基于PKI和PMI的生物认证系统研究

生物认证技术作为一种准确高效的身份认证方法越来越广泛的应用于身份认证领域。但是目前还没有一种面向开放式网络的通用生物认证系统出现。由于在开放式网络中,基于X.509的公钥基础设施和权限管理基础设施(PMI)是目前应用广泛且有效的身份认证技术和权限管理技术,所以在PKI和PMI技术基础上,该文创新性的提出了一种基于生物证书的能实现身份认证和权限管理的通用生物认证系统。最后通过设计一个能实现身份认证和权限管理系统的高安全性生物智能卡,验证了基于PKI和PMI生物认证系统的可行性和可操作性。     

Heartbeat biometrics for human authentication

Automated security is one of the major concerns of modern times. Secure and reliable authentication systems are in great demand. A biometric trait like the electrocardiogram (ECG) of a person is unique and secure. In this paper, we propose an authentication technique based on Radon transform. Here, ECG wave is considered as an image and Radon transform is applied on this image. Standardized Euclidean distance is applied on the Radon image to get a feature vector. Correlation coefficient between such two feature vectors is computed to authenticate a person. False Acceptance Ratio of the proposed system is found to be 2.19% and False Rejection Ratio is 0.128%. We have developed two more approaches based on statistical features of an ECG wave as our ground work. The result of proposed technique is compared with these two approaches and also with other state-of-the-art alternatives.     

基于无线传输的心电心音监护系统设计

针对现有心电心音监测仪覆盖性不足、时效性差等问题,提出了一种基于无线传输的心电(ECG)心音(PCG)监护系统设计.本系统设计有64个监护节点,各节点由传感模块、调理采集模块、存储模块、主控管理模块、通信模块、电源管理模块组成,各节点可对12导联心电信号、HKY-06B心音信号进行同步采集传输,将信息汇总给监护中心并及...     

A Three-Channel Microcomputer System for Segmentation and Characterization of the Phonocardiogram

We present here details of a microcomputer system developed to segment the phonocardiogram signal (PCG) and characterize murmurs. Using the ECG and carotid pulse as references, the PCG is segmented into systolic and diastolic parts. Four parameters representing the time and frequency domain characteristics of the signal segments are then computed. Results of application of the methods to 47 phonocardiogram signals are presented. The use of these parameters for the detection and classification of murmurs is discussed.     

Biometric-based personal identity-authentication system and security analysis

1 Introduction Personal authentication system is a system that verifies a person’s identity, which he (she) claims to be, usually through login name or smart card, etc. Traditional authentication is based on the possession of a secret key, that is, once the user possesses the key, his (her) authenticity is established. Personal authentication based on PKI is one of the most prevalent authentication methods, which uses a private key to prove the user’s identity. Usually cryptographic keys a…     

Secure Face Authentication Framework in Open Networks

In response to increased security concerns, biometrics is becoming more focused on overcoming or complementing conventional knowledge and possession‐based authentication. However, biometric authentication requires special care since the loss of biometric data is irrecoverable. In this paper, we present a biometric authentication framework, where several novel techniques are applied to provide security and privacy. First, a biometric template is saved in a transformed form. This makes it possible for a template to be canceled upon its loss while the original biometric information is not revealed. Second, when a user is registered with a server, a biometric template is stored in a special form, named a ‘soft vault’. This technique prevents impersonation attacks even if data in a server is disclosed to an attacker. Finally, a one‐time template technique is applied in order to prevent replay attacks against templates transmitted over networks. In addition, the whole scheme keeps decision equivalence with conventional face authentication, and thus it does not decrease biometric recognition performance. As a result, the proposed techniques construct a secure face authentication framework in open networks.     

Selection diversity combining with multiple antennas for MM-waveindoor wireless channels

Presents predetection and postdetection combining schemes for selection diversity reception with multiple antennas for MM-wave indoor radio channels. For those combining schemes, a reduction in complexity is achieved by limiting the number of combined signals to small values and by increasing the number of received signals. Bit error rate (BER) performance of binary phase shift keying (BPSK) with predetection combining of selected signals (CSS) and BER performance of differential BPSK with postdetection CSS are analyzed for slow fading and Rayleigh-distributed envelope statistics. Predetection maximal ratio combining of signals that comes from a single group or several groups of diversity channels as well as postdetection combining of received signals for groups of channels are considered. In comparing predetection combining with groups (PCG) and predetection combining of the best signals (PCB), we observe that the required SNR for achieving a certain BER is approximatively the same (with PCG having a slight advantage of 0.5 dB) for a given number, N, of diversity channels and L combined signals. Furthermore. PCG is equivalent to PCB for L=N since both techniques then correspond to conventional predetection maximal ratio combining (MRC), PCG and PCB are also equivalent when L=1 as both schemes then correspond to conventional selection combining. A small degradation of approximately 2 dB in the required SNR is observed when postdetection diversity reception with groups (PDG) is used instead of PCG. For L=N, PDG reduces to post detection MRC. The PDG technique is considered more suitable than PCB or PCG for MM-indoor wireless systems     

On the use of quality measures in face and speaker identity verification based on video and audio streams

This study addresses the advantage of adding quality information of the biometric signals into a multimedia-based (video and audio) identity verification system. The quality information of the biometric signals can be used in several ways and stages in the biometric system. In this study, the authors introduce quality-based decisions in two stages: score normalisation and frame selection. Quality-based score normalisation helps to handle quality dependent drifts in the scores distributions. We derive a necessary and sufficient condition for reducing error when introducing quality-based score normalisation and present a score normalising technique. Additionally, the number of frontal faces and speech vectors extracted from the video and audio streams allows quality-based selection of frames, both in training and test, to preserve quality in the statistical representation of the signals. For these two stages we defined some quality measures for speaker and frontal face signals and run experiments to show the reliability of the proposed techniques over the BANCA database.     

基于生物特征和混沌映射的多服务器身份认证方案

基于密码的用户远程认证系统已被广泛应用,近年来的研究发现,单一口令系统容易遭受字典分析、暴力破解等攻击,安全性不高.生物特征与密码相结合的认证方式逐渐加入远程认证系统中,以提高认证系统的安全水平.但现有认证系统通常工作在单一服务器环境中,扩展到多服务器环境中时会遇到生物特征模板和密码容易被单点突破、交叉破解的问题.为了克服以上问题,提出了一种基于生物特征和混沌映射的多服务器密钥认证方案,该方案基于智能卡、密码和生物特征,可明显提高多服务器身份认证系统的安全性及抗密码猜解的能力.     

一种生物特征与公钥密码相结合的多层次身份认证方案

信息安全技术是保障各种网络应用正常运作的必要支撑,而身份认证是信息安全保障技术的重要组成部分。丈中简单分析了传统网络身份认证技术存在的安全缺陷,然后介绍了生物特征识别技术及其国内外应用情况。最后提出了一种把生物特征识别技术与公钥密码技术相结合的多层次身份认证方案,该方案解决了传统身份认证方案的部分缺点,增强了身份认证安全性,为实现更为安全可靠的网络安全体系提供技术支撑。     

Authentication gets personal with biometrics

Securing the exchange of intellectual property and providing protection to multimedia contents in distribution systems have enabled the advent of digital rights management (DRM) systems. User authentication, a key component of any DRM system, ensures that only those with specific rights are able to access the digital information. It is here that biometrics play an essential role. It reinforces security at all stages where customer authentication is needed. Biometric recognition, as a means of personal authentication, is an emerging signal processing area focused on increasing security and convenience of use in applications where users need to be securely identified. In this article, we outline the state-of-the-art of several popular biometric modalities and technologies and provide specific applications where biometric recognition may be beneficially incorporated. In addition, the article also discussed integration strategies of biometric authentication technologies into DRM systems that satisfy the needs and requirements of consumers, content providers, and payment brokers, securing delivery channels and contents.     

ECG biometric analysis in cardiac irregularity conditions

Biometric traits offer direct solutions to the critical security concerns involved in identity authentication systems. In this paper, a systematic analysis of the electrocardiogram (ECG) signal for application in human recognition is reported, suggesting that cardiac electrical activity is highly personalized in a population. Features extracted from the autocorrelation of healthy ECG signals embed considerable diacritical power, and render fiducial detection unnecessary. The central consideration of this paper is the evaluation of an identification system that is robust to common cardiac irregularities such as premature ventricular contraction (PVC) and atrial premature contraction (APC). Criteria concerning the power distribution and complexity of ECG signals are defined to bring to light abnormal ECG recordings, which are not employable for identification. Experimental results indicate a recognition rate of 96.2% and render identification based on ECG signals rather promising.     

Beyond objective performance evaluation in multimodal biometric systems

Biometric identity verification is a reality today. However, this relatively new field still requires a large amount of user-centred studies before becoming commonly used. This paper presents a user-centred analysis of a multimodal authentication system for secure Internet access where users can choose freely between three different biometric modalities (fingerprint, voice and signature) to enrol, verify their identity and act as impostors in an unsupervised manner, aided only by an automated embodied conversational agent. Objective and subjective information was collected to analyse relevant relationships between authentication performance, ergonomie issues and user preconceptions and impressions. Particular attention has been paid to analyse also the evolution of users’ choices of modality. From the results of our study we infer usability insights for the design of multimodal biometric security systems, and point towards directions of further inquiry.     

Continuous User Authentication System: A Risk Analysis Based Approach

With the expansion of smart device users, the security mechanism of these devices in terms of user authentication has been advanced a lot. These mechanisms consist of a pattern based authentication, biometric based authentication, etc. For security purpose whenever a user fails to authenticate themselves, these devices get locked. But as these devices consist of numerous applications (document creator, pdf viewer, e-banking, Social networking app, etc.), locking of the whole devices prevents the user from using any of the applications. Since the variety of applications provided by the devices have different security needs, we feel it is better to have application level security rather than device level. Here, in this paper, we have proposed a behavioral biometric based user authentication mechanism for application level security. First, we have performed a risk assessment of different applications. Then for complete protection, static multi-modal (keystroke and mouse dynamics) authentication at the start of an interactive session, and a continuous keystroke authentication during this session is performed. An analysis of the proposed authentication mechanism has been conducted on the basis of false acceptance rate (FAR), false rejection rate (FRR) and equal error rate (EER). The static multi-modal authentication achieved a FAR of 0.89%, FRR of 1.2% and EER of 1.04% using J48 classification algorithm. Whereas the continuous keystroke authentication has been analyzed by the time (no. of keystrokes pressed) taken to capture an intruder.

     

Biometric cryptosystems: issues and challenges

In traditional cryptosystems, user authentication is based on possession of secret keys; the method falls apart if the keys are not kept secret (i.e., shared with non-legitimate users). Further, keys can be forgotten, lost, or stolen and, thus, cannot provide non-repudiation. Current authentication systems based on physiological and behavioral characteristics of persons (known as biometrics), such as fingerprints, inherently provide solutions to many of these problems and may replace the authentication component of traditional cryptosystems. We present various methods that monolithically bind a cryptographic key with the biometric template of a user stored in the database in such a way that the key cannot be revealed without a successful biometric authentication. We assess the performance of one of these biometric key binding/generation algorithms using the fingerprint biometric. We illustrate the challenges involved in biometric key generation primarily due to drastic acquisition variations in the representation of a biometric identifier and the imperfect nature of biometric feature extraction and matching algorithms. We elaborate on the suitability of these algorithms for digital rights management systems.     

A new three-factor authentication and key agreement protocol for multi-server environment

Several password and smart-card based two-factor security remote user authentication protocols for multi-server environment have been proposed for the last two decades. Due to tamper-resistant nature of smart cards, the security parameters are stored in it and it is also a secure place to perform authentication process. However, if the smart card is lost or stolen, it is possible to extract the information stored in smart card using power analysis attack. Hence, the two factor security protocols are at risk to various attacks such as password guessing attack, impersonation attack, replay attack and so on. Therefore, to enhance the level of security, researchers have focused on three-factor (Password, Smart Card, and Biometric) security authentication scheme for multi-server environment. In existing biometric based authentication protocols, keys are generated using fuzzy extractor in which keys cannot be renewed. This property of fuzzy extractor is undesirable for revocation of smart card and re-registration process when the smart card is lost or stolen. In addition, existing biometric based schemes involve public key cryptosystem for authentication process which leads to increased computation cost and communication cost. In this paper, we propose a new multi-server authentication protocol using smart card, hash function and fuzzy embedder based biometric. We use Burrows–Abadi–Needham logic to prove the correctness of the new scheme. The security features and efficiency of the proposed scheme is compared with recent schemes and comparison results show that this scheme provides strong security with a significant efficiency.

     

Biometric Inspired Mobile Network Authentication and Protocol Validation

This paper pioneers an experimentation on assessing security and performance of a well-established biometric authentication protocol. Using the gold standard in software reliability, a path-oriented software quality control tool, the work exploits the attack surface leveraging path analysis. The test not only identifies security vulnerabilities in a system but also pinpoints those vulnerabilities at real security risk to optimize resource allocation. The automated holistic examination of the authentication process reveals a weakness in the biometric authentication protocol at study. The attack map generated from the analysis directs its improvement. Reexamination validates the security of the protocol. The work also studies the computational complexity of the protocol, thereby, recommends the key length suitable to biometric authentication for wireless body area networks.     

ECG signal compression based on Burrows-Wheeler transformation and inversion ranks of linear prediction

Many transform-based compression techniques, such as Fourier, Walsh, Karhunen-Loeve (KL), wavelet, and discrete cosine transform (DCT), have been investigated and devised for electrocardiogram (ECG) signal compression. However, the recently introduced Burrows-Wheeler Transformation has not been completely investigated. In this paper, we investigate the lossless compression of ECG signals. We show that when compressing ECG signals, utilization of linear prediction, Burrows-Wheeler Transformation, and inversion ranks yield better compression gain in terms of weighted average bit per sample than recently proposed ECG-specific coders. Not only does our proposed technique yield better compression than ECG-specific compressors, it also has a major advantage: with a small modification, the proposed technique may be used as a universal coder.     

Fingerprint features-statistical analysis and system performanceestimates

As the need for personal authentication increases, many people are turning to biometric authentication as an alternative to traditional security devices. Concurrently, users and vendors of biometric authentication systems are searching for methods to establish system performance. This paper presents a model that defines the parameters necessary to estimate the performance of fingerprint-authentication systems without going through the rigors of intensive system testing inherent in establishing error rates. The model presented here was developed to predict the performance of the pore-based automated fingerprint-matching routine developed internally in the research and development division at the National Security Agency. This paper also discusses the statistics of fingerprint pores and the efficacy of using pores in addition to the traditionally used minutiae to improve system performance. In addition this paper links together the realms of automated matching and statistical evaluations of fingerprint features. The results of this link provides knowledge of practical performance limits of any automated matching routine that utilizes pores or minutia features     

一种新的基于指纹与人脸特征级融合的模糊金库方案

针对基于生物特征的模糊金库易受相关攻击导致密钥和生物特征模板丢失以及基于单生物特征的模糊金库的认证性能不可靠的问题,提出了一种新的基于指纹与人脸特征级融合的模糊金库方案。该方案对指纹特征与人脸特征分别进行不可逆变换,并基于Diffie-Hellman算法在特征级变换后将指纹与人脸特征融合为一个模板。最后,将所得的融合模板用来构建模糊金库,通过更新随机矩阵使金库具备可撤销特性,有效抵御相关攻击,实现可靠的身份认证。实验结果表明,本文方案提高了系统的可靠性和多生物特征模板的安全性。