A Distributed Biometric Authentication Protocol Based on Homomorphic Encryption
-
摘要: 分布式生物特征认证系统因不依赖弱口令或硬件标识物而获得高的可靠性、安全性和便利性,但也因生物特征存在永久失效和隐私泄露的风险而面临更多的安全威胁.基于同态加密技术的生物特征认证方案允许特征向量在密文域匹配以保护向量安全和用户隐私,但也因此要在密文域执行昂贵的乘法运算,而且还可能因为向量封装不当而遭受安全攻击.在Brakerski等人同态加密方案的基础上提出了一种安全向量匹配方法,并在该方法的基础上设计了一个口令辅助的生物特征同态认证协议.该协议无需令牌等硬件标识物,注册时只需将带有辅助向量的特征模板密文和辅助向量外包存储,认证时服务器使用辅助向量匹配法完成模板向量和请求向量的相似性评估即可实现用户身份认证.基于Dolev-Yao攻击者模型变种和分布式生物特征认证系统所面临的主要攻击手段对协议进行了安全性分析,并通过和另外2个基于RLWE(learning with error over ring)同态的生物特征认证协议的对比分析,证明了新协议在隐私保护和向量匹配效率方面更具优势.Abstract: The distributed biometric authentication system achieves high reliability, security and convenience without relying on weak passwords or hardware identifiers, but also faces more security threats due to the risk of permanent failure and privacy leakage of biometrics. The biometric authentication scheme based on homomorphic encryption technology allows feature vectors to be matched in the ciphertext domain to protect feature vector security and user privacy, but have to perform expensive multiplication operations in the ciphertext domain and it may also be compromised by improper vector encapsulation. In this paper, a secure vector matching method is proposed based on the BGV homomorphic encryption scheme, and a password-assisted biometric authentication protocol is designed based on this method. The protocol does not require hardware identifiers such as USB key, and registration only needs to store the auxiliary vector and the ciphertext of the sum of the biometric template vector and the auxiliary vector, authentication server using auxiliary vector matching method to evaluate the similarity of the template vector and the request vector can achieve user identity authentication. Based on Dolev-Yao attacker model and the multiple attacking methods of distributed biometric authentication system, the security analysis of the protocol is achieved, and the new protocol is proved to be more advantageous in privacy protection and vector matching efficiency by comparing and analyzing two other well-known RLWE-based biometric authentication protocols.
-
-
期刊类型引用(8)
1. 杨小东,周航,任宁宁,袁森,王彩芬. 支持多密文等值测试的无线体域网聚合签密方案. 计算机研究与发展. 2023(02): 341-350 . 本站查看
2. 杨蒙蒙,江昆,温拓朴,陈会仙,黄晋,张浩,黄健强,唐雪薇,杨殿阁. 自动驾驶高精度地图众源更新技术现状与挑战. 中国公路学报. 2023(05): 244-259 . 百度学术
3. 王妍,白洪亮,蒋方正,张英伟. 露天矿无人驾驶运输关键技术研究. 现代矿业. 2023(10): 178-181 . 百度学术
4. 丁晓晖,曹素珍,窦凤鸽,马佳佳,王彩芬. 基于无证书聚合签名的导航信息更新方案. 计算机技术与发展. 2022(06): 112-119 . 百度学术
5. 杜田,李欣,赖成喆,郑东. 面向无人驾驶地图更新的安全信任管理方案. 计算机工程. 2022(06): 154-166 . 百度学术
6. 李月华. 基于自动驾驶众包地图更新技术方法. 北京测绘. 2022(05): 629-635 . 百度学术
7. 陈虹,侯宇婷,郭鹏飞,周沫,赵菊芳,肖成龙. 可公开验证的高效无证书聚合签密方案. 计算机工程. 2022(10): 146-157 . 百度学术
8. 陶永才,李哲,石磊,卫琳,杨淑博. 一种可信的车联网区块链数据共享模型. 小型微型计算机系统. 2021(10): 2131-2139 . 百度学术
其他类型引用(5)
计量
- 文章访问数: 1252
- HTML全文浏览量: 2
- PDF下载量: 559
- 被引次数: 13