A new type of student information management system is designed to implement student information identification and management based on fingerprint identification. In order to ensure the security of data transmission, this paper proposes a data encryption method based on an improved AES algorithm. A new -box is cleverly designed, which can significantly reduce the encryption time by improving ByteSub, ShiftRow, and MixColumn in the round transformation of the traditional AES algorithm with the process of look-up table. Experimental results show that the proposed algorithm can significantly improve the encryption time compared with the traditional AES algorithm.

1. Introduction

At present, there are a large number of college students, so the identification and verification of student identity information occur at all times in the campus, as well as the corresponding services given by the students’ identification. Therefore, safe and efficient student information management, convenient identification to obtain the required service, and safe and reliable information transmission have become an important task for the student information management [13]. Three main features of the proposed system are the following:(1)This system uses the fingerprint identification terminal to collect the fingerprint information. By means of replacing the campus card with the physiological characteristics of lifelong invariance, uniqueness, and convenience, it has become the basis of student identity authentication. The maturity of the fingerprint identification technology ensures the safety and speed of the process and also eliminates the disadvantages of the campus card which is easy to be stolen and forged and easily lost.(2)In order to ensure the safety of the students’ information, the fingerprint characteristic value is encrypted and transmitted, using the improved AES encryption algorithm [4], which has the same security guarantee with traditional AES algorithm but reduces the required time for encryption. Therefore, this student management system not only is convenient for students in the college, but also protects the privacy of students.(3)After the system has been built, because it is easy to maintain and popularize, the modular system design is easier to improve, and it can be widely used in other fields.

2. Description of the Student Information Management System

The system is mainly composed of two parts: terminal and host computer. The terminal is composed of fingerprint identification module and micro controller. The host computer can use personal computers or large servers according to the number of users, and the management of student information database uses SQL Server. The terminal fingerprint sensor uses optical fingerprint recognition module, while the microcontroller uses STM32F4, with 192 KB of SRAM [5]. Each terminal processes and encrypts the collected fingerprint data and then transmits it to the host computer. To ensure the safety of data, the fingerprint data is only stored in the host computer database, and the terminals are only responsible for collection and processing. The system structure is shown in Figure 1.

3. Implementation of the Student Information Management System

The system collects fingerprints through the terminal fingerprint identification sensor. And the microprocessor processes and encrypts the fingerprint information and then transmits it to the server. On the server side, it compares the fingerprint information transmitted from terminal with the fingerprint information stored in the server database. If the identity is consistent, the user is allowed to operate by verification. The overall process is shown in Figure 2.

4. Data Transmission Encryption Method

In order to achieve the campus student consumption, identity registration, and other functions, the student information identification management system based on fingerprint identification and data security transmission needs to transmit student fingerprint information, identity information, and bank card information among the terminal. There is a risk of being intercepted during data transmission. Students’ private information has a high commercial value; once intercepted by criminals, the consequences could be disastrous. When using plaintext transmission, security is very low; therefore, the entire data transmission using ciphertext transmission, to achieve a plaintext view and ciphertext transmission effect, greatly improve the security, so that criminals cannot take the opportunity. In order to ensure the security of encrypted transmission and user-friendliness, the encryption process uses the optimized AES algorithm.

AES algorithm is a variable data block length and variable key length iterative block cipher algorithm, and the length of the data block and the key length can be 128, 192, or 256 bits [6]. The most important operation in the AES algorithm is the round transformation operation, where the various operations applied to the process give a high encryption strength. The round transformation operation consists of four steps: ByteSub, ShiftRow, MixColumn, and AddRoundKey, and these steps will be mathematically transformed to eventually construct a new -box [7, 8].

4.1. Matrix Representation of AES Algorithm Round Transformation

AES algorithm mainly consists of three modules: encryption module, decryption module, and key expansion module. Each round transformation of the encryption module consists of ByteSub, ShiftRow, MixColumn, and AddRoundKey four operations [9]. The decryption module is also composed of four similar operations; the difference is that ByteSub, ShiftRow, and MixColumn are the inverse operation of the encryption module. And the extension key used in AddRoundKey is generated by the key expansion module. The encryption module and the decryption module are the core of the AES algorithm, which are the repetition process of the round transformation, so the simplified round function can improve the operation speed of the AES algorithm [10, 11].

For convenience of description, 128-bit (16 bytes) data is used here and the key is 128 bits.

In the ByteSub transformation, it is assumed that the input is , ; output is , . ByteSub transformation can be expressed as

And it can also written as

In practice, this transformation can be converted to look-up table operation. The table is the AES algorithm byte conversion table, also known as box.

In the ShiftRow transformation, the schematic diagram is shown in Figure 3. It is assumed that the output is , .

Then can be expressed as a matrix:

In the MixColumn transformation, each column of the state array obtained in ShiftRow is treated as a polynomial on and modulo multiplication with a fixed polynomial .

It is assumed that the output is , ; then MixColumn can also be written as matrix multiplication [1214]:

In the AddRoundKey transformation, the expansion round key generated by the key expansion module begins to function. Set the round key to . Set the output to . Then AddRoundKey can be expressed as a matrix:Equations (2), (3), and (4) into (5) can get

Above we have come to a matrix representation between input and output of each round transformation of AES algorithm [1517].

4.2. Optimized AES Algorithm

In (6), to calculate requires one xtime [4] operation and one exclusive-OR operation. Thus, getting each column vector of a round transformation result requires four xtime operations and eight exclusive-OR operations (regardless of round key generation). According to the observation we can see in the column vector multiplied by , , , and , only the three elements: 01, 02, and 03. So we can create a new box to get directly each element in the , , , and four column vectors by look-up table method, so that we can save four xtime operations and four exclusive-OR operations and get each column vector of a round transformation result which requires only four exclusive-OR operations (regardless of round key generation). Let data in the original box operate, respectively, with , and we get a new byte conversion table, as shown in Table 1.

In the use of C language to implement, the table will be set to a two-dimensional array , so that we can get each element of , , , and four column vectors by look-up table method. For example, in , the lower four bits and higher four bits of correspond separately to the abscissas and ordinates of the table, so that we get the row coordinates of the two-dimensional array, which is equivalent to determining which grid is in Table 1. The of the column vector correspond separately to the in two-dimensional array column coordinates, which is equivalent to determining which element of the grid is in Table 1. The optimized AES encryption algorithm flow chart is shown in Figure 4.

Likewise, a similar new byte conversion table can be created at the time of decryption to achieve decryption optimization.

4.3. Experimental Results and Analysis

In order to test the encryption speed between classical AES algorithm and optimized AES algorithm in this paper, we use C ++ language to implement the two algorithm encryption processes, respectively, the encryption process in Windows 7 operating system, Core i5-3230M 2.60 GHz CPU, and 8 G memory environment. In each experiment we take 100,000 times the encryption time, and we get a total of 10 sets of data in five experiments. The data obtained in the experiments are shown in Table 2.

Through the test results in Table 2 we can see that the encryption speed of optimized AES algorithm has a great improvement compared to the classic AES algorithm. In terms of memory footprint, this optimized AES encryption algorithm requires to store two new byte conversion tables (encryption and decryption). The traditional AES algorithm requires to store two bytes conversion tables, so the optimized AES algorithm does not significantly increase the memory resource occupancy.

5. Conclusion

The system implements the verification of the student identity through the fingerprint, which can make the campus life more convenient. The fingerprint data is only stored in the host computer database after encryption transmission, which makes the convenience greatly improved on the basis of ensuring security. Each terminal connected with the host computer constitutes an integral system to achieve the information sharing among each terminal, and the host computer stores the terminal data and manages the students’ information efficiently with less time. The encryption method based on the improved AES optimizes the implementation method of algorithm in the process of simplifying the operation step, and the mathematical structure of the original algorithm is not changed, so that the encryption speed increases rapidly under the condition that the security is not reduced, while the memory occupation does not increase significantly, so it is easy to be achieved in the embedded system. Taking an example of AES with 128-bit plaintext length and key length, this paper proposes an optimization scheme based on actual requirement. The scheme can also be extended to the AES with other data lengths, which is suitable for various situations of data encryption, so it has a wide range of applications and strong practicability.

Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.


Special thanks are due to National University Student Innovation Program and Nankai University for the assistance provided to this project.