一种改进的指纹Fuzzy Vault加密方案

为了克服传统指纹Fuzzy Vault算法在应用上的不足,提出了一种改进的Fuzzy Vault算法。主要采用一种新的多项式构造函数的方法来实现待保护密钥和指纹细节特征点的绑定,进而解决了传统Fuzzy Vault算法中密钥长度决定解码时需要匹配细节点个数的问题。实验结果表明,此方法进一步增强了算法的安全性和灵活性。     

一种基于BioHashing和洗牌算法的可撤销密钥绑定方案

针对传统加密方案中密钥管理困难的问题,提出了一个新的通过指纹管理密钥的密钥绑定方案。该方案通过BioHashing方法得到用户指纹特征的二进制序列,对得到的序列执行一个改进的洗牌算法进行置乱,最后通过Fuzzy Vault方案将特征值与密钥进行绑定。仿真分析表明,利用Fuzzy Vault方案的容错机制和BCH码的纠错机制,该方案可以在保证指纹信息安全的情况下正确恢复密钥。同时,改进的洗牌算法实现了特征模板的可撤销性和不可逆性。     

基于NTRU的多密钥同态加密方案解密结构

为了进一步提升NTRU型多密钥全同态加密（MKFHE）方案的安全性和效率,基于素数幂次分圆多项式环,研究了NTRU型多密钥同态加密的原始解密结构特点,并提出了两种多密钥同态解密结构改进优化方法。首先通过降低多项式系数,设计了“Regev-Style”多密钥解密结构;其次通过扩展密文维度,设计了“Ciphertext-Expansion”多密钥解密结构。通过与NTRU型多密钥同态加密方案的原始解密结构进行对比分析,结果表明“Regev-Style”多密钥解密结构降低了产生噪声的量级,用于NTRU型多密钥全同态加密方案设计时能减少密钥交换次数和模交换次数;“Ciphertext-Expansion”多密钥解密结构消除了密钥交换过程,降低了产生噪声的量级,且能更有效地处理重复用户的密文乘积。改进优化的多密钥解密结构的安全性均基于素数幂次分圆多项式环上的误差学习（LWE）问题和判定小多项式比（DSPR）假设,这些结构能较好地抵御子域攻击。通过选取合适的参数,它们可用于设计更加安全高效的NTRU型多密钥全同态加密方案。     

基于素数幂次阶分圆多项式环的多密钥全同态方案

传统的全同态加密方案允许对单个用户的密文进行任意计算,计算结果解密后能够得到与明文计算相一致的结果。多密钥全同态加密方案允许云服务器对多个用户的密文进行任意计算,更适用云计算的应用场景。基于公钥加密方案NTRU的多密钥全同态加密方案被称为NTRU型多密钥全同态加密方案,具有密钥和密文尺寸短、运算速度快和潜在的抗量子攻击等特性。但是,现有的NTRU型多密钥全同态加密方案存在可选的环结构少、使用的环结构容易受到子域攻击等问题。文章以NTRU型多密钥全同态加密方案LTV12为研究对象,将该方案中的2的幂次阶分圆多项式环替换为素数幂次阶分圆多项式环,密钥生成算法采用正则嵌入下的高斯分布,优化了LTV12方案,增加了可选环结构的数量,并使其免受子域攻击的危害,对其实用性和安全性具有推动意义。     

基于置换移位的单字节分组保密方法

为减少无线传感器网络编码的冗余字节,提高基于Feistel结构的无线传感器网络分组加密的安全性,提出了一种新的单字节分组密码保密方法.采用生成单位矩阵的幂次和密钥变换矩阵生成密钥,明文通过单字节的置换和循环移位得到加密密文.首先介绍无线传感器网络Feistel结构分组加密算法,然后给出了置换和移位操作编码原理,并给出了设计的加密解密算法,最后进行了分析和实验.提出的方法既可以实现加密,也可以实现解密.分析结果表明,密钥具有较高的安全性能,可以增强基于Feistel结构的无线传感器网络分组加密安全性.     

基于Huffman编码的高效对称密码体制研究

当前网络中大规模数据的存储和传输需求使得数据压缩与加密相结合的研究引起了越来越多研究者的关注.虽然在信元的概率密度函数(Possibility Mass Function,PMF)保密的前提下使用Huffman编码压缩数据后得到的编码序列极难破译,但该方法中作为密钥的PMF安全性差且难于存储和传输因此很难被实际应用.为解决这个问题本文提出一种基于Huffman编码的一次一密高安全性对称密码体制.该方案使用具有多项式时间复杂度的Huffman树重构算法与有限域插值算法生成密钥,能够保证密钥长度非常短且在密钥被部分获取的情况下对加密体制的破解依然困难.此外本文证明方案的有效性和安全性并给出一个应用实例.     

基于纠错码的指静脉加密算法

对指静脉加密算法进行整体介绍,并加入纠错机制,设计了带纠错功能的指静脉加密算法。利用二进制序列发生器随机生成一个多项式系数形式的密钥,将指静脉特征点加密,在密钥恢复阶段用拉格朗日插值来恢复多项式,并利用循环冗余校验码进行校验,该方法可以找到最精确的密钥来保证多项式的准确度。实验结果表明:利用带有纠错码的模糊金库算法很好地实现了指静脉模板的加密和解密,从而达到了保护生物信息安全的要求;通过密钥长度增长可以提高系统的安全性能。     

去中心化的安全分布式存储系统

提出一种去中心化的安全分布式存储系统。通过公钥加密和单钥加密相结合的方法,提高存储数据的保密性。对每个数据源使用不同的对称密钥进行分布式加密,采用分布式纠删码对加密后的数据进行编码。使用RS多项式编码和List Decoding译码方法存储加密的对称密钥,以保证系统的鲁棒性。分析结果表明,该方案的计算复杂度较低。     

一种DES密钥延长方法

数据加密标准(DES)是Feistel网络型加密算法的实现,但DES的密钥长度较短,不能适应目前网络安全的需求。为此,提出一种DES密钥延长方法,将DES算法的密钥长度由56 bit扩展到112 bit。理论和实例测试结果表明,使用该方法改进后的DES算法加密有效。     

抗连续辅助输入泄漏的属性基加密方案

针对属性基加密(attribute-based encryption, ABE)机制中边信道攻击下的密钥泄漏问题,现有的解决方案仅允许密钥的有界泄漏. 将连续辅助输入泄漏模型和双系统加密相结合,通过合理设计主密钥和用户私钥的生成过程,提出了一种抗连续辅助输入泄漏的ABE方案. 基于合数阶群的子群判定假设和域GF(q)上Goldreich-Levin定理,在标准模型下,证明该方案在攻击者获知辅助输入密钥泄漏信息的情况下仍具有自适应安全性. 该方案实现了主密钥和用户私钥的连续无界泄漏,在密钥更新询问时无需假定旧密钥必须从内存中彻底清除,且具有较好的合成性质. 与相关的解决方案相比,该方案不仅具有最好的抗泄漏容忍性,而且具有较短的密钥长度.     

Password hardened fuzzy vault for fingerprint authentication system

The present work attempts to build a bio-cryptographic system that combines transformed minutiae pairwise feature and user-generated password fuzzy vault. The fingerprint fuzzy vault is based on a new minutiae pairwise structure, which overcomes the fingerprint feature publication while the secret binary vault code is generated according to the fingerprint fuzzy vault result. The authentication process involves two stages: fuzzy vault matching and secret vault code validation. Our minutiae pairwise transformation produces different templates thus resolving the problem of cross matching attacks in fingerprint fuzzy vault. So, the original fingerprint template cannot be recreated because it is protected by the key generated from the user password. In addition, the proposed bio-cryptographic system ensures an acceptable security level for user authentication.     

一种新的基于指纹的密钥隐藏方案

针对已有指纹密钥隐藏方法的不足,提出了一种新的基于指纹的密钥隐藏方案,为了充分利用指纹图像细节点以及细节点周围的纹理信息,采用了一种新定义的指纹模板：细节点纹理串模板,这种密钥隐藏方案也就称为细节点纹理串密钥隐藏方案.在此方案中,首先提取指纹的细节点集合,然后在每个细节点周围使用Gabor滤波器滤波,以提取细节点周围的指纹纹理信息,细节点集合和每个细节点对应的纹理信息共同构成细节点纹理串模板.然后,用(n,k)秘密分割方法将对称加密系统或PKI产生的密钥分成n份秘密值,每份秘密值以保密的方式存储在细节点对应的纹理串中,只有当询问指纹能恢复出至少k份秘密时,才可以恢复出原密钥.在指纹数据库FVC2002 DB1和DB2上的实验表明,一指纹用于隐藏密钥,另一指纹用于恢复密钥的情况下,该方案的等错率(equal error rate, EER)为1%~2.2%,优于模糊盖子密钥隐藏方案.安全性分析表明,该方案有效地保护了密钥以及指纹模板信息,安全度高于模糊盖子方案.     

A practical implementation of fuzzy fingerprint vault for smart cards

Biometric-based authentication can provide strong security guarantee about the identity of users. However, security of biometric data is particularly important as the compromise of the data will be permanent. To protect the biometric data, we need to store it in a non-invertible transformed version. Thus, even if the transformed version is compromised, the actual biometric data remain safe. Fuzzy vault is a cryptographic construct to secure critical data with the fingerprint data. In this paper, we implement the fuzzy fingerprint vault, combining fingerprint verification and fuzzy vault scheme to protect fingerprint templates, for the smart card environment. To implement the fuzzy fingerprint vault as a complete system, we have to consider several practical issues such as automatic fingerprint alignment, verification accuracy, template size for storing in the smart card, execution time, error correcting code, etc. Especially, we handled the fingerprints having a few minutiae by applying an adaptive degree of the polynomial, and thus our implementation result can be used for real, large-scale applications.     

Fingerprint-Based Fuzzy Vault: Implementation and Performance

Reliable information security mechanisms are required to combat the rising magnitude of identity theft in our society. While cryptography is a powerful tool to achieve information security, one of the main challenges in cryptosystems is to maintain the secrecy of the cryptographic keys. Though biometric authentication can be used to ensure that only the legitimate user has access to the secret keys, a biometric system itself is vulnerable to a number of threats. A critical issue in biometric systems is to protect the template of a user which is typically stored in a database or a smart card. The fuzzy vault construct is a biometric cryptosystem that secures both the secret key and the biometric template by binding them within a cryptographic framework. We present a fully automatic implementation of the fuzzy vault scheme based on fingerprint minutiae. Since the fuzzy vault stores only a transformed version of the template, aligning the query fingerprint with the template is a challenging task. We extract high curvature points derived from the fingerprint orientation field and use them as helper data to align the template and query minutiae. The helper data itself do not leak any information about the minutiae template, yet contain sufficient information to align the template and query fingerprints accurately. Further, we apply a minutiae matcher during decoding to account for nonlinear distortion and this leads to significant improvement in the genuine accept rate. We demonstrate the performance of the vault implementation on two different fingerprint databases. We also show that performance improvement can be achieved by using multiple fingerprint impressions during enrollment and verification.     

只需异或运算的秘密分享方案

针对传统基于插值多项式的秘密分享方案,需要复杂的多项式运算,当涉及的数据比较大时,运算效率特别低的问题,提出一种结合数据分块方法以及仅需要在GF(2)上的异或运算的秘密分享方案,并应用于大规模数据的安全保护机制。理论分析与实验结果表明,与传统基于插值多项式的秘密分享方法相比,所提方法在运行效率上提升了19.3%。     

模糊保险箱的多项式表示方法

在模糊保险箱方案中,通常采用多个干扰点与用户特征点混合构成的集合表示保险箱,这种方法存在多种安全缺陷。为此,提出一种新的保险箱构造方案,该方案利用随机点与用户特征集合构造一个随机多项式,运用该多项式系数表示保险箱。分析结果表明,该方案可以抵抗已知的对模糊保险箱的多种攻击,具有更高的安全性,并能节约存储空间。     

A hybrid scheme for securing fingerprint templates

In a fingerprint recognition system, templates are stored in the server database. To avoid the privacy concerns in case the database is compromised, many approaches of securing biometrics templates such as biometric encryption, salting, and noninvertible transformation are proposed to enhance privacy and security. However, a single approach may not meet all application requirements including security, diversity, and revocability. In this paper, we present a hybrid scheme for securing fingerprint templates, which integrates our novel algorithms of biometric encryption and noninvertible transformation. During biometric encryption, we perform the implementation of fingerprint fuzzy vault using a linear equation and chaff points. During noninvertible transformation, we perform a regional transformation for every minutia-centered circular region. The hybrid scheme can provide high security, diversity, and revocability. Experimental results show the comparative performance of those approaches. We also present strength analysis and threats on our scheme.     

安全可纠错的权重不同参与者之间的门限方案

Shamir门限秘密共享方案是基于多项式插值的秘密共享门限方案。论文研究的是基于中国剩余定理的权重不同参与者之间秘密共享方案,并考虑了此类门限方案的安全性,最后基于中国剩余定理和纠错方法给出一个简单的安全的权重不同参与者之间的门限方案。     

A secret sharing scheme for EBTC using steganography

In this paper, a new method based on Block Truncation Coding (BTC) and the halftoning technique is proposed for secret sharing of lossy compressed images. BTC is a simple and efficient image compression technique. However, it yields images of undesirable quality, and significant blocking effects are seen as the block size that is used increases. A modified method known as Enhanced Block Truncation Coding (EBTC) is proposed to solve these problems. For secret sharing, we propose a (2, 2) secret sharing scheme which provides authentication using DE scheme. This scheme was developed for data hiding with grayscale images, but our proposed EBTC uses bitmap images for which the DE scheme is not appropriate. We show the solution for such a problem. Moreover, we reduce the computation complexity for secret sharing using the DE algorithm because past schemes which used polynomial or interpolation algorithms require too much time for secret sharing. In addition, we show how to authenticate a cover image. Experimental results show that our proposed scheme provides secret sharing with proper authentication and acceptable computational complexity.     

基于二元对称多项式的公平秘密共享方案

基于二元对称多项式,提出一种新的公平[(t,n)]门限秘密共享方案,能够确保：所有参与者都合法且诚实时,均能恢复正确的秘密;存在欺骗者时,所有参与者都无法恢复正确的秘密。该方案利用二元对称多项式不仅为任意两个参与者提供会话密钥;结合离散对数,在确保每个share持有者拥有较少share的情况下,使得Dealer可以选取足够长的秘密序列,从而确保方案的公平性。此外,方案在异步环境下也能实现公平秘密恢复。与Harn方案相比,该方案更加公平和灵活。