CN115278673B - Lightweight biological authentication method and system based on combined biological recognition - Google Patents
Lightweight biological authentication method and system based on combined biological recognition Download PDFInfo
- Publication number
- CN115278673B CN115278673B CN202210945193.2A CN202210945193A CN115278673B CN 115278673 B CN115278673 B CN 115278673B CN 202210945193 A CN202210945193 A CN 202210945193A CN 115278673 B CN115278673 B CN 115278673B
- Authority
- CN
- China
- Prior art keywords
- extractor
- template
- authentication
- user
- index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 134
- 239000013598 vector Substances 0.000 claims abstract description 118
- 238000004364 calculation method Methods 0.000 claims abstract description 53
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 23
- 229940088594 vitamin Drugs 0.000 claims abstract description 7
- 239000011782 vitamin Substances 0.000 claims abstract description 7
- 230000008569 process Effects 0.000 claims description 26
- 239000000284 extract Substances 0.000 claims description 14
- 239000011159 matrix material Substances 0.000 claims description 11
- 238000006243 chemical reaction Methods 0.000 claims description 10
- 230000009466 transformation Effects 0.000 claims description 6
- 238000009825 accumulation Methods 0.000 claims description 3
- 238000009826 distribution Methods 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 2
- 239000000203 mixture Substances 0.000 claims 1
- 238000012986 modification Methods 0.000 abstract description 6
- 230000004048 modification Effects 0.000 abstract description 6
- 238000007792 addition Methods 0.000 abstract description 4
- 238000012217 deletion Methods 0.000 abstract description 4
- 230000037430 deletion Effects 0.000 abstract description 4
- 238000004088 simulation Methods 0.000 description 9
- 238000010276 construction Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000012549 training Methods 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000015572 biosynthetic process Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000001010 compromised effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000003786 synthesis reaction Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010835 comparative analysis Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 235000011389 fruit/vegetable juice Nutrition 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Collating Specific Patterns (AREA)
Abstract
The method and system for lightweight biological authentication based on joint biological recognition, the trusted center generates a series of keys; the extractor constructs d-vitamin feature registration vectors and the biological feature templates by confusing the biological feature templates, and encrypts the feature templates by using a public key of a homomorphic encryption algorithm; the extractor expands the registration vector, encrypts and sends the registration vector to the computing server by using the registration key, and the computing server encrypts and sends the index to the database; the extractor expands the feature vector, encrypts the expansion vector and the biological feature template, and sends the encrypted expansion vector and the biological feature template to the computing server; the database transforms the received index and authentication inquiry, calculates the similarity between each registration template and authentication inquiry, and sends the candidate template set to the calculation server to calculate Euclidean distance; three update operations are supported: addition, deletion, and modification; the invention satisfies confidentiality, updatability, revocability, irreversibility and non-connectibility of biological identification, and realizes balance of low-cost authentication and high-security requirements.
Description
Technical Field
The invention belongs to the technical field of biological feature recognition, and particularly relates to a lightweight biological authentication method and system based on joint biological recognition.
Background
In recent years, the popularity of smart mobile devices has increased the quality of life of people, the market size of mobile devices has been expanding, and in addition, smart watches, tablet computers and other mobile devices are pushing the expansion of mobile markets. Although mobile devices offer convenience to people, they also pose a threat to the privacy and security of users. As users store personal sensitive information (such as bank accounts and image data) on smart mobile devices, leakage of personal privacy is also a focus of attention for researchers.
Most existing smart mobile devices utilize knowledge-based identity authentication mechanisms to ensure their own security and data privacy (e.g., PIN code-based, pattern-based password authentication). However, most users tend to set a simple and weak password to facilitate memorization. Such knowledge-based authentication is vulnerable to listening attacks and dictionary attacks, so that an attacker can gain access to personally sensitive information stored in the device. The biological characteristic technology utilizes the uniqueness, the universality, the stability and the availability of the technology to promote the continuous development of biological characteristic authentication, so that the biological characteristic authentication is more convenient and accurate. It also overcomes the vulnerability of password settings in knowledge-based authentication.
Through the above analysis, the problems and defects existing in the prior art are as follows: most of the existing biological authentication methods are based on single biological characteristics, have low accuracy and stability, and cannot be applied to different application backgrounds; in addition, existing biometric authentication methods are not highly secure, and once a biometric is stolen, damaged or counterfeited, biometric-based authentication may be compromised by manual synthesis, replay, and spoofing attacks.
The difficulty of solving the problems and the defects is as follows: (1) The computing power and storage capacity of smart mobile devices are limited, so a lightweight biometric authentication method needs to be designed. (2) Most of the existing biological authentication methods are based on single biological characteristics, have low accuracy and stability and cannot be applied to different application backgrounds, so that the designed methods need to integrate the biological characteristics to realize comprehensive application of various biological characteristic information. (3) Due to the uniqueness of the biometric, biometric-based identity authentication may be compromised by artificial synthesis, replay, and spoofing attacks once the biometric is stolen, damaged, or counterfeited. Therefore, a designed method needs to be able to reconstruct the user biometric template after the biometric is stolen or damaged.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention aims to provide a lightweight biological authentication method and a system based on joint biological recognition, which are suitable for the application environment of intelligent mobile equipment at present, can overcome the low security of using only password authentication by combining knowledge-based authentication and authentication based on multiple biological characteristics, can prevent the irrecoverability of a biological template after being stolen or damaged by applying a cancelable template module, and have the advantages of high security and low cost.
In order to achieve the above purpose, the invention adopts the following technical scheme:
a lightweight biological authentication method based on joint biological recognition comprises the following steps:
S101: the trusted center TA generates a series of keys and generates a public key for authenticating the user U i Private keySymmetric encryption keyAuthentication keyGenerating index building keys for registered users R i
S102: the extractor constructs d-vitamin feature registration vector v R and biometric template T i by obfuscating biometric template v B and encrypts biometric template T i using the public key of homomorphic encryption algorithm Paillier;
S103: extractor extension registration vector To the point ofUsing registration keysEncryptionWill beThe data is sent to a computing server CS, and the computing server CS encrypts an index I and sends the index I to a database DB;
S104: the extractor expands the feature vectors v A to v 'A, encrypts the expanded feature vector v' A and the biometric template T A, and then extracts the feature vectors And E K(TA) to the computation server CS;
S105: the database DB transforms the received encryption index I and authentication query Q A, calculates the similarity between each registration template and authentication query Q A, and sends the candidate template set to the calculation server CS so that the calculation server CS calculates the euclidean distance
S106: three update operations are supported: addition, deletion and modification, i.e. new user registration, existing user revocation and updating of existing user keys and feature templates based on the cancelable template module.
The lightweight biological authentication method based on the joint biological recognition comprises a key generation stage, an encryption characteristic stage, an index generation stage, a token generation stage, an authentication stage and a characteristic updating stage;
The key generation stage comprises:
(1) The trusted center TA generates two large prime numbers p and q for the authentication user U i and generates a public key based on the homomorphic encryption algorithm Paillier Where n=pq, g is a random number less than n 2; private keyWhere α=lcm (p-1, q-1),In addition, the trusted center TA generates a symmetric encryption key for the authenticated user U i based on the symmetric encryption algorithm AES
(2) Firstly, a trusted center TA generates a random invertible matrix and inverse matrixes M and M -1∈Z2d ×2d thereof for an authentication user U i, wherein d is the dimension of a feature vector; then, for each authenticated user U i, the trust center TA generates two random matricesAs authentication key, whereinFinally, for each registered user R i, the trust center TA generates two random matricesConstructing a key as an index, wherein
The encryption characteristic stage comprises the following steps:
(1) N M-dimensional vectors are obtained through face and fingerprint feature extraction And an n-dimensional vector v f; definition operationsThe calculation formula is as follows:
The confounding biometric templates obtained were as follows:
(2) The extractor first randomly selects M 1(m1 e M numbers in each vector of v B, obtains the data of the relevant index in each vector to construct a feature candidate vector v "i (i=1, …, N), the randomly generated index being defined as the user's registration key The extractor constructs a d-vitamin feature registration vector based on the "string join" operation connection feature candidate vector, the calculation formula is as follows:
vR=v″1||v″2||…||v″N
(3) The extractor randomly selects M 2(m2 ε M) numbers in each vector of v B, and the randomly generated subscript is defined as the user's template key The data of the relevant subscript in each vector is acquired to construct a biometric template T i, and the calculation formula is as follows:
(4) The extractor encrypts the biometric template T i using the public key of the homomorphic encryption algorithm Paillier, the encryption formula is as follows:
the generation of the index stage includes:
(1) First, the extractor expands each registration vector To the point ofThe expansion formula is as follows:
Wherein the method comprises the steps of Is an extractor for each registration vectorRandomly selected numbers;
(2) The extractor then uses the registration key EncryptionThe encryption formula is as follows:
Wherein, P 1>>p2 and γ >2|max (ε i) |,Defining an integer confusion vector randomly selected from probability distributions; is made up of registration vectors A composed ciphertext; extractor with tuplesForm (1) willAndTransmitting from the registered user R i to the computation server CS; when the computing server CS receives the encrypted element progenitors of all registered users, an encryption index is createdWherein U max represents the total number of users in the database DB; the encryption index I will be transmitted by the computing server CS to the database DB for storage.
The token generation stage comprises:
(1) First, the extractor extracts the feature vector v A and the registration key from the biometric feature of the authenticated user U j And template keyIs a biological feature template T A;
(2) The extractor then expands the feature vectors v A to v' A by the following formula:
Wherein the method comprises the steps of Is a number randomly selected by the extractor for authentication query of authentication user U j, note that η j is a positive number;
(3) The extractor then uses the authentication key of authentication user U j The expansion vector v' A is encrypted, and the encryption formula is as follows:
Wherein the method comprises the steps of Is an integer confusion vector randomly selected by the extractor; the extractor sends the encrypted authentication inquiry Q A to the calculation server CS, and then sends the authentication inquiry Q A to the database DB for authentication;
(4) The extractor uses the public key of the homomorphic encryption algorithm Paillier of the authenticated user U j Encrypting the biometric template T A to obtain ciphertextIn addition, the extractor uses a symmetric key that authenticates user U j Encrypting the biometric template T A to obtain ciphertext E K(TA); the extractor willAnd E K(TA) to the calculation server CS for the Euclidean distance calculation of the subsequent ciphertext.
The authentication phase comprises:
The authentication process includes three steps: firstly, the database DB transforms the received encryption index I and the authentication query Q A; then, the database DB stores the encryption index according to the database DB Juice calculates the similarity between each registration template and the authentication query Q A; finally, the database DB sends the set of candidate templates to the computation server CS for the computation server CS to use the set of candidates and the ciphertextThe related characteristic templates calculate Euclidean distance between the two; the specific process is as follows:
(1) Database DB indexes received from extractors Each of (a)Performing transformation; the database DB then transforms the authentication query Q A received from the extractor, with the following transformation formula:
(2) Database DB calculates transformed queries And each encryption item in index IThe correlation score of (2) is calculated as follows:
Wherein the method comprises the steps of Is the random number portion of the similarity score, eliminatingAndThese two parts to obtain the calculation result of the above formula;
according to the calculation result, the database DB obtains k nearest index entries, sends the corresponding biological characteristic template set to the calculation server CS, and the calculation server CS calculates the ciphertext template And euclidean distances between the k candidate templates;
(3) The computing server CS uses the symmetric key of the authenticated user U i Decrypting ciphertext E K(TA) to obtain a biometric templateThen, calculateAnd candidate templatesThe Euclidean distance between the two is calculated as follows:
If the euclidean distance in the above formula is calculated according to its addition homomorphism under the homomorphic encryption algorithm Paillier, the calculation result is as follows:
For the following AndThe two parts are converted into the following formulas by using the addition homomorphism, and the conversion formulas are as follows:
For the following This part is converted into the following equation by the addition homomorphism, and the conversion equation is as follows:
the computing server CS will And converting, wherein the conversion formula is as follows:
At the computing server CS there is a plaintext and ciphertext template T A, And on the premise of the encrypted candidate template set, the computing server CS checks the ciphertext templateAnd Euclidean distance for each candidate template, the minimum Euclidean distance in the resultWhether the set threshold T is satisfied; if the authentication is smaller than the set threshold value T, the computing server CS considers the authentication to pass; otherwise, the computing server CS considers the authentication failed.
The feature updating stage comprises the following steps:
The system supports three update operations: adding, deleting and modifying, namely new user registration, existing user revocation and updating of the existing user key and the feature template based on the cancelable template module, and the specific processes are as follows:
(1) The new user U ADD uploads the own biological characteristic data through the extractor, and the extractor processes the biological characteristic data to respectively generate encrypted registration vectors And encrypted feature templatesThe extractor willTo the computation server CS, which sends it to the database DB, which willAdding to the stored index to complete registration of the new user;
(2) The existing user revocation procedure requires three operations; firstly, an extractor collects and extracts the biological characteristics of a user U DEL to be revoked; in addition, the extractor uses the registration key Generating matching index entriesThe extractor then indexes the entriesThe data are sent to a computing server CS, and the computing server CS sends the data to a database DB; finally, the database DB deletes the index entry on its stored indexAnd matching encryption templates
(3) When the biometric template of user U i is damaged or stolen, user U i re-enters biometric features based on the cancelable template module; first, an extractor extracts a user's biometric features and obtains a registration index itemEncryption templateIn addition, the extractor generates new registration and template keysAndThe extractor will thenAndThe data are sent to a computing server CS, and the computing server CS sends the data to a database DB; finally, the database DB uses the index entriesDematching an index entry associated with user U i in an encrypted index IDeleting index itemsAnd related encryption templatesAnd will beAndInserted into the encryption index I of the key,
Wherein, TA: a trusted center; CS: a computing server; DB: a database; u i、Uj: authenticating the user; authenticating the public key of user U i; Authenticating the private key of user U i; a symmetric encryption key authenticating user U i; An authentication key; r i: registering a user; Constructing a key by the index; v B: a biometric template; v R: biometric registration vectors; t i: a candidate template; paillier: a homomorphic encryption algorithm; registering the vector; The expanded registration vector; i: encrypting the index; v A: a feature vector; v' A: the expanded feature vector; t A: a biological feature template; q A: authentication inquiry; Euclidean distance; AES: a symmetric encryption algorithm; m: a random invertible matrix; m -1: an inverse matrix of M; m 1、m2: a random number; v "i: a feature candidate vector; a registration key of the registered user R i; A template key; An encrypted form of the biometric template T i; Registration vector Is an encrypted form of (a); u max: the total number of users in the database DB; Homomorphic encryption form of the biometric template T A; e K(TA): a symmetric encrypted form of the biometric template T A; A symmetric key authenticating user U j; A transformed query; u ADD: a new user; registration vectors encrypted by new user U ADD; The new user U ADD encrypts the characteristic template; u DEL: users to be revoked; the registration key of the user U DEL to be revoked; Index entries matching the user to be revoked U DEL; An encrypted template matched with the user to be revoked U DEL; User U i new registration index entry; A new encryption template of the user U i; User U i new registration key; a new template key for user U i; A newly defined vector operation; i: a character string connection operation; sigma: performing accumulation operation; n: and (5) carrying out a continuous multiplication operation.
A lightweight biometric authentication method based on joint biometric identification is stored by a receiving user input program storage medium, and executed by an electronic device by a computer program.
The lightweight biological authentication method based on the combined biological recognition is realized by a lightweight biological authentication system, and the lightweight biological authentication system comprises:
The extractor is used for extracting biological characteristics, generating a cancelable template module and encrypting the template;
a trusted center for generating a key;
a calculation server for encrypting Euclidean distance calculation of the biometric feature;
And the database is used for storing the index.
The lightweight biological authentication system is mounted on a terminal, and the terminal is an Internet of things terminal.
The beneficial effects of the invention are as follows: the invention uses the new random bit generation RBG and encryption process to construct the biological characteristic template and the related index, which can protect the privacy of the outsourced stored biological characteristic template and the confidentiality of the identity authentication process; after the extractor extracts the authentication template, the RBG and the matrix key are generated by using random bits to confuse and encrypt the template to obtain a token, so that the security of the whole authentication process and the irrecoverability of inquiry can be ensured; the authentication matching process, screening a matching set close to the token, then comparing the similarity between the authentication template and the template in the matching set one by one, and executing similarity calculation based on the newly proposed encryption vector distance calculation method, so that the authentication process has strong robustness, and the authentication accuracy can be ensured; the method of the present invention achieves higher safety and accuracy at a lower cost.
The invention adopts the encryption process based on low cost and random bit generation to construct the biological characteristic template and related index, and the user takes the secret key generated and obtained from the random bit as the identity authentication password, which is the basis for realizing the joint knowledge and biological characteristic identity authentication subsequently; after the extractor extracts the authentication template, the template is mixed and encrypted by utilizing random bit generation and matrix keys to obtain a token, a search method based on the token and encryption indexes is designed by using a searchable encryption technology, and k template indexes closest to the authentication template are searched, so that the safety of the whole authentication process and the irrecoverability of inquiry can be ensured; the invention provides a biological characteristic template construction method combining a human face and a fingerprint, which uses local binary characteristic LBP and fingerprint characteristics based on details, a matching set close to a token is screened out in an authentication process, then similarity between the authentication template and the matching set template is compared one by one, and similarity calculation is executed based on a newly proposed encryption vector distance calculation method, so that the authentication process has strong robustness, and the authentication accuracy can be ensured. The invention satisfies confidentiality, updatability, revocability, irreversibility and non-connectability of the template in the biological feature recognition, and realizes balance between low cost of biological features and high safety requirement of recognition.
The invention performs comparative analysis with classical biometric authentication methods. The security comparison results are shown in table 1, wherein "v" indicates that the security requirement is satisfied, "×" indicates that the security requirement is not satisfied, and "×" indicates that the security requirement is partially satisfied.
Table 1 safety comparison
In table 1, the method of the present invention has updatability and revocability that other classical biometric authentication methods do not have; the method of Zhu et al is verifiable and collusion resistant, but this inevitably results in high overhead due to the introduction of bilinear pairing in the method, making the method unsuitable for mobile devices. The method of the invention realizes the balance between the low cost and high security requirements of the biological authentication.
Drawings
FIG. 1 is a flow chart of a lightweight biometric authentication method according to an embodiment of the present invention.
Fig. 2 is a system frame diagram of a lightweight biometric authentication system according to an embodiment of the present invention.
FIG. 3 is a flow chart of an implementation of a lightweight biometric authentication method according to an embodiment of the present invention.
Fig. 4, 5 and 6 are graphs comparing authentication accuracy and authentication time in different databases (ORL, yale and FERET databases) of the lightweight biometric authentication method according to the embodiment of the present invention with other classical biometric authentication methods.
Fig. 7, fig. 8, and fig. 9 are simulation diagrams of the authentication accuracy of the dimension of the LBP feature descriptor for different data volumes under different databases (ORL, yale, and FERET databases) in the lightweight biometric authentication method according to the embodiment of the present invention.
Fig. 10 is a diagram showing the comparison of the time overhead of key generation and token generation under different feature vector sizes for the lightweight biometric authentication method according to the embodiment of the present invention and other classical biometric authentication methods.
FIG. 11 is a graph comparing the time overhead of index construction in FERET database for lightweight biometric authentication method and other classical biometric authentication methods according to embodiments of the present invention.
FIG. 12 is a graph comparing the time overhead of a lightweight biometric authentication method according to an embodiment of the present invention with other classical biometric authentication methods in a FERET database.
Fig. 13, 14 and 15 are diagrams showing the comparison of the time overhead of encryption vector calculation under different vector sizes and data volumes by using the lightweight biometric authentication method according to the embodiment of the present invention and other classical biometric authentication methods.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
As shown in fig. 1, a lightweight biometric authentication method based on joint biometric identification includes the steps of:
S101: the trusted center TA generates a series of keys and generates a public key for authenticating the user U i Private keySymmetric encryption keyAuthentication keyGenerating index building keys for registered users R i
S102: the extractor constructs d-vitamin feature registration vector v R and biometric template T i by obfuscating biometric template v B and encrypts biometric template T i using the public key of homomorphic encryption algorithm Paillier;
S103: extractor extension registration vector To the point ofUsing registration keysEncryptionWill beThe data is sent to a computing server CS, and the computing server CS encrypts an index I and sends the index I to a database DB;
S104: the extractor expands the feature vectors v A to v 'A, encrypts the expanded feature vector v' A and the biometric template T A, and then extracts the feature vectors And E K(TA) to the computation server CS;
S105: the database DB transforms the received encryption index I and authentication query Q A, calculates the similarity between each registration template and authentication query Q A, and sends the candidate template set to the calculation server CS so that the calculation server CS calculates the euclidean distance
S106: three update operations are supported: addition, deletion and modification, i.e. new user registration, existing user revocation and updating of existing user keys and feature templates based on the cancelable template module.
As shown in fig. 2, the lightweight biometric authentication method based on joint biometric identification is implemented by a lightweight biometric authentication system, and the lightweight biometric authentication system includes:
An extractor: as a fully trusted entity in the system, the extractor has sufficient computational power but no large memory space, it is mainly responsible for extracting the biometric features, generating a multi-mode cancelable template with the trust center, and encrypting the template according to the keys distributed by the trust center;
A trusted center: is responsible for assisting the extractor in generating a multimode cancelable template and generating different template encryption keys for different users;
The computing server: the system is provided with a plurality of trusted computing servers, each computing server uses strong computing power to provide services for all users in a system subarea, and the computing server is responsible for the Euclidean distance computation of the encrypted biological characteristics and returns a final authentication result according to the computation result between the candidate template set and the authentication template;
Database: as an entity with the strongest computing power and storage space in the system, the distributed database may store biometric templates of multiple users and associate user identities with the feature templates by establishing encrypted query indexes; the database is a semi-trusted entity that will execute instructions in its entirety and perform statistical analysis of the stored information.
As shown in fig. 3, the lightweight biometric authentication method based on the joint biometric identification includes a key generation stage, an encryption feature stage, an index generation stage, a token generation stage, an authentication stage and a feature update stage;
The key generation stage comprises:
(1) The trusted center TA generates two large prime numbers p and q for the user U i and generates a public key based on the homomorphic encryption algorithm Paillier Where n=pq, g is a random number less than n 2; private keyWhere α=lcm (p-1, q-1),In addition, the trusted center TA generates a symmetric encryption key for the authenticated user U i based on the symmetric encryption algorithm AES
(2) Firstly, a trusted center TA generates a random invertible matrix and inverse matrixes M and M -1∈Z2d ×2d thereof for an authentication user U i, wherein d is the dimension of a feature vector; then, for each authenticated user U i, the trust center TA generates two random matricesAs authentication key, whereinFinally, for each registered user R i, the trust center TA generates two random matricesConstructing a key as an index, wherein
The encryption characteristic stage comprises the following steps:
(1) N M-dimensional vectors can be obtained through face and fingerprint feature extraction And an n-dimensional vector v f; definition operationsThe calculation formula is as follows:
The confounding biometric templates obtained were as follows:
(2) The extractor first randomly selects M 1(m1 e M numbers in each vector of v B, obtains the data of the relevant index in each vector to construct a feature candidate vector v "i (i=1, …, N), the randomly generated index being defined as the user's registration key The extractor constructs a d-vitamin feature registration vector based on the "string join" operation connection feature candidate vector, the calculation formula is as follows:
vR=v″1||v″2||…||v″N
(3) The extractor randomly selects M 2(m2 ε M) numbers in each vector of v B, and the randomly generated subscript is defined as the user's template key The data of the relevant subscript in each vector is acquired to construct a biometric template T i, and the calculation formula is as follows:
(4) The extractor encrypts the biometric template T i using the public key of the homomorphic encryption algorithm Paillier, the encryption formula is as follows:
the generation of the index stage includes:
(1) First, the extractor expands each registration vector To the point ofThe expansion formula is as follows:
Wherein the method comprises the steps of Is an extractor for each registration vectorRandomly selected numbers;
(2) The extractor then uses the registration key EncryptionThe encryption formula is as follows:
Wherein, P 1>>p2 and γ >2|max (ε i) |,Defining an integer confusion vector randomly selected from probability distributions; in the subsequent authentication phase, the above parameters will be used for vector similarity calculation; is made up of registration vectors A composed ciphertext; extractor with tuplesForm (1) willAndTransmitting from the registered user R i to the computation server CS; when the computing server CS receives the encrypted element progenitors of all registered users, an encryption index is createdWherein U max represents the total number of users in the database DB; the encryption index I will be transmitted by the computing server CS to the database DB for storage.
The token generation stage comprises:
(1) First, the extractor extracts the feature vector v A and the registration key from the biometric feature of the authenticated user U j And template keyIs a biological feature template T A;
(2) The extractor then expands the feature vectors v A to v' A by the following formula:
Wherein the method comprises the steps of Is a number randomly selected by the extractor for authentication query of authentication user U j, note that η j is a positive number;
(3) The extractor then uses the authentication key of authentication user U j The expansion vector v' A is encrypted, and the encryption formula is as follows:
Wherein the method comprises the steps of Is an integer confusion vector randomly selected by the extractor; the extractor sends the encrypted authentication inquiry Q A to the calculation server CS, and then sends the authentication inquiry Q A to the database DB for authentication;
(4) The extractor uses the public key of the homomorphic encryption algorithm Paillier of the authenticated user U j Encrypting the biometric template T A to obtain ciphertextIn addition, the extractor uses a symmetric key that authenticates user U j Encrypting the biometric template T A to obtain ciphertext E K(TA); the extractor willAnd E K(TA) to the calculation server CS for the Euclidean distance calculation of the subsequent ciphertext.
The authentication phase comprises:
the authentication process includes three steps: firstly, the database DB transforms the received index I and the authentication query Q A; then, the database DB stores the encryption index according to the database DB Calculating the similarity between each registration template and the authentication query Q A; finally, the database DB sends the set of candidate templates to the computation server CS for the computation server CS to use the set of candidates and the ciphertextThe related characteristic templates calculate Euclidean distance between the two; the specific process is as follows:
(1) Database DB indexes received from extractors Each of (a)Performing transformation; the database DB then transforms the authentication query Q A received from the extractor, with the following transformation formula:
(2) Database DB calculates transformed queries And each encryption item in the encryption index IThe correlation score of (2) is calculated as follows:
Wherein the method comprises the steps of Is the random number portion of the similarity score, note that due to p 1>>p2 andSo thatAndThe values of the two parts approach 0 infinitely; since the calculation result is in the domainUpper rounding off, thereby eliminatingAndThese two parts to obtain the calculation result of the above formula;
according to the calculation result, the database DB obtains k nearest index entries, sends the corresponding biological characteristic template set to the calculation server CS, and the calculation server CS calculates the ciphertext template And euclidean distances between the k candidate templates;
(3) The computing server CS uses the symmetric key of the authenticated user U i Decrypting ciphertext E K(TA) to obtain a biometric templateThen, calculateAnd candidate templatesThe Euclidean distance between the two is calculated as follows:
If the euclidean distance in the above formula is calculated according to its addition homomorphism under the homomorphic encryption algorithm Paillier, the calculation result is as follows:
For the following AndThe two parts can be converted into the following formulas by using the addition homomorphism, and the conversion formulas are as follows:
For the following This part can be converted to the following equation using the addition homomorphism, the conversion equation is as follows:
Due to the above conversion formula, the computing server CS will And converting, wherein the conversion formula is as follows:
At the computing server CS there is a plaintext and ciphertext template T A, And the encrypted candidate template set, the computing server CS may examine the ciphertext templatesAnd Euclidean distance for each candidate template, the minimum Euclidean distance in the resultWhether the set threshold T is satisfied; if the authentication is smaller than the set threshold value T, the computing server CS considers the authentication to pass; otherwise, the computing server CS considers the authentication failed.
The feature updating stage comprises the following steps:
The system supports three update operations: addition, deletion and modification, i.e. new user registration, existing user revocation and updating of existing user keys and feature templates based on the cancelable template module. The specific process is as follows:
(1) The new user U ADD uploads the own biological characteristic data through the extractor, and the extractor processes the biological characteristic data to respectively generate encrypted registration vectors And encrypted feature templatesThe extractor willTo the computation server CS, which sends it to the database DB, which willAdding the new user registration information to the stored encryption index to complete registration of the new user;
(2) The existing user revocation procedure requires three operations; firstly, an extractor collects and extracts the biological characteristics of a user U DEL to be revoked; in addition, the extractor uses the registration key Generating matching index entriesThe extractor then indexes the entriesThe data are sent to a computing server CS, and the computing server CS sends the data to a database DB; finally, the database DB deletes the index entry on its stored indexAnd matching encryption templates
(3) When the biometric template of user U i is damaged or stolen, user U i may reenter the biometric feature based on the cancelable template module; first, an extractor extracts a user's biometric features and obtains a registration index itemEncryption templateIn addition, the extractor generates new registration and template keysAndThe extractor will thenAndThe data are sent to a computing server CS, and the computing server CS sends the data to a database DB; finally, the database DB uses the index entriesIndex items related to user U i in dematching index IDeleting index itemsAnd related encryption templatesAnd will beAndInserted into the encryption index I.
Wherein, TA: a trusted center; CS: a computing server; DB: a database; u i、Uj: authenticating the user; authenticating the public key of user U i; Authenticating the private key of user U i; a symmetric encryption key authenticating user U i; An authentication key; r i: registering a user; Constructing a key by the index; v B: a biometric template; v R: biometric registration vectors; t i: a candidate template; paillier: a homomorphic encryption algorithm; registering the vector; The expanded registration vector; i: encrypting the index; v A: a feature vector; v' A: the expanded feature vector; t A: a biological feature template; q A: authentication inquiry; Euclidean distance; AES: a symmetric encryption algorithm; m: a random invertible matrix; m -1: an inverse matrix of M; m 1、m2: a random number; v "i: a feature candidate vector; a registration key of the registered user R i; A template key; An encrypted form of the biometric template T i; Registration vector Is an encrypted form of (a); u max: the total number of users in the database DB; Homomorphic encryption form of the biometric template T A; e K(TA): a symmetric encrypted form of the biometric template T A; A symmetric key authenticating user U j; A transformed query; u ADD: a new user; registration vectors encrypted by new user U ADD; The new user U ADD encrypts the characteristic template; u DEL: users to be revoked; the registration key of the user U DEL to be revoked; Index entries matching the user to be revoked U DEL; An encrypted template matched with the user to be revoked U DEL; User U i new registration index entry; A new encryption template of the user U i; User U i new registration key; a new template key for user U i; A newly defined vector operation; i: a character string connection operation; sigma: performing accumulation operation; n: and (5) carrying out a continuous multiplication operation.
In order to verify the usability of the present invention, the following will show and describe the test results of the lightweight biometric authentication method SELBA under simulation based on the joint biometric identification, the simulation environment: on a PC with CPU 2.10 GHz, windows environment.
Fig. 4,5 and 6 are comparisons of authentication accuracy and authentication time in different databases (ORL, yale and FERET databases) for a lightweight biometric authentication method SELBA based on federated biometrics with other classical biometric authentication methods. The results show that the accuracy of the method of the invention in different databases is lower than CNN-based methods and higher than Gabor-based and PCA-based methods. When the data volume in different databases reaches a certain degree, the authentication accuracy of the method can be stabilized to be more than 95%. Under different approaches, the time consumption will increase linearly with increasing data volume. The time consumption of the method of the present invention is slightly higher than that of Gabor-based and PCA-based methods, but the time consumption of CNN-based methods is about four times that of other methods. High accuracy methods entail high overhead, and although CNN-based accuracy is highest, applications on mobile devices need to consider the accuracy and efficiency of identity authentication. Compared with other methods, the method of the invention realizes the balance between the requirements of low cost and high security of authentication.
Fig. 7, 8 and 9 are simulations of the effect of the dimension of LBP feature descriptors in a lightweight biometric authentication method SELBA based on federated biometrics on authentication accuracy for different amounts of data under different databases (ORL, yale and FERET databases). The results show that the larger the data amount, the higher the identification accuracy in the different databases. Furthermore, the larger the dimension of the descriptor, the higher the recognition accuracy. As can be seen from fig. 7, 8 and 9, the recognition rate of the 3×3-dimensional descriptors is 10% higher than that of the 8×6-dimensional descriptors. According to simulation results, it can be observed that compared with other three methods, the method of the invention maintains higher identity authentication accuracy on the basis of protecting the privacy of biological data, and does not cause larger additional calculation cost.
Fig. 10 is a time comparison of key generation and token generation at different feature vector sizes for a lightweight biometric authentication method SELBA based on federated biometric recognition with other classical biometric authentication methods. The results show that the time cost of generating keys by the methods of the present invention and Zhu et al increases linearly with increasing vector size. When the vector size is 16 bits, the average time to create the key is about 110 milliseconds and 290 milliseconds, respectively. When the size is increased to 256 bits, their average time overhead will increase to 1100ms and 1253ms, respectively. However, for the method of Zhou et al, when the vector size increases from 16 to 256 bits, the average time cost increases from 100ms to 2300ms and exhibits an exponentially increasing trend. While the method of Zhu et al uses a matrix as the key, the matrix size will vary synchronously with the vector size, the method of the present invention and Zhu et al are based on homomorphic encryption, and therefore the key size may not be affected by the vector size. In addition, the time cost of generating tokens in the three methods also increases with the vector dimension, but the increase is much smaller than key generation. When 16 bits in size, the methods of the present invention, zhu et al, and Zhou et al generate tokens with average times of about 30ms, 220ms, and 60ms, respectively. When the size is increased to 256 bits, the average time reaches around 150ms, 1200ms and 860ms, respectively. Due to bilinear pairing introduced by the method of Zhu et al, the overhead is significantly higher than the other two methods in the token generation process. Simulation results show that the time cost for generating the secret key and the token is low, and the method has advantages in practice compared with other biological authentication methods.
Fig. 11 is a time comparison of index construction in FERET database for a lightweight biometric authentication method SELBA based on federated biometric recognition with other classical biometric authentication methods. The index structure of the three methods is reverse index, and the time cost of index construction linearly increases with the increase of the training data amount. When the training data amount is 200, the average time overhead of the method of the present invention, the method of Zhu et al, and the method of Zhou et al is kept around 0.16s, 0.45s, and 0.38s, respectively. When the data amount increases to 1000, the cost increases to around 10 seconds, 12 seconds, and 9 seconds. Simulation results show that in practical application, the time cost of index construction of the method is within an acceptable range.
Fig. 12 is a time comparison of a lightweight biometric authentication method SELBA based on federated biometric recognition with other classical biometric authentication methods queried in the FERET database. The query time of the method of the invention, the method of Zhu et al and the method of Zhou et al has an exponentially increasing trend with increasing vector size. When the vector size is 16 bits, the change in training data has little effect on the query time cost, whereas when the vector size is 64 or 256 bits, the change in training data will greatly affect the query overhead. However, smaller feature vector sizes do not describe features well. In a practical application scenario, setting the feature vector to 64 bits is a good choice to consider for accuracy and efficiency. Simulation results show that compared with other methods, the method provided by the invention realizes balance between low-cost authentication and high-safety requirements.
Fig. 13, 14 and 15 are comparisons of the time overhead of encryption vector calculations for the lightweight biometric authentication method SELBA based on federated biometric recognition with other classical biometric authentication methods at different vector sizes and data volumes. Fig. 13 and 14 show that the time overhead varies with the increase in the amount of data when the vector size is 16 bits and 64 bits, respectively. The cost of the process of Zhu et al is much higher than the cost of the process of the present invention and the process of Zhou et al. This is mainly due to the fact that the computation process of Zhu et al involves many linear pairing operations and requires verification of the validity of the token prior to computation. FIG. 15 shows that the time cost of the method of the present invention and the method of Zhou et al gradually approaches that of Zhu et al at different data volumes as the vector size increases to 256 bits. Simulation results show that compared with other methods, the method provided by the invention realizes balance between low-cost authentication and high-safety requirements.
It should be noted that the method of the present invention may be implemented by hardware, software, or a combination of software and hardware, and the hardware part may be implemented by using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or special purpose design hardware. Those of ordinary skill in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such as provided on a carrier medium such as a magnetic disk, CD or DVD-ROM, a programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The device of the present invention and its modules may be implemented by hardware circuitry, such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, etc., or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., as well as software executed by various types of processors, or by a combination of the above hardware circuitry and software, such as firmware.
The above embodiments are merely illustrative examples of the present invention, and the present invention is not limited thereto, but any modifications, equivalents, improvements and modifications within the scope of the present invention as those skilled in the art will readily fall within the spirit and principles of the present invention.
Claims (4)
1. The lightweight biological authentication method based on the joint biological recognition is characterized by comprising the following steps of:
S101: the trusted center TA generates a series of keys and generates a public key for authenticating the user U i Private keySymmetric encryption keyAnd authentication key pairCreating index building key pairs for registered users R i
S102: the extractor constructs d-vitamin feature registration vector v R and biometric template T i by obfuscating biometric template v B and encrypts biometric template T i using the public key of homomorphic encryption algorithm Paillier;
S103: extractor extension registration vector To the point ofBuilding keys using indexesEncryptionWill beThe data is sent to a computing server CS, and the computing server CS encrypts an index I and sends the index I to a database DB;
s104: the extractor expands the feature vectors v A to v 'A, encrypts the expanded feature vector v' A and the biometric template T A, and then extracts the feature vectors And E K(TA) to the computation server CS;
S105: the database DB transforms the received encryption index I and authentication query Q A, calculates the similarity between each registration template and authentication query Q A, and sends the candidate template set to the calculation server CS so that the calculation server CS calculates the euclidean distance
S106: three update operations are supported: adding, deleting and modifying, i.e. new user registration, existing user revocation and updating of existing user keys and feature templates based on the cancelable template module;
The method comprises a key generation stage, an encryption characteristic stage, an index generation stage, a token generation stage, an authentication stage and a characteristic updating stage;
The key generation stage comprises:
(1) The trusted center TA generates two large prime numbers p and q for the authentication user U i and generates a public key based on the homomorphic encryption algorithm Paillier Where n=pq, g is a random number less than n 2; private key Where α=lcm (p-1, q-1),In addition, the trusted center TA generates a symmetric encryption key for the authenticated user U i based on the symmetric encryption algorithm AES
(2) Firstly, a trusted center TA generates a random invertible matrix and inverse matrixes M and M -1∈Z2d×2d thereof for an authentication user U i, wherein d is the dimension of a feature vector; then, for each authenticated user U i, the trust center TA generates two random matricesAs authentication key, whereinFinally, for each registered user R i, the trust center TA generates two random matricesConstructing a key as an index, wherein
The encryption characteristic stage comprises the following steps:
(1) N M-dimensional vectors are obtained through face and fingerprint feature extraction And an N-dimensional vector v f, i=1, …, N; definition operationsThe calculation formula is as follows:
The confounding biometric templates obtained were as follows:
(2) The extractor first randomly selects M 1 numbers in each vector v B, M 1 e M, and obtains the data of the relevant subscript in each vector to construct feature candidate vectors v "i, i=1, …, N, the randomly generated subscript being defined as the user's registration key The extractor constructs a d-vitamin feature registration vector based on the "string join" operation connection feature candidate vector, the calculation formula is as follows:
vR=v″1||v″2||…||v″N
I: a character string connection operation;
(3) The extractor randomly selects M 2 numbers in each vector of v B, M 2 epsilon M, and the randomly generated subscript is defined as the template key of the user The data of the relevant subscript in each vector is acquired to construct a biometric template T i, and the calculation formula is as follows:
(4) The extractor encrypts the biometric template T i using the public key of the homomorphic encryption algorithm Paillier, the encryption formula is as follows:
the generation of the index stage includes:
(1) First, the extractor expands each registration vector To the point ofThe expansion formula is as follows:
wherein p 1, …, Is an extractor for each registration vectorRandomly selected numbers; sigma: performing accumulation operation;
(2) The extractor then uses the registration key EncryptionThe encryption formula is as follows:
Wherein, P 1>>p2 and γ > 2|max (ε i) |,Defining an integer confusion vector randomly selected from probability distributions; is made up of registration vectors A composed ciphertext; extractor with tuplesForm (1) willAndTransmitting from the registered user R i to the computation server CS; when the computing server CS receives the encrypted element progenitors of all registered users, an encryption index is created Wherein U max represents the total number of users in the database DB; the encryption index I is transmitted to a database DB for storage by a computing server CS;
the token generation stage comprises:
(1) First, the extractor extracts the feature vector v A and the registration key from the biometric feature of the authenticated user U j And template keyIs a biological feature template T A;
(2) The extractor then expands the feature vectors v A to v' A by the following formula:
wherein the composition of eta j,μ1,μ2, …, Is a number randomly selected by the extractor for authentication query of authentication user U j, note that η j is a positive number;
(3) The extractor then uses the authentication key of authentication user U j The expansion vector v' A is encrypted, and the encryption formula is as follows:
Wherein the method comprises the steps of Is an integer confusion vector randomly selected by the extractor; the extractor sends the encrypted authentication inquiry Q A to the calculation server CS, and then sends the authentication inquiry Q A to the database DB for authentication;
(4) The extractor uses the public key of the homomorphic encryption algorithm Paillier of the authenticated user U j Encrypting the biometric template T A to obtain ciphertextIn addition, the extractor uses a symmetric key that authenticates user U j Encrypting the biometric template T A to obtain ciphertext E K(TA); the extractor willAnd E K(TA) to the calculation server CS for Euclidean distance calculation of the subsequent ciphertext;
The authentication process includes three steps: firstly, the database DB transforms the received encryption index I and the authentication query Q A; then, the database DB stores the encryption index according to the database DB Calculating the similarity between each registration template and the authentication query Q A; finally, the database DB sends the set of candidate templates to the computation server CS for the computation server CS to use the set of candidates and the ciphertextThe related characteristic templates calculate Euclidean distance between the two; the specific process is as follows:
(1) Database DB indexes received from extractors Each of (a)Performing transformation; the database DB then transforms the authentication query Q A received from the extractor, with the following transformation formula:
(2) Database DB calculates transformed queries And each encryption item in the encryption index IThe correlation score of (2) is calculated as follows:
Wherein the method comprises the steps of Is the random number portion of the similarity score, eliminatingAndThese two parts to obtain the calculation result of the above formula;
according to the calculation result, the database DB obtains k nearest index entries, sends the corresponding biological characteristic template set to the calculation server CS, and the calculation server CS calculates the ciphertext template And euclidean distances between the k candidate templates;
(3) The computing server CS uses the symmetric key of the authenticated user U i Decrypting ciphertext E K(TA) to obtain a biometric templateThen, calculateAnd candidate templates The Euclidean distance between the two is calculated as follows:
If the euclidean distance in the above formula is calculated according to its addition homomorphism under the homomorphic encryption algorithm Paillier, the calculation result is as follows:
For the following AndThe two parts are converted into the following formulas by using the addition homomorphism, and the conversion formulas are as follows:
and (II) a II: performing continuous multiplication operation;
For the following This part is converted into the following equation by the addition homomorphism, and the conversion equation is as follows:
the computing server CS will And converting, wherein the conversion formula is as follows:
having plaintext and ciphertext templates at a computing server CS And on the premise of the encrypted candidate template set, the computing server CS checks the ciphertext templateAnd Euclidean distance for each candidate template, the minimum Euclidean distance in the resultWhether the set threshold T is satisfied; if the authentication is smaller than the set threshold value T, the computing server CS considers the authentication to pass; otherwise, the computing server CS considers authentication failure;
The feature updating stage comprises the following steps:
The system supports three update operations: adding, deleting and modifying, namely new user registration, existing user revocation and updating of the existing user key and the feature template based on the cancelable template module, and the specific processes are as follows:
(1) The new user U ADD uploads the own biological characteristic data through the extractor, and the extractor processes the biological characteristic data to respectively generate encrypted registration vectors And encrypted feature templatesThe extractor willTo the computation server CS, which sends it to the database DB, which willAdding the new user registration information to the stored encryption index to complete registration of the new user;
(2) The existing user revocation procedure requires three operations; firstly, an extractor collects and extracts the biological characteristics of a user U DEL to be revoked; in addition, the extractor uses the registration key Generating matching index entriesThe extractor then indexes the entriesThe data are sent to a computing server CS, and the computing server CS sends the data to a database DB; finally, the database DB deletes the index entry on its stored indexAnd matching encryption templates
(3) When the biometric template of user U i is damaged or stolen, user U i re-enters biometric features based on the cancelable template module; first, an extractor extracts a user's biometric features and obtains a registration index itemEncryption templateIn addition, the extractor generates new registration and template keysAndThe extractor will thenAndThe data are sent to a computing server CS, and the computing server CS sends the data to a database DB; finally, the database DB uses the index entriesDematching an index entry associated with user U i in an encrypted index IDeleting index itemsAnd related encryption templatesAnd will beAndInserted into the encryption index I.
2. A readable storage medium, characterized by: the readable storage medium stores a computer program which, when executed by a processor, implements the method of claim 1.
3. A lightweight biometric authentication system that implements the method of claim 1, the lightweight biometric authentication system comprising:
The extractor is used for extracting biological characteristics, generating a cancelable template module and encrypting the template;
a trusted center for generating a key;
a calculation server for encrypting Euclidean distance calculation of the biometric feature;
And the database is used for storing the index.
4. The system of claim 3, wherein the lightweight biometric authentication system is carried on a terminal, the terminal being an internet of things terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210945193.2A CN115278673B (en) | 2022-08-08 | 2022-08-08 | Lightweight biological authentication method and system based on combined biological recognition |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210945193.2A CN115278673B (en) | 2022-08-08 | 2022-08-08 | Lightweight biological authentication method and system based on combined biological recognition |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115278673A CN115278673A (en) | 2022-11-01 |
| CN115278673B true CN115278673B (en) | 2024-07-23 |
Family
ID=83748315
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210945193.2A Active CN115278673B (en) | 2022-08-08 | 2022-08-08 | Lightweight biological authentication method and system based on combined biological recognition |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115278673B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115913580B (en) * | 2023-02-21 | 2023-07-25 | 杭州天谷信息科技有限公司 | Biological authentication method and system based on homomorphic encryption |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107919965A (en) * | 2018-01-05 | 2018-04-17 | 杭州电子科技大学 | A kind of biological characteristic sensitive information outsourcing identity identifying method based on homomorphic cryptography |
| CN108475309A (en) * | 2015-08-21 | 2018-08-31 | 维尔蒂姆知识产权有限公司 | System and method for biological characteristic consensus standard |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9774596B2 (en) * | 2014-05-23 | 2017-09-26 | Fujitsu Limited | Privacy-preserving biometric authentication |
| US11250116B2 (en) * | 2019-10-25 | 2022-02-15 | Visa International Service Association | Optimized private biometric matching |
| CN112329519B (en) * | 2020-09-21 | 2024-01-02 | 中国人民武装警察部队工程大学 | Safe online fingerprint matching method |
| EP3979552A1 (en) * | 2020-10-01 | 2022-04-06 | Tata Consultancy Services Limited | Method and system for privacy preserving multifactor biometric authentication |
| CN112733111B (en) * | 2020-12-31 | 2023-05-23 | 暨南大学 | Threshold predicate encryption biological feature authentication method based on segment segmentation |
| CN113239336B (en) * | 2021-06-02 | 2022-10-21 | 西安电子科技大学 | Privacy protection biological characteristic authentication method based on decision tree |
-
2022
- 2022-08-08 CN CN202210945193.2A patent/CN115278673B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108475309A (en) * | 2015-08-21 | 2018-08-31 | 维尔蒂姆知识产权有限公司 | System and method for biological characteristic consensus standard |
| CN107919965A (en) * | 2018-01-05 | 2018-04-17 | 杭州电子科技大学 | A kind of biological characteristic sensitive information outsourcing identity identifying method based on homomorphic cryptography |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115278673A (en) | 2022-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kaur et al. | Privacy preserving remote multi-server biometric authentication using cancelable biometrics and secret sharing | |
| Yuan et al. | Efficient privacy-preserving biometric identification in cloud computing | |
| Teoh et al. | Personalised cryptographic key generation based on FaceHashing | |
| Zhu et al. | An efficient and privacy-preserving biometric identification scheme in cloud computing | |
| Lee et al. | Cancelable fingerprint templates using minutiae-based bit-strings | |
| US8966277B2 (en) | Method for authenticating an encryption of biometric data | |
| US8842887B2 (en) | Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device | |
| Leng et al. | A remote cancelable palmprint authentication protocol based on multi‐directional two‐dimensional PalmPhasor‐fusion | |
| Zhao et al. | Negative iris recognition | |
| Zhang et al. | PTBI: An efficient privacy-preserving biometric identification based on perturbed term in the cloud | |
| Osorio-Roig et al. | Stable hash generation for efficient privacy-preserving face identification | |
| JP2000315999A (en) | Cryptographic key generating method | |
| Chiou | Secure Method for Biometric‐Based Recognition with Integrated Cryptographic Functions | |
| Wang et al. | A Hadamard transform-based method for the design of cancellable fingerprint templates | |
| Lei et al. | PRIVFACE: Fast privacy-preserving face authentication with revocable and reusable biometric credentials | |
| Chen et al. | A novel algorithm of fingerprint encryption using minutiae-based transformation | |
| CN115278673B (en) | Lightweight biological authentication method and system based on combined biological recognition | |
| Wang et al. | A novel template protection scheme for multibiometrics based on fuzzy commitment and chaotic system | |
| Ye et al. | Anonymous biometric access control | |
| Li et al. | Efficient and privacy-preserving speaker recognition for cybertwin-driven 6G | |
| Yin et al. | A novel Length-Flexible lightweight cancelable fingerprint template for Privacy-Preserving authentication systems in Resource-Constrained IoT applications | |
| Wang et al. | Joint Biological ID: A Secure and Efficient Lightweight Biometric Authentication Scheme | |
| KR100517290B1 (en) | Data Transmit System And Transmit Methods By Using N-dimensional Information. | |
| Teoh et al. | Cancellable biometrics and user-dependent multi-state discretization in BioHash | |
| Verma et al. | A novel model to enhance the data security in cloud environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |