Current Issue Cover
结合时间戳的指纹密钥数据加解密传输方案

汪佩怡1, 游林2, 简志华1, 胡耿然2(1.杭州电子科技大学通信工程学院, 杭州 310018;2.杭州电子科技大学网络空间安全学院, 杭州 310018)

摘 要
目的 对于生物密钥而言,生物特征数据的安全与生物密钥的管理存储都很关键。为了构造能够应用在通信数据传输场景的生物密钥,同时保证生物特征本身的模糊性与密码学的精确性处于一种相对平衡状态,提出一种基于时间戳与指纹密钥的数据加解密传输方案。方法 利用发送方指纹特征点之间的相对信息,与保密随机矩阵生成发送方指纹密钥;借助通信双方的预先设定数与时间戳,生成接收方恢复指纹密钥时所需的辅助信息;利用发送方指纹密钥加密数据,实现密文数据的传输。结果 本文方法在仿真通信双方数据加解密的实现中,测试再生指纹密钥的识别率(GAR)与误识率(FAR)。通过实验数据分析,表明了本文提出的指纹密钥生成方法的可用性,以及指纹密钥作为数字身份所具备的可认证性,其中真实发送方的再生指纹密钥识别率可高达99.8%,并且本方案还可用于即时通信、对称加密等多种场景当中。结论 本文方法利用时间戳确定了通信事件的唯一性与不可否认性,同时实现了指纹密钥恢复时的"一次一密"。此外,方案通过保密随机矩阵实现了发送方指纹密钥的可撤销,极大程度保障了指纹数据的安全性。
关键词
Data encryption and decryption scheme using fingerprint bio-key combing with time stamp

Wang Peiyi1, You Lin2, Jian Zhihua1, Hu Gengran2(1.School of Communication Engineering, Hangzhou Dianzi University, Hangzhou 310018, China;2.School of Cyberspace Security, Hangzhou Dianzi University, Hangzhou 310018, China)

Abstract
Objective In modern times, individuals and communities have devoted increasing attention to privacy problems. With the development of multidirectional technologies, the digital secret key exposes its insufficient in vulnerable to loss, easy to be stolen and difficult to remember. Although biometrics exhibits great advantages in identity recognition technology due to their uniqueness and stability, they also characterized by inaccuracy due to feature instability. Moreover, the security problem of the biometric template should be urgently addressed. Therefore, the biometric key generation and protection technology, which is a branch of biometric encryption technology, has emerged. This technology combines biometrics and cryptography and retains the properties of the biometrics and the secret key while ensuring the security of the biological data. Although the secret key is the most important factor in any cryptosystem, the security of the biometric data is as critical as the management of the keys for the biometric key. To construct a bio-key that can be used in data transmission and can keep a good balance between the ambiguity of the biometrics and accuracy of the cryptography, this study proposes a data encryption and decryption scheme using fingerprint bio-key combing with time stamp. Method First, all minutiae from the fingerprint of the communication sender are extracted. The fingerprint feature-line set of the communication sender is then generated based on the relative information among the minutiae. A 2D coordinate model is generated and segmented by two segmentation metrics (horizontal and vertical). The size of the segmentation metrics can be adjusted through practical application. The feature lines in the set are individually mapped into the given 2D coordinate model to generate a 2D 0-1 matrix called fingerprint feature-line set matrix. The elements in this matrix are multiplied with a confidential random matrix stored by the sender to obtain a fingerprint bio-key matrix. The fingerprint bio-key is the bit string transformed from the fingerprint bio-key matrix, which is a connection of the individual lines in the matrix. The bit string is also protected by this random matrix in the proposed scheme. Then, a preset number, which is predefined by the two communicators, and time stamp are utilized to generate a 256-bit long SHA256 hash value. The hash value is processed to obtain an auxiliary bit-string, which is as long as the fingerprint bio-key, and do the xor(enclusive OR) operation with the fingerprint bio-key to obtain the auxiliary data, which is transmitted to the receiver and used for the fingerprint bio-key recovery. Finally, the fingerprint bio-key of the communication sender is used to encrypt the plain communication data. The encrypted cipher and auxiliary data, along with the SHA256 hash value of the confidential random matrix, are transmitted to the communication receiver in the final step of the encryption stage. At the decryption stage, the communication receiver should use the same preset number and the time stamp to generate the same auxiliary data to obtain the fingerprint bio-key of the communication sender so that the communication receiver can decrypt the cipher date and obtain the original plain data with the help of the sender's fingerprint bio-key. In addition, the authentication of the communication sender is illustrated. When the receiver requests the identity authentication of the sender, the communication sender should provide the regenerated fingerprint bio-key through the same key generation method and calculate the similarity value between the original and regenerated one. The authentication of the communication sender is successful only if the similarity value is not less than the predefined threshold. Moreover, the receiver should check the SHA256 hash value of the received bio-key, as well as the one provided by the sender, which means that only the two hash values are equal, the identity authentication of the sender is complete. Result We simulated the data encryption and decryption interfaces for the proposed scheme. Then, to prove the identity authentication function of the generated fingerprint bio-key, we tested the genuine acceptance rate (GAR) and the FAR (false acceptance rate) of the regenerated fingerprint bio-key for the genuine and impostors based on our fingerprint database. The test data proved that the fingerprint bio-key, which also served as a digital identity, was available and verifiable. In addition, the GAR of the regenerated fingerprint bio-key of the genuine reached 99.8%, whereas that of the impostor is close to 0.2%. Moreover, the proposed scheme can be applied in many different scenarios, such as instant communication and symmetric encryption algorithms (e.g., aclvanced encryption standard (AES) and SM4). The length of the fingerprint bio-key can be adjusted using different segmentation metrics. Conclusion The proposed scheme utilizes a fingerprint key generation method to generate the unique fingerprint bio-key of the communication sender. In addition, the scheme determines the uniqueness and undeniability of every communication event and implements the vital conception "one secret key, one event" of the fingerprint bio-key recovery using time stamp. The revocability of the fingerprint bio-key was realized with the help of the confidential random matrix, which effectively ensures the security of the fingerprint data. Then, a detailed analysis of the availability and security of the proposed scheme is conducted. The innovations and advantages are also identified. However, these experiments are mainly based on the laboratory fingerprint database, so the influence of different feature extraction methods on our scheme is not investigated. Thus, further research is imminent.
Keywords

订阅号|日报