ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (11): 2375-2383.doi: 10.7544/issn1000-1239.2019.20190293

所属专题: 2019密码学与智能安全研究专题

• 信息安全 • 上一篇    下一篇

一种基于同态加密的分布式生物特征认证协议

姚海龙1,3,王彩芬2,许钦百1,李文婷1   

  1. 1(西北师范大学数学与统计学院 兰州 730070);2(深圳技术大学大数据与互联网学院 广东深圳 518118);3(兰州城市学院电子与信息工程学院 兰州 730070) (Hailong.Yao@outlook.com)
  • 出版日期: 2019-11-12
  • 基金资助: 
    国家自然科学基金项目(61562077,61772022);甘肃省自然科学基金项目(18JR3RA224);甘肃省高等学校科研项目(2018A-112);深圳技术大学教改项目

A Distributed Biometric Authentication Protocol Based on Homomorphic Encryption

Yao Hailong1,3, Wang Caifen2, Xu Qinbai1, Li Wenting1   

  1. 1(College of Mathematics and Statistics, Northwest Normal University, Lanzhou 730070);2(College of Big Data and Internet, Shenzhen Technology University, Shenzhen, Guangdong 518118);3(School of Electronic and Information Engineering, Lanzhou City University, Lanzhou 730070)
  • Online: 2019-11-12

摘要: 分布式生物特征认证系统因不依赖弱口令或硬件标识物而获得高的可靠性、安全性和便利性,但也因生物特征存在永久失效和隐私泄露的风险而面临更多的安全威胁.基于同态加密技术的生物特征认证方案允许特征向量在密文域匹配以保护向量安全和用户隐私,但也因此要在密文域执行昂贵的乘法运算,而且还可能因为向量封装不当而遭受安全攻击.在Brakerski等人同态加密方案的基础上提出了一种安全向量匹配方法,并在该方法的基础上设计了一个口令辅助的生物特征同态认证协议.该协议无需令牌等硬件标识物,注册时只需将带有辅助向量的特征模板密文和辅助向量外包存储,认证时服务器使用辅助向量匹配法完成模板向量和请求向量的相似性评估即可实现用户身份认证.基于Dolev-Yao攻击者模型变种和分布式生物特征认证系统所面临的主要攻击手段对协议进行了安全性分析,并通过和另外2个基于RLWE(learning with error over ring)同态的生物特征认证协议的对比分析,证明了新协议在隐私保护和向量匹配效率方面更具优势.

关键词: 分布式计算, 生物特征认证, 口令辅助认证, 同态加密, 身份认证

Abstract: The distributed biometric authentication system achieves high reliability, security and convenience without relying on weak passwords or hardware identifiers, but also faces more security threats due to the risk of permanent failure and privacy leakage of biometrics. The biometric authentication scheme based on homomorphic encryption technology allows feature vectors to be matched in the ciphertext domain to protect feature vector security and user privacy, but have to perform expensive multiplication operations in the ciphertext domain and it may also be compromised by improper vector encapsulation. In this paper, a secure vector matching method is proposed based on the BGV homomorphic encryption scheme, and a password-assisted biometric authentication protocol is designed based on this method. The protocol does not require hardware identifiers such as USB key, and registration only needs to store the auxiliary vector and the ciphertext of the sum of the biometric template vector and the auxiliary vector, authentication server using auxiliary vector matching method to evaluate the similarity of the template vector and the request vector can achieve user identity authentication. Based on Dolev-Yao attacker model and the multiple attacking methods of distributed biometric authentication system, the security analysis of the protocol is achieved, and the new protocol is proved to be more advantageous in privacy protection and vector matching efficiency by comparing and analyzing two other well-known RLWE-based biometric authentication protocols.

Key words: distributed computing, biometric authentication, password-assisted authentication, homomorphic encryption, identity authentication

中图分类号: