摘要
提出了一种基于Chebyshev混沌映射和模糊金库的指静脉安全认证方案。该方案利用基于CRC的模糊金库完成用户指静脉安全身份认证与用户指静脉特征细节点的信息保护。其中,针对CRC碰撞攻击给模糊金库带来的安全问题,将Chebyshev混沌序列作为密钥生成的辅助数据,结合用户口令完成密钥的生成与匹配,最后通过多项式系数与Chebyshev混沌序列的匹配实现双重认证功能。实验结果表明,本方案在多项式次数较高的情况下具有较低的误识率,能抵御混合替换攻击和CRC碰撞攻击,且可有效提升指静脉认证的安全性。
A finger vein secure authentication scheme based on Chebyshev chaotic mapping and fuzzy vault is proposed.The scheme uses the CRC-based fuzzy vault to complete the user's finger vein security identity authentication and information protection of the user's finger vein feature details.Among them,for the security problem brought by the CRC collision attack to the fuzzy vault,the Chebyshev chaotic sequence is used as the auxiliary data generated by the key.And then the key generation and matching is completed in conjunction with the user password.Finally,the dual authentication function is realized by matching the polynomial coefficients with the Chebyshev chaotic sequence.The experimental results indicate that thisproposed scheme has fairly low false positive rate when the number of polynomials is high,and this can resist the mixed replacement attack and CRC collision attack,and thus effectively improve the safety of finger veinauthentication.
作者
蓝婷婷
游林
翁昕耀
LAN Ting-ting;YOU Lin;WENG Xin-yao(School of Communication Engineering,Hangzhou Dianzi University,Hangzhou Zhejiang 310018,China;School of Cyberspace Security,Hangzhou Dianzi University,Hangzhou Zhejiang 310018,China)
出处
《通信技术》
2019年第6期1469-1476,共8页
Communications Technology
基金
浙江省自然科学基金重点课题(No.LZ17020002)~~
