【作者】 王德松；

【导师】 李建平；

【作者基本信息】 电子科技大学 ， 信息安全， 2012， 博士

【摘要】 随着计算机网络的蓬勃发展，越来越多的资源和应用都是利用网络远程获取和得到授权的服务，如何确保特定的资源只能被合法、授权的用户访问和使用，即如何正确地鉴别用户的身份是保证通信网和系统数据安全的首要条件。而且，在网络环境下，如何验证生物特征图像的完整性、如何安全可靠地实现远程身份认证、如何确保生物特征的隐私性和秘密数据的安全性、如何确保数字媒体数据的版权等成为开放网络环境下的研究热点。本论文主要研究基于生物特征信息隐藏与身份认证方案，该方案是充分利用生物特征识别技术、密码技术和信息隐藏技术来实现远程身份认证，并获得服务器提供的授权服务，而且还能有效地提高秘密数据的安全性和生物特征数据的隐私性。本文所做的主要贡献如下：1、提出了基于SVD和脆弱水印的生物特征图像的完整性认证算法。针对奇异值分解理论与脆弱水印的特性，提出了如何在网络环境下对远程用户传输的生物特征图像完整性的认证方法。实验结果表明：基于SVD和脆弱水印的生物特征图像完整性认证方法是行之有效的，可用于生物特征图像完整性认证系统。该认证算法可用于远程身份认证系统中的用户端的用户只负责生物特征图像采集和认证的水印嵌入，而在具有较大运算处理能力的服务器端进行认证水印的提取与认证、特征的提取与匹配，从而确认远端用户的身份。2、提出了基于Radon变换和奇异值分解的手指静脉识别算法。该识别算法首先利用Radon变换来提取手指静脉图像的方向信息，并构成投影矩阵；其次，利用奇异值分解来提取投影矩阵的奇异值作为手指静脉模式的特征向量；最后，利用归一化距离来计算其相似度。实验结果表明：提出的识别算法对手指静脉具有不错的识别效果。3、提出了基于指纹的远程身份认证与密钥协商。该研究主要采用现有的指纹识别算法与密码技术相结合的方式，实现基于指纹的自认证后释放对存有秘密信息的智能卡的控制权，通过密码协议实现与远端服务器之间的相互认证，克服了集中存放用户指纹特征信息的安全风险。同时，为了对用户指纹特征数据的安全性与隐私性保护，用户的指纹特征数据都是通过密钥加密传输，克服了传统的身份认证和生物特征识别系统的安全问题，提升了在安全威胁的情况下的整个认证体系的安全性和隐私性。4、提出了基于双线性对和手指静脉的远程双向认证与密钥协商。该研究主要利用超椭圆曲线上的双线性对性质（计算速度快和安全效率高、密钥大小和带宽要求低）与手指静脉识别算法，构建了在分布式网络环境下的身份认证与密钥协商协议。通过安全分析表明，提出的身份认证协议是合理的、安全的，提升了在安全威胁的情况下的整个认证系统的安全性和隐私性。5、提出了基于生物特征信息隐藏与识别的多因子身份认证与密钥协商。首先构造了生物特征信息隐藏的基本模型；然后提出了基于双正交样条小波（bior4.4）的生物特征信息隐藏算法，并用实验验证提出的基于小波域的双正交样条小波对生物特征信息隐藏算法对攻击的有效性和鲁棒性；接着我们还构造了基于生物特征信息隐藏与识别的远程身份认证系统，该系统相比于传统的生物特征认证系统具有更高的安全性，即使攻击者窃取了该隐密的载体图像，也很难判断是否存在隐密特征与提取得到生物特征，体现了对用户生物特征数据的隐私保护；最后给出了基于生物特征信息隐藏与识别的多因子身份认证与密钥协商，该协议充分利用生物特征识别技术、信息隐藏技术、密码技术及智能卡技术来安全实现远程身份认证，并通过安全性分析与功能分析表明，提出的认证协议不但具有高度安全性，而且保护了用户的隐私。6、提出了基于人脸图像与虹膜特征的双重水印技术在版权保护中的应用。首先介绍了可见人脸图像水印和不可见虹膜特征水印的产生；接着介绍了双重生物特征水印的算法；最后通过实验验证了提出的双重生物特征水印算法的稳健性与有效性，其中以人脸图像为可见水印起到明显地标示数字媒体图像的所有者，以虹膜特征为不可见水印可以在版权纠纷时起到提供法律依据和确保对数字媒体图像的版权，这对数字媒体数据提供双重保护，从而更加有效地遏制非法复制和篡改。更多还原

【Abstract】 With the vigorous development of computer network, more and more resourcesand application can be obtained, and the authorized services can be gained through theremote access to the server. How to ensure a particular resource can only be accessedand used for legitimate and authorized users, namely, how to correctly identify theuser’s identity is a primary condition for ensuring communications network andsystem’s data. Moreover, under the open network environment, how to verify theintegrity of biometric images, how to achieve remote authentication, how to ensure theprivacy and security of biometrics and secret data, how to ensure the copyright of digitalmedia data and so on are to attract more attention.The main study is based on biometric information hiding and authenticationscheme in the thesis, which is the complete use of biometric technology, cryptographyand information hiding technology to enable remote authentication and the serverproviding the service, and can effectively improve the security of confidential data andthe privacy of biometric data. The main contributions of this thesis are as follows:1. A biometric image integrity authentication method using the singular valuedecomposition(SVD) and fragile watermarking is proposed. According to the singularvalue decomposition theory and characteristics of fragile watermarking, a biometricimage integrity authentication method for the remote user transmitted biometric imagesis presented under the environment of network. Experimental results indicate that thefragile watermarking based on the SVD and image integrity of biometric authenticationmethod is effective, and can be used for biometric image integrity verification system.To confirm the identity of the remote user, the proposed authentication scheme can beapplied to the biometric image integrity authentication, in which, the users areresponsible for the biometric image capture and the authenticated watermark embedding,and the server which has a large processing capacity is responsible for the authenticatedwatermark extraction and verification, feature extraction and matching.2. A finger-vein recognition algorithm based on Radon transform and singularvalue decomposition is proposed. First of all, the recognition algorithm using the Radon transform extracts finger-vein image orientation information and then constructs aprojection matrix. Second, the projection matrix singular value is extracted usingsingular value decomposition as the finger vein pattern feature vector. Finally,normalized distance used to calculate the similarity. Experimental results indicate thatthe proposed recognition algorithm for finger-vein recognition is effective.3. A remote authentication and key agreement protocol based on fingerprint isproposed. The protocol used mainly the current existing fingerprint recognitionalgorithm and cryptography to gain control of the user’s smart card stored secretmessage, and achieved mutual authentication between the user and the server of theproposed authentication system using cryptographic protocols, and overcome thesecurity risks of a centrally stored users’ fingerprint features in the server. Meanwhile,to protect users’ fingerprint features data security and privacy, users’ fingerprint featuresare transmitted after users’ fingerprint features are encrypted using secret keys, so ourproposed authentication protocol can overcome the security issues of traditionalauthentication and biometric identification systems and enhance the security andprivacy of authentication system in case of security threats.4. A remote mutual authentication and key agreement protocol based on bilinearpairings and finger-vein is proposed. An authentication and key agreement protocolusing the properties of bilinear pairings on super elliptic curves (i.e., calculation speedof high efficiency and security, key size, and lower bandwidth requirements) andfinger-vein recognition algorithms in a distributed network environment is mainlystudied. The security analyses show that the proposed authentication protocol isreasonable and secure, and then it enhances the security and privacy of authenticationsystem in case of security threats.5. A multi-factor authentication and key agreement protocol based biometricinformation hiding and recognition is presented. First, the basic model of biometricinformation hiding is constructed. Second, we propose a biometric information hidingbased on bi-orthogonal spline wavelet, and the robustness and validity of the proposedbiometric information hiding algorithm with suffering some attacks is proved byexperiments. Third, we also constructed a remote authentication system based oninformation hiding and recognition using biometrics, the system has higher securitycompared to traditional biometric authentication system, even the attacker who has stolen the carrier image of hidden biometrics is also difficult to judge whether whichexists hidden biometrics or not, and extract the hidden biometrics in carrier image. Soour proposed authentication system can protect users’ privacy. Finally, we present amulti-factor authentication and key agreement protocol based biometric informationhiding and recognition. The proposed protocol can achieves remote authentication fullyusing the biometric information hiding, cryptography and smartcard technology, and thesecurity and function analyses indicate that the proposed protocol has not only a highdegree of security but protection of users’ privacy.6. A dual watermarking technique using facial image and iris feature for thecopyright protection is presented. First we described how to generate visible facialimage watermark and invisible iris feature watermark; then an dual biometricwatermarking algorithm is described; finally, the robustness and effectiveness of theproposed watermarking algorithm by some experiments is proved, in the proposed dualwatermarking algorithm, facial image is visible watermark and can mark an owner ofdigital media image, iris feature is invisible watermark and can provides legal pursuantand ensure owner copyright of digital media image under copyright dispute, so A dualwatermarking technique using facial image and iris feature for the copyright protectioncan be more effectively prevent an illegally copied and tampered digital media image.更多还原