摘要
针对生物特征识别系统存在的隐私泄露和数据篡改等安全隐患,提出一种基于签名数字信封技术的系统安全传输加固方法。通过对客户端和服务器侧增加安全模块,采用含签名的增强数字信封技术实现生物特征模板的安全传输,确保模板参数加密和处理结果签名不可篡改。在分析BioAPI函数及数据结构基础上,给出兼容BioAPI标准的安全应用加固框架及其实现细节。安全性对比分析结果表明,加固后系统提升了保密性和完整性,具有一定的实用价值。
In view of the biometric identification system privacy leakage and data tampering and other security risks,a secure transmission and reinforcement method based on signature digital envelope technology and its security application framework were proposed.Security module was added to client and server side,with the enhancement of digital envelope signature encryption,biometric templates were protected while ensuring that the template parameters were encrypted and the signature of the processing results could not be tampered.Based on the analysis of BioAPI function and data structure,the details of security reinforcement implementation compatible with BioAPI were given.The security analysis shows that the reinforced system is improved in terms of confidentiality and integrity,and it has good practical value.
引文
[1]Haghighat M, Zonouz S, Abdel-Mottaleb M. CloouID:Trustworthy clould-based and cross-enterprise biometric identification[J].Expert Systems with Aoolications,2015,42(21):7905-7916.
[2]Yuan J,Yu S.Efficient privacy-preserving biometric identification in cloud computing[C]//INFOCOM,Proceedings IEEE,2013:2652-2660.
[3]Lu Cheng,Wang Jisong,Qi Miao.Multimodal biometric identification approach based on face and palmprint[J].Science Translational Medicine,2014,6(218):218ra4.
[4]China National Standardization Management Committee.GB/T29268.1-2012,information technology, biometrics, performance testing and reporting first parts:Principles and framework[S].Beijing:China Standard Press,2012:5(in Chinese).[中国国家标准化管理委员会.GB/T 29268.1-2012,信息技术生物特征识别性能测试和报告第1部分:原则与框架[S].北京:中国标准出版社,2012:5.]
[5]QIAN Honglei.The status and analysis of the security of computer information system[J].Electronic Technology and Software Engineering,2015(17):216(in Chinese).[钱红雷.计算机信息系统安全现状及分析[J].电子技术与软件工程,2015(17):216.]
[6]WANG Huan.Research and implementation of security and confidentiality management system based on RFID technology[D].Beijing:Beijing JiaoTong University,2013(in Chinese).[王欢.基于RFID技术的涉密载体安全保密管控系统的研究与实现[D].北京:北京交通大学,2013.]
[7]ZHANG Ning,ZANG Yali,TIAN Jie.Fusion of biometrics and cryptography—A new secure identity authentication scheme[J].Journal of Cryptologic Research,2015,2(2):159-176(in Chinese).[张宁,臧亚丽,田捷.生物特征与密码技术的融合—一种新的安全身份认证方案[J].密码学报,2015,2(2):159-176.]
[8]LI Xueyan.Open protection of biometric template and study of template parameters[D].Tianjin:Tianjin Polytechnic University,2016(in Chinese).[李雪妍.生物特征模板公开保护及模板参数研究[D].天津:天津工业大学,2016.]
[9]Elisardo Gonzalez-Agulla,Enrique Otero Muras,Jose Luis Alba Castro,et al.A multiplatform Java wrpper for the BioAPIFramework[J].Computer Stangards&Interfaces,2009,31(1):186-191.
[10]Elisardo Gonzalez-Agulla,Enrique Otero Muras,Jose Luis Alba Castro,et al.An open source Java framework for biometric web authentication based on BioAPI[J].Computer Stangards&Interfaces,2008,18:208-211.
[11]XIAO Zhenjiu,HU Chi,CHEN Hong.Research and implementation of four prime RSA digital signature algorithm[J].Journal of Computer Applications,2013,33(5):1374-1377(in Chinese).[肖振久,胡驰,陈虹.四素数RSA数字签名算法的研究与实现[J].计算机应用,2013,33(5):1374-1377.]
[12]TIAN Miaomiao.Research on lattice based digital signature scheme[D].Beijing:University of Science and Technology of China,2014(in Chinese).[田苗苗.基于格的数字签名方案研究[D].北京:中国科学技术大学,2014.]
[13]LING Yongxing,LEI Ying.Research on the application of digital envelopes in Web services[J].Computer Security,2013(5):60-65(in Chinese).[凌永兴,雷英.数字信封在Web服务中的应用研究[J].计算机安全,2013(5):60-65.]
[14]China National Standardization Management Committee.GB/T33844-2017,information technology biometrics for biometric ten finger fingerprint acquisition application programming interface(BioAPI)[S].Beijing.China Standard Press,2017:5(in Chinese).[中国国家标准化管理委员会.GB/T33844-2017,信息技术生物特征识别用于生物特征十指指纹采集应用编程接口(BioAPI)[S].北京:中国标准出版社2017:5.]
[15]CHEN Hongyu.Design and implementation of JAVACARD application based on fingerprintk key[D].Tianjin:Tianjin Polytechinic University,2018(in Chinese).[陈泓宇.一种基于志文密钥的JAVACARD应用设计与实现[D].天津:天津工业大学,2018.]