计算机应用 ›› 2020, Vol. 40 ›› Issue (11): 3255-3260.DOI: 10.11772/j.issn.1001-9081.2020020273

• 网络空间安全 • 上一篇    下一篇

基于TrustZone的移动云环境指纹认证终端APP的设计和实现

王志恒, 徐彦彦   

  1. 测绘遥感信息工程国家重点实验室(武汉大学), 武汉 430000
  • 收稿日期:2020-03-16 修回日期:2020-04-29 出版日期:2020-11-10 发布日期:2020-06-30
  • 通讯作者: 徐彦彦(1974-),女,河南信阳人,教授,博士,主要研究方向:云计算安全、大数据隐私保护、多媒体网络通信;xuyy@whu.edu.cn
  • 作者简介:王志恒(1996-),男,河南平顶山人,硕士研究生,主要研究方向:隐私保护、安全认证、生物识别
  • 基金资助:
    国家自然科学基金资助项目(41571426);武汉市应用基础研究计划项目(2017010201010114)。

Design and implementation of fingerprint authentication terminal APP in mobile cloud environment based on TrustZone

WANG Zhiheng, XU Yanyan   

  1. State Key Laboratory of Information Engineering in Surveying, Mapping and Remote Sensing(Wuhan University), Wuhan Hubei 30000, China
  • Received:2020-03-16 Revised:2020-04-29 Online:2020-11-10 Published:2020-06-30
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (41571426), the Wuhan Applied Basic Research Program (2017010201010114).

摘要: 针对指纹等生物特征在云环境下存在泄露的安全隐患,以及已有的生物特征认证方案安全性或便利性不足的问题,设计并实现了基于正交分解和TrustZone的可信指纹认证终端APP。利用TrustZone的硬件隔离机制,在可信执行环境中完成指纹特征提取、指纹模板生成等敏感操作,与普通执行环境中的应用隔离,从而抵挡恶意程序的攻击,保证认证过程的安全性。基于正交分解算法生成的指纹模板在保证可匹配性的同时融合了随机噪声,可以在一定程度上抵挡针对特征模板的攻击,使得指纹模板可以在云环境下存储和传输,解除用户与设备的绑定,提升了生物认证的便利性。实验和理论分析表明,指纹模板的相关性和随机性比原始特征和随机映射算法更高,有更强的安全性;另外时间和存储开销、识别的准确性的实验结果表明,所设计APP兼顾便利性和安全性,满足移动云环境下安全认证的需求。

关键词: TrustZone, 可信认证, 指纹识别, 可信应用, 云安全

Abstract: Focused on the potential safety hazard of leakage of fingerprint and other biometrics in the cloud environment, as well as the lack of security or convenience of the existing biometric authentication schemes, a terminal APP of trusted fingerprint authentication based on orthogonal decomposition and TrustZone was designed and implemented. The sensitive operations such as fingerprint feature extraction, fingerprint template generation were executed in the trusted execution environment provided by the hardware isolation mechanism of TrustZone, making these operations isolated from the applications in the general execution environment to resist the attacks of malicious programs and ensure the security of the authentication process. The fingerprint template generated on the basis of orthogonal decomposition algorithm integrate the random noise while remaining the matching ability, so that it was able to resist the attack against the feature template to a certain extent. As a result, the fingerprint template was able to be stored and transmitted in the cloud environment, so that the user and the device were unbound, which improved the convenience of biometric authentication. Experiments and theoretical analysis show that the correlation and randomness of the fingerprint template of the proposed algorithm is higher than those of original feature and random projection algorithms, so that the algorithm has stronger security. In addition, the experimental results of time and storage overheads as well as recognition accuracy show that, both convenience and security are considered in this APP, meeting the requirements of security authentication in mobile cloud environment.

Key words: TrustZone, trusted authentication, fingerprint identification, trusted application, cloud security

中图分类号: