Xinying Yu , Kejun Zhang , Zhufeng Suo , Jun Wang , Wenbin Wang , Bing Zou
{"title":"在工业物联网中同步物理不可克隆功能和可撤销生物识别技术的高效认证方案","authors":"Xinying Yu , Kejun Zhang , Zhufeng Suo , Jun Wang , Wenbin Wang , Bing Zou","doi":"10.1016/j.jksuci.2024.102166","DOIUrl":null,"url":null,"abstract":"<div><p>Biometric recognition is extensive for user security authentication in the Industrial Internet of Things (IIoT). However, the potential leakage of biometric data has severe repercussions, such as identity theft or tracking. Existing authentication schemes primarily focus on protecting biometric templates but often overlook the “one-authentication multiple-access” mode. As a result, these schemes still confront challenges related to privacy leakage and low efficiency for users who frequently access the server. In this regard, this paper proposes an efficient authentication scheme syncretizing physical unclonable function (PUF) and revocable biometrics in IIoT. Specifically, we design a revocable biometric template generation method syncretizing the user’s biometric data and the device’s PUF to enhance the security and revocability of the dual identity information. Given the generated revocable biometric template and the secret sharing, our scheme implements secure authentication and key negotiation between users and servers. Additionally, we establish an access boundary and an authentication validity period to permit multiple accesses following one authentication, thus significantly decreasing the computational cost of the user-side device. We leverage BAN logic and the ROR model to prove our scheme’s security. Informal security analysis and performance comparison demonstrate that our scheme satisfies more security features with higher authentication efficiency.</p></div>","PeriodicalId":48547,"journal":{"name":"Journal of King Saud University-Computer and Information Sciences","volume":"36 8","pages":"Article 102166"},"PeriodicalIF":5.2000,"publicationDate":"2024-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1319157824002556/pdfft?md5=bf447ec5a923cea7cdfc3e3a7567340f&pid=1-s2.0-S1319157824002556-main.pdf","citationCount":"0","resultStr":"{\"title\":\"An efficient authentication scheme syncretizing physical unclonable function and revocable biometrics in Industrial Internet of Things\",\"authors\":\"Xinying Yu , Kejun Zhang , Zhufeng Suo , Jun Wang , Wenbin Wang , Bing Zou\",\"doi\":\"10.1016/j.jksuci.2024.102166\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Biometric recognition is extensive for user security authentication in the Industrial Internet of Things (IIoT). However, the potential leakage of biometric data has severe repercussions, such as identity theft or tracking. Existing authentication schemes primarily focus on protecting biometric templates but often overlook the “one-authentication multiple-access” mode. As a result, these schemes still confront challenges related to privacy leakage and low efficiency for users who frequently access the server. In this regard, this paper proposes an efficient authentication scheme syncretizing physical unclonable function (PUF) and revocable biometrics in IIoT. Specifically, we design a revocable biometric template generation method syncretizing the user’s biometric data and the device’s PUF to enhance the security and revocability of the dual identity information. Given the generated revocable biometric template and the secret sharing, our scheme implements secure authentication and key negotiation between users and servers. Additionally, we establish an access boundary and an authentication validity period to permit multiple accesses following one authentication, thus significantly decreasing the computational cost of the user-side device. We leverage BAN logic and the ROR model to prove our scheme’s security. Informal security analysis and performance comparison demonstrate that our scheme satisfies more security features with higher authentication efficiency.</p></div>\",\"PeriodicalId\":48547,\"journal\":{\"name\":\"Journal of King Saud University-Computer and Information Sciences\",\"volume\":\"36 8\",\"pages\":\"Article 102166\"},\"PeriodicalIF\":5.2000,\"publicationDate\":\"2024-08-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S1319157824002556/pdfft?md5=bf447ec5a923cea7cdfc3e3a7567340f&pid=1-s2.0-S1319157824002556-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of King Saud University-Computer and Information Sciences\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1319157824002556\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of King Saud University-Computer and Information Sciences","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1319157824002556","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
生物识别技术在工业物联网(IIoT)中广泛应用于用户安全认证。然而,生物识别数据的潜在泄漏会造成严重影响,如身份盗用或跟踪。现有的身份验证方案主要侧重于保护生物识别模板,但往往忽略了 "一次验证多次访问 "模式。因此,对于频繁访问服务器的用户来说,这些方案仍然面临着隐私泄露和效率低下的挑战。为此,本文提出了一种将物理不可克隆函数(PUF)和可撤销生物识别技术同步应用于物联网的高效身份验证方案。具体来说,我们设计了一种可撤销生物识别模板生成方法,将用户的生物识别数据与设备的 PUF 同步,以增强双重身份信息的安全性和可撤销性。鉴于生成的可撤销生物识别模板和秘密共享,我们的方案实现了用户和服务器之间的安全认证和密钥协商。此外,我们还建立了访问边界和认证有效期,允许在一次认证后进行多次访问,从而大大降低了用户端设备的计算成本。我们利用 BAN 逻辑和 ROR 模型来证明我们方案的安全性。非正式的安全性分析和性能比较表明,我们的方案能以更高的验证效率满足更多的安全特性。
An efficient authentication scheme syncretizing physical unclonable function and revocable biometrics in Industrial Internet of Things
Biometric recognition is extensive for user security authentication in the Industrial Internet of Things (IIoT). However, the potential leakage of biometric data has severe repercussions, such as identity theft or tracking. Existing authentication schemes primarily focus on protecting biometric templates but often overlook the “one-authentication multiple-access” mode. As a result, these schemes still confront challenges related to privacy leakage and low efficiency for users who frequently access the server. In this regard, this paper proposes an efficient authentication scheme syncretizing physical unclonable function (PUF) and revocable biometrics in IIoT. Specifically, we design a revocable biometric template generation method syncretizing the user’s biometric data and the device’s PUF to enhance the security and revocability of the dual identity information. Given the generated revocable biometric template and the secret sharing, our scheme implements secure authentication and key negotiation between users and servers. Additionally, we establish an access boundary and an authentication validity period to permit multiple accesses following one authentication, thus significantly decreasing the computational cost of the user-side device. We leverage BAN logic and the ROR model to prove our scheme’s security. Informal security analysis and performance comparison demonstrate that our scheme satisfies more security features with higher authentication efficiency.
期刊介绍:
In 2022 the Journal of King Saud University - Computer and Information Sciences will become an author paid open access journal. Authors who submit their manuscript after October 31st 2021 will be asked to pay an Article Processing Charge (APC) after acceptance of their paper to make their work immediately, permanently, and freely accessible to all. The Journal of King Saud University Computer and Information Sciences is a refereed, international journal that covers all aspects of both foundations of computer and its practical applications.