期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于模糊提取的远程双向生物认证 被引量:9

Fuzzy Extractor Based Remote Mutual Biometric Authentication
下载PDF
导出
摘要 传统的远程生物认证采用安全信道或者生物认证过程本地化的方法,具有较多的局限性.模糊提取可从生物特征输入中以容错的方式可靠地提取出均匀分布的随机密钥,当输入发生变化且变化很小时,该密钥保持不变.基于这一重要工具,给出了一个零存储的非安全信道双向生物认证方案.该方案无需存储和传输用户的生物特征,有效保护了用户隐私,并能够抵抗假冒攻击和多服务器合谋攻击.此外,所给方案还具有良好的可扩展性,集成口令和智能卡可产生多因素认证方案,并支持用户注册更新. Biometric authentication eliminates the need for passwords, PIN numbers, and other ID's that are readily compromised. Meanwhile, the network environment provides biometrie authentication with more application scenarios. However, too many confines exist in the traditional remote biometric authentication in which the secure channel or localization of biometric authentication process is applied. Fuzzy extractors allow one to extract some uniformly distributed random key in an error- tolerant way from biometric input w and then successfully reproduce the key from any other hiometrie input w' that is very close to w. Based on the important secure primitive, a zero-storage mutual biometric authentication scheme on non-secure channel is presented in this paper. A two-party key distribution protocol based on sharing secret is used. Biometric samples are utilized to reproduce the sharing key. With no need of storing and transferring user biometrics, user privacy can be well protected. Additionally, it is pointed out that the proposed scheme is invulnerable to masquerade attacks from both users and servers. Conspiracy attacks from multi-server can also be resisted. Furthermore, the proposed scheme is very scalable. Multi-factor authentication schemes can be generated by integrating password with smartcard. User registration update can also be easily achieved. And the scheme is suitable for applications with high security requirement.
作者 张凡 冯登国
机构地区 中国科学院软件研究所信息安全国家重点实验室
出处 《计算机研究与发展》 EI CSCD 北大核心 2009年第5期850-856,共7页 Journal of Computer Research and Development
基金 国家自然科学基金项目(60603017) 国家"八六三"高技术研究发展计划基金项目(2006AA01Z454)~~
关键词 模糊提取 非安全信道 双向生物认证 零存储 多因素认证 fuzzy extractor non-secure channel mutual biometric authentication zero-storage multi-factor authentication
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献18

  • 1Ari Juels, David Molnar, David Wagner. Security and privacy issues in e-passports [C]//Proc of the 1st Int Conf on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05). Piscataway, NJ: IEEE, 2005 : 74-88
  • 2Lee J K, Ryu S R, Yoo K Y. Fingerprint-based remote user authentication scheme using smart cards [J]. Electronics Letters, 2002, 38(12): 554-555
  • 3Lin Chu-Hsing, Lai Yi-Yi. A flexible biometrics remote user authentication scheme [J]. Computer Standards & Interfaces, 2004, 27(1): 19-23
  • 4Muhammad Khurram Khan, Zhang Jiashu. Improving the security of a flexible biometrics remote user authentication scheme [J]. Computer Standards & Interfaces, 2007, 29 (1): 82-85
  • 5Charles Clancy T, Negar Kiyavash, Dennis J Lin. Secure smartcard based fingerprint authentication [C]//Proc of the 2003 ACM SIGMM Workshop on Biometrics Methods and Application(WBMA 2003). New York: ACM, 2003: 45-52
  • 6Monrose F, Reiter M K, Li Q, et al. Cryptographic key generation from voice [C] //Proc of the 2001 IEEE Syrup on Security and Privacy. Los Alancitos, CA: IEEE Computer Society, 2001:202-213
  • 7Goh A, David Ngo Chek Ling. Computation of eryptographie keys from face biometrics [G] //LNCS 2828: Proc of Int Federation for Information Processing 2003. Berlin: Springer, 2003:1-13
  • 8Juels A, Wattenberg M. A fuzzy commitment scheme [C]//Proc of the 6th ACM Conf on Computer and Communications Security (CCS 1999). New York: ACM, 1999:28-36
  • 9Dodis Y, Reyzin L, Adam Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data [G]//LNCS 3027: Proc of Eurocrypt 2004. Berlin: Springer, 2004:523-540
  • 10Dodis Y, Katz J, Reyzin L, et al. Robust fuzzy extractors and authenticated key agreement from close secrets [C] // LNCS 4117: Proc of CRYPTO 2006. Berlin: Springer, 2006 : 232-250

二级参考文献15

  • 1Ari Juels, Martin Wattenberg. A fuzzy commitment scheme [C]. In:Proc of the 6th ACM Conf on Computer and Communications Security (CCS 1999 ). New York: ACM Press, 1999. 28-86.
  • 2Ari Juels, Madhu Sudan. A fuzzy vault scheme [C]. In: Proc of the 2002 Int'l Syrup on Information Theory (ISIT 2002). Piscataway, NJ: IEEEPress, 2002. 408-426.
  • 3Umut UIudag, Sharath Pankanti, AniI K Jain. Fuzzy vauIt for fingerprints [C]. In:Proc of Audio- and Video Based Biometric Person Authentication ( AVBPA 2005 ), LNCS 3546. Berlin: Springer Verlag, 2005. 310-319.
  • 4Yevgeniy Dodis, Leonid Reyzin, Adam Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data [C]. In: Proc of Eurocrypt 2004, LNCS 3027. Berlin: Springer-Verlag, 2004. 523-540.
  • 5Xavier Boyen. ReusabIe cryptographic fuzzy extractors[C]: In.. Proc of ACM Conf on Computer and Communications Security CCS 2004. New York: ACM Press, 2004. 82-91.
  • 6T Charles Clancy, Negar Kiyavash, Dennis J Lin. Secure smartcardbased fingerprint authentication [C]. In: Proc of the 2003 ACM SIGMM Workshop on Biometrics Methods and Application (WBMA 2003). New York: ACM Press,2003. 45-52.
  • 7F Monrose, M K Reiter, Q Li, et al. Cryptographic key generation from voice [C]. The 2001 IEEE Syrup on Security and Privacy, Oakland, CA, 2001.
  • 8Alwyn Goh, David Ngo Chek Ling. Computation of cryptographic keys from face biometrics [C]. In: Proc of Int'l Federation for Information Processing 2003, LNCS 2828. Berlin: Springer-Verlag, 2003. 1-13.
  • 9Feng Hao, Ross Anderson, John Daugman. Combining crypto with biometrics effectively [J]. IEEE Trans on Computers, 2006, 55(9):1081-1088.
  • 10Pim TuyIs, Jasper GoseIing. Capacity and exampIes of template protecting biometric authentication systems[C]. In: Proc of ECCV Workshop BioAW 2004, LNCS 3087. Berlin: Springer-Verlag, 2004. 158-170.

共引文献6

同被引文献89

  • 1Lamport L. Password authentication with insecure communieation [ J ]. Commun ACM, 1981,24 ( 11 ) :770 - 772.
  • 2Jablan D P. Strong password - only authenticated key exchange [ J ]. Computer Communication Review, 1996,26 (5):5-26.
  • 3Wu T C,Sung H S. Authenticating passwords over an insecure channel [ J]. Computers and Security, 1996, 15 (5) :431 -439.
  • 4Dodis Y, Reyzin L, Smith A. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data [ C ]//Cachin, J. camenisch. 23rd Annual Eurocrypt Con- ference. Interlaken, SWITZERLAND. [ S. 1. ] : [ s. n. ], 2004:523 - 540.
  • 5Dodis Y, Ostrovsky R, Reyzin L. Fuzzy extractors : How to generate strong keys from biometrics and other noisy data [J]. Siam Journal on Computing,2008,38( 1 ) :97 - 139.
  • 6Yao A C. THEORY AND APPLICATIONS OF TRAP- DOOR FUNCTIONS [ C]//23rd Annual Symposium on Foundations of Computer Science. Chicago : IEEE, 2003 : 80 -91.
  • 7Nisan N,Zuckerman D. Randomness is linear in space [ J]. Journal of Computer and System Sciences, 1996,52 (1) :43 -52.
  • 8Boyen X, Dodis Y, Katz J. Secure remote authentication using biometric data [ J ]. Advances in Cryptology, 2005, 3494 : 147 - 163.
  • 9Dodis Y, Katz J, Reyzin L. Robust fuzzy extractors and authenticated key agreement from close secrets [ C ]// 26th Annual International Cryptology Conference. CRYPTO 2006, August 20,2006 - August 24,2006. Seattle, WA, United states. [ S. l. ] : Springer Verlag, 2006 : 232 - 250.
  • 10Cramer R, Dodis Y, Fehr S. Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors [ C ]//27th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Istanbul : Springer Verlag ,2007:471 - 488.

引证文献9

二级引证文献27

计算机研究与发展
2009年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部