Disclosure of Invention
The invention aims to overcome the defects and shortcomings of the prior art and provide a threshold predicate encryption biological characteristic authentication method based on digital watermarking. However, when an attacker sends a random template or a query template obtained by eavesdropping to the server, the server can be deceived, and random attack, replay attack and collusion attack can be launched on the server, and the success rate is high. Therefore, in order to secure the biometric authentication system, its resistance to the impersonation attack must be improved.
The aim of the invention is achieved by the following technical scheme:
a threshold predicate encryption biometric authentication method based on digital watermarking, as shown in figure 1, comprises the following steps:
acquiring biological characteristics of users through a client, generating a reference template for the biological characteristics of each user, and storing the reference template in a server;
a user initiates an authentication request to a server through a client;
the server receives the authentication request of the client and sends a challenge to the user;
after the client receives the challenge, a new biological characteristic sample of the client is collected, a biological characteristic vector is obtained, and the biological characteristic vector of the challenge is obtained through watermark information embedding operation, so that a challenge template is obtained
And sending the data to a server;
the server receives the inquiry template, carries out signal calculation of detection vectors in each segment, judges whether watermark information is correct, and obtains a first-step authentication result according to the judgment result of the watermark information; and calculating the total correlation value, and obtaining a final authentication result according to the total correlation value and the authentication result of the first step.
Further, the method includes the steps of obtaining the biological characteristics of the users through the client, generating a reference template for the biological characteristics of each user, and storing the reference template in the server, and specifically includes the following steps:
s101, acquiring system parameters;
wherein the system parameters param are as follows:
param={n,θ},
wherein n represents the number of elements in the feature vector, and θ is a threshold;
s102, the client generates a private key sk for the user,
generating a private random arrangement function pi for each biometric fragment of the user, and if q elements are contained in the biometric fragment, generating two (q+3) x (q+3) random matrices M 1 and M2 And then generates a private key sk:
sk={M 1 ,M 2 ,n,π},
s103, the user registers the biometric template vector x and the private key sk at the client to generate a reference template C x ;
S104, generating a reference template C x Stored in the server.
Further, the reference template C x The code is needed to be obtained by the code, and the code is specifically as follows:
the client registers its biometric as a reference template C on the server using the private key sk x ,
If q elements are contained in the first biometric fragment, then a q+3-dimensional vector is created:
where beta is a random positive number,
also random numbers;
construction of a diagonal matrix diag (X) 1 )=π 1 (x′ 1), wherein π1 (x′ 1 ) Representing the displacement vector x' 1 The position of the medium element;
constructing a (q+3) × (q+3) lower triangular matrix
The diagonal elements of the matrix are all 1;
obtaining a reference template of a first fragment in a biometric template of a user:
wherein ,M
1 and M
2 In the form of a random matrix,
is a triangular matrix;
finally, connecting the reference templates of all fragments to obtain a finished reference template C x 。
Further, the user initiates an authentication request to the server through the client, specifically: and the user initiates an authentication request to the server through the client by using the identity ID.
Further, the server receives the authentication request of the client and sends a challenge to the user, which specifically includes the following steps:
s301, after receiving an authentication request of a user, a server reads a reference template of the user
S302, the server randomly selects one and a reference template
Nonsingular matrix R with same dimension
i The operation is carried out with the above-mentioned formula to obtain the challenge->
S303, let u= { U 1 ,U 2 ,…,U p And (3) sending the information to the client.
Further, the watermark information embedding operation, namely watermark encryption is performed on the biometric vector, specifically as follows:
if the biological feature vector y is divided into p segments, two vectors m= { m are randomly selected 1 ,m 2 ,…,m p} and {θ1 ,θ 2 ,…,θ p And the two vectors satisfy the following relationship:
wherein q represents the number of elements in the ith fragment, θ 1 ,θ 2 ,…θ p Is a value interval of [0,1 ]]And satisfy θ 1 +θ 2 +…+θ p Relation of =θ, m 1 ,m 2 ,…,m p Is a random number and satisfies m 1 +m 2 +…+m p A relation of =0;
constructing a bipolar vector w= { w 1 ,w 2 ,…,w q The following are noted:
wherein Sign (·) represents a Sign function with a value of 1 or-1, m i Random number, θ, representing the ith fragment i A threshold value representing the ith fragment;
then calculating h=hash (w) using a one-way Hash function;
selecting p random numbers ry 1 ,ry 2 ,…,ry p And a random positive number alpha, while w is given to i And y is i The combination produces a new vector:
y′ i =α(y i ,m i +θ i ,0,r yi ),i=1,2,…,p,
wherein ,y
i The expression of the i-th fragment of the biological feature,
a random number representing the ith biometric fragment, α being a randomly generated positive number.
Further, the challenged biometric vector is specifically as follows:
for any one y 'of y' i Constructing a diagonal matrix Y i Wherein diag (Y) i )=π i (y′ i );
Selecting a lower triangular matrix S of (q+3) x (q+3) yi And the diagonal element of the matrix is 1;
constructing sub-challenge biometric templates as:
wherein
and
Is extracted from the key sk;
the final challenge biometric template is obtained as follows:
wherein ,
the challenge biological characteristic template of the ith segment is represented, and after the challenge biological characteristic templates of p segments are spliced, the complete challenge biological characteristic template T is obtained
y 。
Further, the method also comprises the step of feature decoding, wherein the feature decoding is specifically as follows:
by calculating a matrix C x and Ty Constructing a detection matrix v, then:
wherein ,Cxi Representing the ith fragment in the reference template.
Further, the signal calculation of the detection vector in each segment is carried out, whether watermark information is correct or not is judged, and a first authentication result is obtained according to the judgment result of the watermark information; calculating a total correlation value, and obtaining a final authentication result according to the total correlation value and the authentication result of the first step, wherein the final authentication result is specifically as follows:
the client receives the challenge template V and performs the following calculations:
wherein ,Ri The server randomly selects a nonsingular square matrix, U i The challenge is sent to the user for the service end;
calculating a watermark signal of the detection vector v; if w is empty, authentication fails; otherwise, h=hash (w); the calculation process is as follows:
whether watermark information is correct or not is judged by calculating signals of detection vectors in each segment, and the calculation process is as follows:
for any one element v in the detection vector v i Calculating the signals of the elements:
wherein ,vi Is the correlation value of the ith biological feature fragment.
If h is equal to Hash (w), the output watermark is the signal w, otherwise, the output watermark is null;
finally, the server calculates v' =v 1 +v 2 +…+c p As a total correlation value; if v' < 0, the user fails to authenticate the same; otherwise, the watermark is considered to be correctly extracted, and the user authentication is successful.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. the authentication watermark is randomly generated, the watermark is embedded into each inquiry biological characteristic section according to the bit, the randomness of the watermark ensures that the watermark cannot be copied intentionally, and the safety of the system is improved;
2. compared with the common watermarking technology, the watermarking encryption method based on the one-way hash function is high in calculation efficiency, the result is unique, once an attacker falsifies or counterfeits to inquire the biological characteristic information, the biological characteristic information can be identified at the first time, and the success rate of simulating the attack is greatly reduced;
3. in the method, the watermark is used as a shared key for generating the key between the user and the server, so that the key cannot be easily cracked.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but embodiments of the present invention are not limited thereto.
Examples:
a threshold predicate encryption biometric authentication method based on digital watermarking, as shown in figure 1, comprises the following steps:
acquiring biological characteristics of users through a client, generating a reference template for the biological characteristics of each user, and storing the reference template in a server;
a user initiates an authentication request to a server through a client;
the server receives the authentication request of the client and sends a challenge to the user;
after the client receives the challenge, a new biological characteristic sample of the client is collected, a biological characteristic vector is obtained, and the biological characteristic vector of the challenge is obtained through watermark information embedding operation, so that a challenge template is obtained
And sending the data to a server;
the server receives the inquiry template, carries out signal calculation of detection vectors in each segment, judges whether watermark information is correct, and obtains a first-step authentication result according to the judgment result of the watermark information; and calculating the total correlation value, and obtaining a final authentication result according to the total correlation value and the authentication result of the first step.
The method comprises the following steps:
the predicate encryption algorithm based on the digital watermark comprises the following specific steps:
step 1: parameter setting
Generating a system parameter param = { n, θ }, where n represents the number of elements in the feature vector and θ is a threshold, which is dependent on the application.
Step 2: key generation
The client generates a private key sk for Alice. The private key is a randomly generated multidimensional parameter matrix, and the number of elements of the fragment to be encrypted determines the dimension of the matrix. The system will generate its private random permutation function pi for each biometric fragment of Alice. If the biometric fragment contains q elements, the system will generate two (q+3) x (q+3) random matrices M 1 and M2 The final generated key is:
sk={M 1 ,M 2 ,n,π}
step 3: code encoding
In this step, the client uses asThe private key sk generated by Alice registers its biological characteristics as a reference template C on the server x 。
If q elements are contained in the first biometric fragment, then a q+3-dimensional vector is created:
where beta is a random positive number,
also random numbers.
Build a diagonal matrix diag (X) 1 )=π 1 (x′ 1), wherein π1 (x′ 1 ) Representing the displacement vector x' 1 The position of the element in (c).
Constructing a lower triangular matrix of (q+3) × (q+3)
The diagonal elements of the matrix are all 1.
Obtaining a reference template for the first fragment in Alice's biometric template:
finally, the reference templates of all fragments are connected to obtain the completed reference template C x 。
Step 4: embedding watermark information
In this step, after Alice obtains her biometric vector y and private key sk, in order to ensure the security of y, watermark encryption is performed on it, and the process is as follows:
if the biometric vector y can be divided into p segments, then two vectors m= { m are randomly chosen 1 ,m 2 ,…,m p} and {θ1 ,θ 2 ,…,θ p And the two vectors satisfy the following relationship:
where q represents the number of elements in the ith fragment.
Build a bipolar vector w= { w 1 ,w 2 ,…,w q The following are noted:
h=hash (w) is then calculated using a one-way Hash function.
Select p random numbers ry
1 ,ry
2 ,…,ry
p And a random positive number alpha, while w is given to
i And y is
i Combining to generate a new vector
Step 5: generating biometric vectors of challenges
In this step, a biometric vector T of the challenge will be generated y The process is as follows:
any one y 'of the pair y' i Constructing a diagonal matrix Y i Wherein diag (Y) i )=π i (y′ i )。
Selecting a lower triangular matrix of (q+3) × (q+3)
And the diagonal element of the matrix is 1.
Constructing the sub-templates as
wherein
and
Is derived from the extraction of the key sk,
Step 6: feature decoding
In this step, the matrix C is calculated
x and T
y To construct a detection matrix v
Step 7: watermark extraction
The step judges whether the watermark information is correct by calculating the signal of the detection vector in each segment, and the calculation process is as follows:
for any one element v in the detection vector v
i Calculate its signal
If h is equal to Hash (w), the output watermark is the signal w, otherwise the output watermark is null.
On the basis of the algorithm, the authentication method capable of realizing the biological characteristics comprises the following steps:
step 1: preparation link
The step generates a reference template for the biological characteristics of each user and stores the reference template in a service end of the system, and the process is as follows:
as shown in algorithm steps 1,2, first the parameters param= { n, θ } and the key sk corresponding to each user of the system are obtained
To obtain the response of the server, alice will register its biometric template vector x and key sk at the client to generate a reference template C x 。
Generated reference template C x Will be stored in the server.
Step 2: initializing links
In this step. Alice sends her identity ID to the server, initiating an authentication request.
Step 3: challenge link
After receiving the request of the user, the server sends a challenge U to the user, and the process is as follows:
after receiving the ID of the user, the server reads Alice's reference template C x 。
The server randomly selects one and
nonsingular matrix R with same dimension
i Performing operation to obtain new matrix ∈>
Let u= { U 1 ,U 2 ,…,U p And (3) sending the information to the client.
Step 4: response link
In this step, after receiving the challenge U, the client acquires a new feature sample of Alice, and obtains a feature vector y. Then obtaining the biological characteristic vector T of the inquiry after a series of operations such as embedding watermark information
y . The client calculates all
And sends it to the server together with the hash value h.
Step 5: authentication link
The client receives the challenge template V and performs the following calculations:
referring to algorithm 7, a watermark signal of the detection vector v is calculated. If w is empty, authentication fails. Otherwise, h=hash (w).
Finally, the server calculates v' =v 1 +v 2 +…+c p As a total correlation value. If v' < 0, the user fails to authenticate as well. Otherwise, consider the watermark to beCorrectly extracted, and the user authentication is successful.
The above examples are preferred embodiments of the present invention, but the embodiments of the present invention are not limited to the above examples, and any other changes, modifications, substitutions, combinations, and simplifications that do not depart from the spirit and principle of the present invention should be made in the equivalent manner, and the embodiments are included in the protection scope of the present invention.