改进的BioHashing指纹模板保护算法

BioHashing是可撤销生物认证中广泛应用的身份认证方案,针对用户令牌泄露导致BioHashing识别性能严重退化的问题,提出一种改进的BioHashing指纹模板保护算法。该算法在量化过程中采用滑动窗口产生固定长度的二值序列,并结合滑动窗口带来的更大的密钥空间,有效提高了指纹特征自身的区分能力和安全性。理论分析和实验结果表明,改进方法产生的二值序列能有效保护指纹模板的原始特征信息,提高系统的识别性能。     

PalmPhasor算法性能的理论分析

模板的安全性和隐私性是掌纹系统实际应用的关键问题,然而生物特征保护的多项指标通常相互冲突并且难以同时满足.作为解决上述冲突的一种可撤销掌纹编码算法,PalmPhasor实现了高效、安全的掌纹认证.建立了系统分析PalmPhasor性能的完整框架.为了便于具体分析,将情景分为4种情况,并且提供了支持相应分析的预备知识,包括辅助定理以及Gabor滤波掌纹图像实部和虚部分布特性.在统计学基础上建立的理论分析和实验结果均表明:即使在用户口令被盗的情况下,多方向分数级融合增强的PalmPhasor算法也可以同时有效地满足可撤销生物特征的4项指标.     

基于LGBP与Bloom滤波器的可撤销掌纹模板生成方法

为了实现对用户生物特征信息的有效保护,提高掌纹身份认证系统的安全性,提出一种掌纹可撤销模板生成方法。首先通过Gabor滤波器获得掌纹数据不同方向、不同尺度的幅值特征,对其提取局部均匀模式LBP特征,然后将二值化的特征直方图序列使用Bloom滤波器进行多对一映射,最后进行不可逆变换,得到可撤销掌纹模板。理论分析和实验结果表明,该方法不仅可以有效保护掌纹特征,而且在密钥丢失时,也具有较高的识别率。     

一种身份认证系统综合分类框架

较为全面的对身份认证系统做了分析比较,并着重研究分析了生物特征识别身份认证和动态口令身份认证,在此基础上提出了一种身份认证技术综合的分类方法。从认证双方享有的知识因子的角度出发,明确了共享因子的概念;从动态身份认证中的动态驱动因子不同,把其划分为时间驱动型和事件驱动型。     

可定制的身份认证功能组件的设计与实现

鉴于各种身份认证方式原理的复杂性和认证形式的多样性,分别通过模块化方法和控件式开发方法,设计并实现了各种认证参数均由用户设定,而具体的认证过程又完全透明的具有可定制功能的身份认证组件.组件为用户提供了通行字认证方式、零知识认证方式、基于生物特征的认证方式和基于令牌的认证方式.组件可以为身份认证方案技术的开发人员节省程序编写时间,方便那些对认证理论不太了解的用户集成身份认证功能模块.     

基于区块链的生物特征和口令双因子跨域认证与密钥协商方案

针对用户跨域访问数据资源的数据共享场景, 为了保证用户的身份合法性以及安全通信, 提出了一种基于区块链的生物特征和口令双因子跨域认证与密钥协商方案. 用户生物特征通过模糊提取技术转换为生物密钥和生物公开信息参与认证, 避免生物特征被泄露. 包含生物密钥和生物公开信息的用户身份信息存储在区块链账本中,保证身份信息一致以及...     

安全高效的可撤销指纹模板构造

指纹特征加密是生物特征识别技术中最为活跃的研究领域之一.然而指纹特征是人体固有的特征,具有唯一性与终身不变性,一旦识别系统中的用户指纹模板丢失,将是永久性的.为了避免用户指纹模板丢失,基于巴特沃斯低通滤波器原型,设计了一组不可逆转换函数,将用户原始指纹模板转换为可撤销指纹模板,不同识别系统中存储的可撤销指纹模板具有互异性与不可逆性,进而有效规避原始指纹模板的不变性与公开性所带来的安全隐患.匹配精度、不可逆性、转换速度等方面的实验分析表明,所构造可撤销指纹模板方案在认证效率、安全性、计算效率等方面具有良好性能.     

基于因子分析的模拟电路故障特征提取技术研究

针对LS-SVM算法中小波提取特征存在小波基函数选择和小波分解层次、系数选取的问题,提出了一种基于因子分析技术的故障特征识别方法;该方法通过构建采样数据的相关矩阵求出因子载荷和因子得分,按照累计贡献率自动提取出1~3个因子组成特征向量,从而降低了输入维度,提高了算法训练诊断效率,降低了收敛难度;四运放典型电路的仿真实验结果表明:文中算法的诊断正确率超过了同类方法,同时提高了训练时间和诊断效率。     

基于国密算法和PUF的企业用户身份认证系统

针对当前企业信息系统登录方法安全性和可扩展性的不足,设计一种基于国密算法和PUF（物理不可克隆函数）的企业用户身份认证系统。该系统借鉴FIDO U2F（线上快速第二因子身份认证）认证框架,以身份识别令牌作为认证第二因子,使用国产加密算法实现安全性的自主可控,同时在身份令牌中集成了PUF和真随机数发生器,以达到提升安全性和可扩展性的目的。安全性分析表明,该系统的安全性显著高于现有技术实现。实验测试结果表明,该系统运行开销较低,稳定可靠,能够方便、快捷地部署在企业信息系统中。     

物联网本体存储数据可撤销加密仿真研究

针对物联网密钥不可随机拆分与撤销,本体存储数据容易遭到外界入侵,导致用户隐私信息泄露,提出物联网本体存储数据可撤销加密方法。根据数据可撤销加密的理论确定双线性映射函数,通过加密撤销的困难假设构建了物联网本体存储数据可撤销模型。对存储数据进行可撤销运算,采用了周期更新思想,将用户密钥属性、用户身份以及时间进行划分,并根据访问树的节点数据对用户存储数据进行加密计算。通过主要密钥随机拆分撤销运算,根据结果对存储数据可撤销加密进行安全认证。仿真结果表明,采用可撤销加密方法能够实现物联网密钥的随机拆分,缩短用户密钥更新周期,数据安全性更高。     

Cancellable biometrics and annotations on BioHash

Lately, the once powerful one-factor authentication which is based solely on either password, token or biometric approach, appears to be insufficient in addressing the challenges of identity frauds. For example, the sole biometric approach suffers from the privacy invasion and non-revocable issues. Passwords and tokens are easily forgotten and lost. To address these issues, the notion of cancellable biometrics was introduced to denote biometric templates that can be cancelled and replaced with the inclusion of another independent authentication factor. BioHash is a form of cancellable biometrics which mixes a set of user-specific random vectors with biometric features. In verification setting, BioHash is able to deliver extremely low error rates as compared to the sole biometric approach when a genuine token is used. However, this raises the possibility of two identity theft scenarios: (i) stolen-biometrics, in which an impostor possesses intercepted biometric data of sufficient high quality to be considered genuine and (ii) stolen-token, in which an impostor has access to the genuine token and used by the impostor to claim as the genuine user. We found that the recognition rate for the latter case is poorer. In this paper, the quantised random projection ensemble based on the Johnson–Lindenstrauss Lemma is used to establish the mathematical foundation of BioHash. Based on this model, we elucidate the characteristics of BioHash in pattern recognition as well as security view points and propose new methods to rectify the stolen-token problem.     

Cancellable biometrics and user-dependent multi-state discretization in BioHash

Although the use of biometrics for security access is convenient and easy to be implemented, it also introduced privacy and other security concerns when the original biometric templates are compromised. BioHash was introduced as a form of cancellable or replaceable biometrics through the integration of a set of user-specific random numbers with biometric features to address these concerns. However, the main drawback of the original form of BioHash is its inferior performance when an imposter obtains a legitimate token and uses it to claim as a genuine user (also known as the stolen-token scenario). In this paper, the problem is circumvented by a user-dependent multi-state discretization method. The experimental results on fingerprint database FVC2002 demonstrated a promising performance improvement on the stolen-token scenario when this discretization method was incorporated in the BioHash scheme. Moreover, the discretization method can render a long bit string, which is a useful feature to resist brute-force attacks. Some desired properties such as one-way transformation and diversity are also analyzed.     

Cancelable features using log-Gabor filters for biometric authentication

Wide spread use of biometric based authentication requires security of biometric data against identity thefts. Cancelable biometrics is a recent approach to address the concerns regarding privacy of biometric data, public confidence, and acceptance of biometric systems. This work proposes a template protection approach which generates revocable binary features from phase and magnitude patterns of log-Gabor filters. Multi-level transformations are applied at signal and feature level to distort the biometric data using user specific tokenized variables which are observed to provide better performance and security against information leakage under correlation attacks. A thorough analysis is performed to study the performance, non-invertibility, and changeability of the proposed approach under stolen token scenario on multiple biometric modalities. It is revealed that generated templates are non-invertible, easy to revoke, and also deliver good performance.     

An effective biometric cryptosystem combining fingerprints with error correction codes

With the emergence and popularity of identity verification means by biometrics, the biometric system which can assure security and privacy has received more and more concentration from both the research and industry communities. In the field of secure biometric authentication, one branch is to combine the biometrics and cryptography. Among all the solutions in this branch, fuzzy commitment scheme is a pioneer and effective security primitive. In this paper, we propose a novel binary length-fixed feature generation method of fingerprint. The alignment procedure, which is thought as a difficult task in the encrypted domain, is avoided in the proposed method due to the employment of minutiae triplets. Using the generated binary feature as input and based on fuzzy commitment scheme, we construct the biometric cryptosystems by combining various of error correction codes, including BCH code, a concatenated code of BCH code and Reed-Solomon code, and LDPC code. Experiments conducted on three fingerprint databases, including one in-house and two public domain, demonstrate that the proposed binary feature generation method is effective and promising, and the biometric cryptosystem constructed by the feature outperforms most of the existing biometric cryptosystems in terms of ZeroFAR and security strength. For instance, in the whole FVC2002 DB2, a 4.58% ZeroFAR is achieved by the proposed biometric cryptosystem with the security strength 48 bits.     

A novel cancellable Iris template generation based on salting approach

The iris has been vastly recognized as one of the powerful biometrics in terms of recognition performance, both theoretically and empirically. However, traditional unprotected iris biometric recognition schemes are highly vulnerable to numerous privacy and security attacks. Several methods have been proposed to generate cancellable iris templates that can be used for recognition; however, these templates achieve lower accuracy of recognition in comparison to traditional unprotected iris templates. In this paper, a novel cancellable iris recognition scheme based on the salting approach is introduced. It depends on mixing the original binary iris code with a synthetic pattern using XOR operation. This scheme guarantees a high degree of privacy/security preservation without affecting the performance accuracy compared to the unprotected traditional iris recognition schemes. Comprehensive experiments on various iris image databases demonstrate similar accuracy to those of the original counterparts. Hence, robustness to several major privacy/security attacks is guaranteed.

     

Multi-instance cancellable biometrics schemes based on generative adversarial network

The main role of cancellable biometric schemes is to protect the privacy of the enrolled users. The protected biometric data are generated by applying a parametrized transformation function to the original biometric data. Although cancellable biometric schemes achieve high security levels, they may degrade the recognition accuracy. One of the mostwidely used approaches to enhance the recognition accuracy in biometric systems is to combine several instances of the same biometric modality. In this paper, two multi-instance cancellable biometric schemes based on iris traits are presented. The iris biometric trait is used in both schemes because of the reliability and stability of iris traits compared to the other biometric traits. A generative adversarial network (GAN) is used as a transformation function for the biometric features. The first scheme is based on a pre-transformation feature-level fusion, where the binary features of multiple instances are concatenated and inputted to the transformation phase. On the other hand, the second scheme is based on a post-transformation feature-level fusion, where each instance is separately inputted to the transformation phase. Experiments conducted on the CASIA Iris-V3-Internal database confirm the high recognition accuracy of the two proposed schemes. Moreover, the security of the proposed schemes is analyzed, and their robustness against two well-known types of attacks is proven.

     

Investigating fusion approaches in multi-biometric cancellable recognition

Cancellable biometrics has recently been introduced in order to overcome some privacy issues about the management of biometric data, aiming to transform a biometric trait into a new but revocable representation for enrolment and identification (verification). Therefore, a new representation of original biometric data can be generated in case of being compromised. Additionally, the use multi-biometric systems are increasingly being deployed in various biometric-based applications since the limitations imposed by a single biometric model can be overcome by these multi-biometric recognition systems. In this paper, we specifically investigate the performance of different fusion approaches in the context of multi-biometrics cancellable recognition. In this investigation, we adjust the ensemble structure to be used for a biometric system and we use as examples two different biometric modalities (voice and iris data) in a multi-biometrics context, adapting three cancellable transformations for each biometric modality.     

Random multispace quantization as an analytic mechanism for BioHashing of biometric and random identity inputs

Biometric analysis for identity verification is becoming a widespread reality. Such implementations necessitate large-scale capture and storage of biometric data, which raises serious issues in terms of data privacy and (if such data is compromised) identity theft. These problems stem from the essential permanence of biometric data, which (unlike secret passwords or physical tokens) cannot be refreshed or reissued if compromised. Our previously presented biometric-hash framework prescribes the integration of external (password or token-derived) randomness with user-specific biometrics, resulting in bitstring outputs with security characteristics (i.e., noninvertibility) comparable to cryptographic ciphers or hashes. The resultant BioHashes are hence cancellable, i.e., straightforwardly revoked and reissued (via refreshed password or reissued token) if compromised. BioHashing furthermore enhances recognition effectiveness, which is explained in this paper as arising from the random multispace quantization (RMQ) of biometric and external random inputs     

模糊逻辑在人脸特征保护算法中的应用

随着人脸识别在门禁、视频监控等公共安全领域中的应用日益广泛,人脸特征数据的安全性和隐私性问题成为备受关注的焦点。近年来出现了许多关于生物特征及人脸特征的安全保护算法,这些算法大都是将生物特征数据转变为二值的串,再进行保护。针对已有的保护算法中将实值的人脸特征转换为二值的串,从而导致信息丢失的不足,应用模糊逻辑对人脸模板数据的类内差异进行建模,从而提高人脸识别系统的性能。给出了算法在CMU PIE的光照子集、CMU PIE带光照和姿势的子集和ORL人脸数据库中的实验结果。实验表明,该算法能够进一步提高已有安全保护算法的识别率。     

Three measures for secure palmprint identification

Most previous research in the area of personal authentication using the palmprint as a biometric trait has concentrated on enhancing accuracy yet resistance to attacks is also a centrally important feature of any biometric security system. In this paper, we address three relevant security issues: template re-issuances, also called cancellable biometrics,¹ replay attacks, and database attacks. We propose to use a random orientation filter bank (ROFB) as a feature extractor to generate noise-like feature codes, called Competitive Codes for templates re-issuances. Secret messages are hidden in templates to prevent replay and database attacks. This technique can be regarded as template watermarking. A series of analyses is provided to evaluate the security levels of the measures.