计算机应用 ›› 2018, Vol. 38 ›› Issue (6): 1620-1627.DOI: 10.11772/j.issn.1001-9081.2017122891

• 网络空间安全 • 上一篇    下一篇

基于区块链技术的生物特征和口令双因子跨域认证方案

周致成, 李立新, 郭松, 李作辉   

  1. 信息工程大学, 郑州 450001
  • 收稿日期:2017-12-11 修回日期:2018-01-30 出版日期:2018-06-10 发布日期:2018-06-13
  • 通讯作者: 李立新
  • 作者简介:周致成(1992-),男,河南郑州人,硕士研究生,主要研究方向:信息安全、区块链;李立新(1967-),男,重庆人,研究员,博士,主要研究方向:网络信息安全;郭松(1985-),男,河北保定人,讲师,博士,主要研究方向:信息安全;李作辉(1981-),男,湖南衡阳人,副研究员,博士,主要研究方向:公钥密码体制、网络安全。
  • 基金资助:
    信息工程大学科研基金资助项目(2016609903)。

Biometric and password two-factor cross domain authentication scheme based on blockchain technology

ZHOU Zhicheng, LI Lixin, GUO Song, LI Zuohui   

  1. Information Engineering University, Zhengzhou Henan 450001, China
  • Received:2017-12-11 Revised:2018-01-30 Online:2018-06-10 Published:2018-06-13
  • Supported by:
    This work is partially supported by the Information Engineering University Research Fund (2016609903).

摘要: 为解决传统跨域认证方式不多且方案复杂的问题,提出了基于区块链技术的生物特征和口令双因子跨域认证方案。首先,使用模糊提取技术提取生物特征的随机密钥参与认证,解决了生物特征泄露导致永久不可用的问题;其次,利用不易篡改的区块链存储生物特征公开信息,解决了模糊提取技术易受主动攻击威胁的问题;最后,基于区块链的分布式存储功能与联盟链架构,实现了用户在本地和异地环境下的双因子跨域认证。安全性分析和效率分析的结果表明,在安全性方面,所提方案具有抗中间人攻击、抗重放攻击等安全属性;在效率与可用性方面,该方案效率适中,用户无需携带智能卡,系统的可扩展性强。

关键词: 跨域认证, 区块链技术, 模糊提取技术, 生物特征, 动态口令

Abstract: The traditional cross domain authentication schemes are few and complex. In order to solve the problems, a new biometric and password two-factor cross domain authentication scheme based on blockchain technology was proposed. Firstly, the fuzzy extraction technology was used to extract the random key of biometrics for participation authentication, and the problem of permanent unavailability caused by the biometric leakage was solved. Secondly, the untampered blockchain was used to store the public information of biometrics, and the threat of being vulnerable to active attacks for the fuzzy extraction technology was solved. Finally, based on the distributed storage function and consortium blockchain architecture of blockchain, the two-factor cross domain authentication of user in local and remote environment was realized. The results of security analysis and efficiency analysis show that, in terms of security, the proposed scheme has the security properties of anti-man-in-the-middle attack and anti-replay attack; in terms of efficiency and feasibility, the efficiency of the proposed scheme is moderate, users do not need to carry smart cards, and the expandability of system is strong.

Key words: cross domain authentication, blockchain technology, fuzzy extraction technology, biometric, dynamic password

中图分类号: