Abstract
A new biometric identity authentication scheme is proposed based on fuzzy extractor and the advantages of blockchain with decentralization and anonymity. First of all, the fuzzy extractor for biometric information is used to participate in the authentication process, which solves the problem of permanent unavailability caused by the leakage of biometric template. Then, the Fabric architecture is used to build a blockchain to store the hash value of the random key obtained through fuzzy extractor, and it can solve the problem of the centralized storage existed in the traditional identity authentication mechanism. Based on blockchain and fuzzy extractor, a two-factor identity authentication scheme is realized. We performed experimental simulations on our proposed algorithm and the security of our scheme has been shown by analyzing the simulated enemy attack and resistance under some extreme circumstances. Meanwhile, our efficiency analysis also shows the availability of our scheme.
Similar content being viewed by others
References
Cai WD, Yu L, Wang R et al (2017) Blockchain application development techniques[J]. J Softw 28(6):1474–1487
Das AK (2017) A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. Int J Commun Syst 30(1):e2933
Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Proceedings of the 2004 international conference on theory and applications of cryptographic techniques, LNCS 3027. Berlin: Springer, pp. 523–540.
Fuller B, Meng X, Reyzin L (2020) Computational fuzzy extractors[J]. Inf Comput 275(1):104602
Gerez A (2001) Segmentation of fingerprint images [J]. Prorisc workshop on circuits systems & signal processing, pp. 276–280
Halfond W G, Jeremy V, Alessandro O. (2006) A classification of SQL-injection attacks and countermeasures. International symposium on secure software engineering. IEEE, 1:pp. 13-15
Hammudoglu J S, Sparreboom J, Rauhamaa J I et al. Portable Trust: biometric-based authentication and blockchain storage for self-sovereign identity systems [EB /OL] . [2017–11–06].
Hong L, Wan Y, Jain AK (1998) Fingerprint image enhancement [J]. IEEE Trans Pattern Anal Machine Intell 20:777–789
Lee JK, Ryu SR, Yoo KY (2002) Fingerprint-based remote user authentication scheme using smart cards [J ]. Electron Lett 38(12):554–555
Li XW, Yang DQ, Chen BH et al (2017) Two-factor authenticated key agreement protocol based on biometric feature and password [J]. J Commun 38(7):89–95
Nakamoto S. Bitcoin: a peer-to-peer electronic cash system [EB /OL] . [2017–11–06]. https: / /www. researchgate. net / publication/228640975_Bitcoin_A_peer-to-peer_electronic_cash_system.
O’Gorman L. (2003) Comparing passwords, tokens, and biometrics for user authentication. In: Proceedings of the IEEE. pp. 2019–2020.
Ran C, Fuller B, Paneth O et al. (2016) Reusable Fuzzy Extractors for Low-Entropy Distributions[C]. In: Annual international conference on the theory and applications of cryptographic techniques. Springer, Berlin
Tatar F D (2017) Fingerprint recognition algorithm[C]. In: Seventh international conference on computer science, engineering and information technology
Zhang TY, Suen CY (1984) Communications of the ACM 27(3)
Zheng Z, Xie S, Dai H, Chen X, Wang H. (2017) An overview of blockchain technology: architecture, consensus, and future trends. International congress on big data (BigData Congress). IEEE, pp 557–564
Zheng Z, Xie S, Dai HN, Chen X, Wang H (2018) Blockchain challenges and opportunities: asurvey [J]. Int J Web Grid Serv 14:352–375
Zyskind G, Nathan O, Pentland A S. (2015) Decentralizing privacy: using blockchain to protect personal data. In: SPW
Funding
This research is partially supported by the National Science Foundation of China (No. 61772166) and the Key Program of the Nature Science Foundation of Zhejiang province of China (No. LZ17F020002).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
Di Bao declares that he has no conflict of interest. Lin You declares that he has no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Communicated by Suresh Chandra Satapathy.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Bao, D., You, L. Two-factor identity authentication scheme based on blockchain and fuzzy extractor. Soft Comput 27, 1091–1103 (2023). https://doi.org/10.1007/s00500-021-05936-6
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-021-05936-6