基于TrustZone的移动云环境指纹认证终端APP的设计和实现

针对指纹等生物特征在云环境下存在泄露的安全隐患,以及已有的生物特征认证方案安全性或便利性不足的问题,设计并实现了基于正交分解和TrustZone的可信指纹认证终端APP。利用TrustZone的硬件隔离机制,在可信执行环境中完成指纹特征提取、指纹模板生成等敏感操作,与普通执行环境中的应用隔离,从而抵挡恶意程序的攻击,保证认证过程的安全性。基于正交分解算法生成的指纹模板在保证可匹配性的同时融合了随机噪声,可以在一定程度上抵挡针对特征模板的攻击,使得指纹模板可以在云环境下存储和传输,解除用户与设备的绑定,提升了生物认证的便利性。实验和理论分析表明,指纹模板的相关性和随机性比原始特征和随机映射算法更高,有更强的安全性;另外时间和存储开销、识别的准确性的实验结果表明,所设计APP兼顾便利性和安全性,满足移动云环境下安全认证的需求。     

基于TrustZone的指纹识别安全技术研究与实现

随着指纹识别技术在智能终端设备中的大量应用,指纹技术本身的安全问题也日益突出。为增强智能终端指纹识别的安全性,借助于ARM TrustZone安全扩展机制,提出了一种基于TrustZone的指纹识别安全保障技术和方法,其为指纹识别程序提供了可信执行环境,以保证其执行过程的安全性并防止恶意程序的攻击。同时,对指纹数据和指纹特征模板进行加密,并将密钥存储在受TrustZone保护的安全区域中以防止被窃取。此外,还实现了指纹数据的安全传输通道,以进一步确保敏感数据传输过程的安全性。最后,设计并实现了一个原型系统来验证所提技术和方法的有效性,实验结果证明所提出的技术和方法是可行的。     

基于TrustZone的可信移动终端云服务安全接入方案

可信云架构为云计算用户提供了安全可信的云服务执行环境,保护了用户私有数据的计算与存储安全. 然而在移动云计算高速发展的今天, 仍然没有移动终端接入可信云服务的安全解决方案. 针对上述问题, 提出了一种可信移动终端云服务安全接入方案, 方案充分考虑了移动云计算应用背景, 利用ARM TrustZone硬件隔离技术构建可信移动终端, 保护云服务客户端及安全敏感操作在移动终端的安全执行, 结合物理不可克隆函数技术, 给出了移动终端密钥与敏感数据管理机制. 在此基础之上, 借鉴可信计算技术思想, 设计了云服务安全接入协议, 协议兼容可信云架构, 提供云服务端与移动客户端间的端到端认证. 分析了方案具备的6种安全属性, 给出了基于方案的移动云存储应用实例, 实现了方案的原型系统. 实验结果表明, 可信移动终端TCB较小, 方案具有良好的可扩展性和安全可控性, 整体运行效率较高.     

基于精化的可信执行环境内存隔离机制验证

可信执行环境(trusted execution environment, TEE)基于硬件隔离机制,为安全敏感应用提供隔离的执行环境,保护敏感数据的安全性.内存隔离机制是TEE的关键机制之一,用于对安全内存和非安全内存进行隔离,并对安全内存实施访问控制,如果其安全性不能保证,可能造成存储在安全内存中的敏感数据泄露.为验证TEE内存隔离机制的安全性,针对基于ARM TrustZone技术构建的TEE,提出一种基于精化的可信执行环境内存隔离机制安全性验证方法.建立抽象模型和具体模型,并定义两种模型之间的精化关系,在证明精化关系成立和抽象模型满足信息流安全性的前提下,验证具体模型的信息流安全性.具体模型建模了TEE内存隔离机制的关键硬件和软件,包括TrustZone地址空间控制器、MMU和TrustZone monitor等,在定理证明器Isabelle/HOL中,验证了该模型满足无干扰、无泄露、无影响等信息流安全属性.     

基于多模生物模板安全的顽健图像隐藏算法

为了解决多模生物认证中生物模板安全传输问题,提出把人脸图像隐藏嵌入到指纹图像中,用于多模生物特征认证,以提高生物体征识别的安全性和准确性。利用指纹图像归一化、中心点检测,获取嵌入区域的几何失真不变域,提出在几何失真不变域基于奇异值分解（SVD）的多重嵌入算法,嵌入相应的人脸图像。检测者通过相关性优化算法,盲提取人脸图像,再结合载体指纹图像进行多模认证。实验结果表明,该算法能够抵抗旋转、缩放、平移等几何失真,也能抵抗压缩、滤波、噪声等攻击,提高了生物模板的传输安全性,指纹与人脸双模生物认证相比于单模认证具有更高的正确识别率。     

基于精化的TrustZone多安全分区建模与形式化验证

TrustZone作为ARM处理器上的可信执行环境技术,为设备上安全敏感的程序和数据提供一个隔离的独立执行环境.然而,可信操作系统与所有可信应用运行在同一个可信环境中,任意组件上的漏洞被利用都会波及系统中的其他组件.虽然ARM提出了S-EL2虚拟化技术,支持在安全世界建立多个隔离分区来缓解这个问题,但实际分区管理器中仍可能存在分区间信息泄漏等安全威胁.当前的分区管理器设计及实现缺乏严格的数学证明来保证隔离分区的安全性.详细研究了ARM TrustZone多隔离分区架构,提出一种基于精化的TrustZone多安全分区建模与安全性分析方法,并基于定理证明器Isabelle/HOL完成了分区管理器的建模和形式化验证.首先,基于逐层精化的方法构建了多安全分区模型RMTEE,使用抽象状态机描述系统运行过程和安全策略要求,建立多安全分区的抽象模型并实例化实现分区管理器的具体模型,遵循FF-A规范在具体模型中实现了事件规约;其次,针对现有分区管理器设计无法满足信息流安全性验证的不足,设计了基于DAC的分区间通信访问控制,并将其应用到TrustZone安全分区管理器的建模与验证中;再次,证明了具体模型...     

基于两枚不同指纹融合模糊金库的身份认证算法

基于单一生物特征模糊金库证易于受到相关攻击而导致生物特征模板泄露的安全性问题,提出一种基于两枚不同手指指纹的特征融合模糊金库的身份认证方案。这种身份认证方案采用了分别来自两枚不同手指指纹的细节点与方向场进行融合的方法,基于Diffie-Hellman密钥交换协议思想。实验结果表明该身份认证方案在指纹特征模板的安全性保护上比基于单一指纹特征模板有显著提高。     

可信数据库环境下无证书认证的可信密钥共享

基于DAS模型的可信数据库环境下,数据拥有者将数据加密以后存储于第三方数据库服务提供商,数据拥有者与被授权用户间的可信数据共享本质上是数据密钥的可信共享。现有的DAS模型中密钥管理方法的安全落脚点都是假设数据拥有者与各用户能事先分别安全共享一个用户密钥,而在可信数据库环境下如何进行数据拥有者与用户间的可信用户密钥共享却是一个未解决的问题。基于无证书签名认证机制,提出了一种可信数据库环境下的可信用户密钥共享协议,并对该协议的有效性和安全性进行了分析。该协议完全无需安全传输通道和可信第三方作为支撑,且有较好的执行效率;同时基于DL问题、Inv-CDH问题、q-StrongDH问题等数学难题,该协议被证明能有效抵御无证书安全模型下的各种攻击。     

中建华盾安全保护系统

中建科技提供基于指纹身份认证的解决方案，包括了双因数身份认证方案。指纹作为人体稳定的生物特征，其随身携带．指指相异．永不遗失的特征，也同时提供了身份认证的便利性。采用指纹进行身份认证实现了安全性和便利性的高度统一，对提高安全等级具有重要价值，同时基于指纹技术的集中式身份认证系统也获得了使用便利性和安全性的双重保证。     

基于指纹细节点的可撤销比特串模板生成算法

为了提高指纹模板算法的安全性能,设计了一种基于细节点的可撤销比特串指纹模板生成算法。首先对指纹图像进行预处理,提取指纹的细节点特征,然后对细节点特征进行量化和映射生成比特串模板,最后结合用户PIN码生成可撤销指纹模板。在指纹数据库FVC2002-DB1和DB2上的实验表明,该算法具有更好的安全性和认证性能,满足可撤销性、多样性和不可逆性。     

基于TrustZone的安全应用性能优化

TrustZone technology has been widely used in the security protection of various smart systems, such as data encryption, fingerprint login, DRM protection, electronic payment and so on. TrustZone technology provides programs with a trusted execution environment (TEE) that is isolated from the host environment to provide the runtime protection for important code and data. Therefore, the calling process of the security application based on TrustZone has changed, then the application adds processes such as data sharing and messaging between the secure and non-secure worlds, which causes additional performance overhead. This paper locates four key elements that affect the performance of the security application: world switch, interrupt, shared memory management, and data copy. On this base, four corresponding performance optimization methods are proposed. Through the AES encryption ser- vice based on TrustZone technology, the proposed performance optimization methods were compared and tested to verify their effectiveness. Experimental results show that: 1. Setting parameters reasonably can improve the performance by 31% at most. 2. Masking external interrupts can improve the perfor- mance by 4.5% at most. 3. Memory reusing can improve the performance by 37% at most. 4. Reducing memory copy can improve the performance by 39% at most.     

Refinement-based Modeling and Formal Verification for Multiple Secure Partitions of TrustZone

As a trusted execution environment technology on ARM processors, TrustZone provides an isolated and independent execution environment for security-sensitive programs and data on the device. However, running the trusted OS and all the trusted applications in the same environment may cause problems---The exploitation of vulnerabilities on any component may affect the others in the system. Although ARM proposed the S-EL2 virtualization technology, which supports multiple isolated partitions in the secure world to alleviate this problem, there may still be security threats such as information leakage between partitions in the real-world partition manager. Current secure partition manager designs and implementations lack rigorous mathematical proofs to guarantee the security of isolated partitions. This study analyzes the multiple secure partitions architecture of ARM TrustZone in detail, proposes a refinement-based modeling and security analysis method for multiple secure partitions of TrustZone, and completes the modeling and formal verification of the secure partition manager in the theorem prover Isabelle/HOL. First, we build a multiple secure partitions model named RMTEE based on refinement: an abstract state machine is used to describe the system running process and security policy requirements, forming the abstract model. Then the abstract model is instantiated into the concrete model, in which the event specification is implemented following the FF-A specification. Second, to address the problem that the existing partition manager design cannot meet the goal of information flow security verification, we design a DAC-based inter-partition communication access control and apply it to the modeling and verification of RMTEE. Lastly, we prove the refinement between the concrete model and the abstract model, and the correctness and security of the event specification in the concrete model. The formalization and verification consist of 137 definitions and 201 lemmas (more than 11,000 lines of Isabelle/HOL code). The results show that the model satisfies confidentiality and integrity, and can effectively defend against malicious attacks on partitions.     

A practical implementation of fuzzy fingerprint vault for smart cards

Biometric-based authentication can provide strong security guarantee about the identity of users. However, security of biometric data is particularly important as the compromise of the data will be permanent. To protect the biometric data, we need to store it in a non-invertible transformed version. Thus, even if the transformed version is compromised, the actual biometric data remain safe. Fuzzy vault is a cryptographic construct to secure critical data with the fingerprint data. In this paper, we implement the fuzzy fingerprint vault, combining fingerprint verification and fuzzy vault scheme to protect fingerprint templates, for the smart card environment. To implement the fuzzy fingerprint vault as a complete system, we have to consider several practical issues such as automatic fingerprint alignment, verification accuracy, template size for storing in the smart card, execution time, error correcting code, etc. Especially, we handled the fingerprints having a few minutiae by applying an adaptive degree of the polynomial, and thus our implementation result can be used for real, large-scale applications.     

面向云计算模式运行环境可信性动态验证机制

如何为用户提供一个可证明、可验证的可信运行环境,是云计算模式面临的重要问题.提出一种动态的用户运行环境可信性验证机制TCEE（trusted cloud execution environment）.通过扩展现有可信链,将可信传递到用户虚拟机内部,并周期性地对用户运行环境的内存和文件系统进行完整性验证.TCEE引入可信第三方TTP（trusted third party）,针对用户虚拟机运行环境的可信性进行远程验证和审计,避免了由用户维护可信验证的相关信息和机制,同时也能够避免云平台敏感信息的泄露.实现了基于TCEE的原型系统,对TCEE的有效性和性能代价进行定量测试和评价.实验结果表明,该机制可以有效检测针对内存和文件系统的典型威胁,且对用户运行环境引入的性能代价较小.     

基于TPCM的容器云可信环境研究

容器技术是一种轻量级的操作系统虚拟化技术,被广泛应用于云计算环境,是云计算领域的研究热点,其安全性备受关注。提出了一种采用主动免疫可信计算进行容器云可信环境构建方法,其安全性符合网络安全等级保护标准要求。首先,通过 TPCM 对容器云服务器进行度量,由 TPCM 到容器的运行环境建立一条可信链。然后,通过在 TSB 增加容器可信的度量代理,实现对容器运行过程的可信度量与可信远程证明。最后,基于Docker与Kubernetes建立实验原型并进行实验。实验结果表明,所提方法能保障云服务器的启动过程与容器运行过程的可信,符合网络安全等级保护标准测评要求。     

Fingerprint-Based Identity Authentication and Digital Media Protection in Network Environment

Current information security techniques based on cryptography are facing a challenge of lacking the exact connection between cryptographic key and legitimate users. Biometrics, which refers to distinctive physiological and behavioral characteristics of human beings, is a more reliable indicator of identity than traditional authentication system such as passwords-based or tokens-based. However, researches on the seamless integration biometric technologies, e.g., fingerprint recognition, with cryptosystem have not been conducted until recent years. In this paper, we provide an overview of recent advancements in fingerprint recognition algorithm with a special focus on the enhancement of low-quality fingerprints and the matching of the distorted fingerprint images, and discuss two representative methods of key release and key generation scheme based on fingerprints. We also propose two solutions for the application in identity authentication without trustworthy third-party in the network environment, and application in digital media protection, aiming to assure the secrecy of fingerprint template and fingerprint-based user authentication.