclosure is only a preferred embodiment of the present invention, and it should be understood that the scope of the invention is not limited thereto, and those skilled in the art will appreciate that all or part of the procedures described above can be performed according to the equivalent changes of the claims, and still fall within the scope of the present invention.
Claims (1)
1. The fingerprint authentication method based on D-H key exchange and key sharing is characterized by comprising the following steps:
key management;
in the key management process, on the basis of bilinear mapping, a plurality of empty memories are used for carrying out distributed storage on a reference fingerprint template registered by a user;
the secret number encrypted by the reference fingerprint template is shared and stored;
an encryption process using a D-H key exchange;
in the process of using the D-H key exchange encryption process, the D-H key exchange technology is used for respectively generating the same primary random key at the user end and the reference template memory end, and respectively encrypting the inquiry fingerprint template and the reference fingerprint template;
and (5) performing confidentiality comparison for authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110814999.3A CN113704728B (en) | 2021-07-19 | 2021-07-19 | Fingerprint authentication method based on D-H key exchange and key sharing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110814999.3A CN113704728B (en) | 2021-07-19 | 2021-07-19 | Fingerprint authentication method based on D-H key exchange and key sharing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113704728A CN113704728A (en) | 2021-11-26 |
| CN113704728B true CN113704728B (en) | 2024-03-01 |
Family
ID=78649001
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110814999.3A Active CN113704728B (en) | 2021-07-19 | 2021-07-19 | Fingerprint authentication method based on D-H key exchange and key sharing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113704728B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710417A (en) * | 2012-06-18 | 2012-10-03 | 杭州电子科技大学 | Fuzzy vault method based on fingerprint features and Internet key exchange protocol |
| CN102750529A (en) * | 2012-07-24 | 2012-10-24 | 南京邮电大学 | Biometric fingerprint authentication method based on quantum fuzzy commitment |
| CN104065487A (en) * | 2014-07-08 | 2014-09-24 | 华南理工大学 | Random secret value IBC identity authentication method based on digital fingerprint |
| CN106411533A (en) * | 2016-11-10 | 2017-02-15 | 西安电子科技大学 | On-line fingerprint authentication system and method based on bidirectional privacy protection |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7693277B2 (en) * | 2005-01-07 | 2010-04-06 | First Data Corporation | Generating digital signatures using ephemeral cryptographic key |
| FR2930391B1 (en) * | 2008-04-21 | 2010-04-16 | Etsem Ltd | AUTHENTICATION TERMINAL OF A USER. |
| KR102289419B1 (en) * | 2017-06-26 | 2021-08-12 | 한국전자통신연구원 | Method and apparatus for authentification of user using biometric |
-
2021
- 2021-07-19 CN CN202110814999.3A patent/CN113704728B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710417A (en) * | 2012-06-18 | 2012-10-03 | 杭州电子科技大学 | Fuzzy vault method based on fingerprint features and Internet key exchange protocol |
| CN102750529A (en) * | 2012-07-24 | 2012-10-24 | 南京邮电大学 | Biometric fingerprint authentication method based on quantum fuzzy commitment |
| CN104065487A (en) * | 2014-07-08 | 2014-09-24 | 华南理工大学 | Random secret value IBC identity authentication method based on digital fingerprint |
| CN106411533A (en) * | 2016-11-10 | 2017-02-15 | 西安电子科技大学 | On-line fingerprint authentication system and method based on bidirectional privacy protection |
Non-Patent Citations (2)
| Title |
|---|
| Privacy-Preserving Fingerprint Authentication Using D-H Key Exchange and Secret Sharing;Huiyong Wang 等;《https://dl.acm.org/doi/10.1155/2021/5344696》;第1-2页 * |
| 生物特征识别模板保护综述;王会勇 等;《计算机研究与发展》;第57卷(第5期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113704728A (en) | 2021-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Jiang et al. | Three-factor authentication protocol using physical unclonable function for IoV | |
| CN106797313B (en) | Network authentication system using dynamic key generation | |
| Liu et al. | Secure remote multi-factor authentication scheme based on chaotic map zero-knowledge proof for crowdsourcing internet of things | |
| Dwivedi et al. | A fingerprint based crypto-biometric system for secure communication | |
| Barsoum et al. | Integrity verification of multiple data copies over untrusted cloud servers | |
| JP5586795B2 (en) | Data processing apparatus, data processing method, and program | |
| JP2014523192A (en) | Security by encryption using fuzzy authentication information in device and server communication | |
| CN110602099B (en) | Privacy protection method based on verifiable symmetric searchable encryption | |
| CN109740364B (en) | Attribute-based ciphertext searching method capable of controlling searching authority | |
| Zhu et al. | Efficient and privacy-preserving online fingerprint authentication scheme over outsourced data | |
| Liu et al. | An efficient biometric identification in cloud computing with enhanced privacy security | |
| Torres et al. | Effectiveness of fully homomorphic encryption to preserve the privacy of biometric data | |
| Hossain et al. | ICAS: Two-factor identity-concealed authentication scheme for remote-servers | |
| Wu et al. | Privacy-preserving cancelable biometric authentication based on RDM and ECC | |
| CN114021164A (en) | Block chain-based credit investigation system privacy protection method | |
| Panchal et al. | Designing Secure and Efficient Biometric-Based Access Mechanism for Cloud Services | |
| Dharminder et al. | Construction of lightweight authentication scheme for network applicants using smart cards | |
| CN113704728B (en) | Fingerprint authentication method based on D-H key exchange and key sharing | |
| Zhang et al. | A secure biometric authentication based on PEKS | |
| Zhu et al. | An efficient biometric authenticated protocol for arbitrary-domain-server with blockchain technology | |
| CN110851848A (en) | Privacy protection method for symmetric searchable encryption | |
| Abidin et al. | Security of a privacy-preserving biometric authentication protocol revisited | |
| Hamian et al. | Blockchain-based User Re-enrollment for Biometric Authentication Systems | |
| Neha et al. | An efficient biometric based remote user authentication technique for multi-server environment | |
| CN112631552A (en) | Random number generation and regeneration method based on non-uniform random source and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |