Biometrics-Authenticated Key Exchange for Secure Messaging

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2021-11-12 DOI:10.1145/3460120.3484746

Mei Wang, Kun He, Jing Chen, Zengpeng Li, Wei Zhao, Ruiying Du

{"title":"Biometrics-Authenticated Key Exchange for Secure Messaging","authors":"Mei Wang, Kun He, Jing Chen, Zengpeng Li, Wei Zhao, Ruiying Du","doi":"10.1145/3460120.3484746","DOIUrl":null,"url":null,"abstract":"Secure messaging heavily relies on a session key negotiated by an Authenticated Key Exchange (AKE) protocol. However, existing AKE protocols only verify the existence of a random secret key (corresponding to a certificated public key) stored in the terminal, rather than a legal user who uses the messaging application. In this paper, we propose a Biometrics-Authenticated Key Exchange (BAKE) framework, in which a secret key is derived from a user's biometric characteristics that are not necessary to be stored. To protect the privacy of users' biometric characteristics and realize one-round key exchange, we present an Asymmetric Fuzzy Encapsulation Mechanism (AFEM) to encapsulate messages with a public key derived from a biometric secret key, such that only a similar secret key can decapsulate them. To manifest the practicality, we present two AFEM constructions for two types of biometric secret keys and instantiate them with irises and fingerprints, respectively. We perform security analysis of BAKE and show its performance through extensive experiments.","PeriodicalId":135883,"journal":{"name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","volume":"216 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3460120.3484746","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

Secure messaging heavily relies on a session key negotiated by an Authenticated Key Exchange (AKE) protocol. However, existing AKE protocols only verify the existence of a random secret key (corresponding to a certificated public key) stored in the terminal, rather than a legal user who uses the messaging application. In this paper, we propose a Biometrics-Authenticated Key Exchange (BAKE) framework, in which a secret key is derived from a user's biometric characteristics that are not necessary to be stored. To protect the privacy of users' biometric characteristics and realize one-round key exchange, we present an Asymmetric Fuzzy Encapsulation Mechanism (AFEM) to encapsulate messages with a public key derived from a biometric secret key, such that only a similar secret key can decapsulate them. To manifest the practicality, we present two AFEM constructions for two types of biometric secret keys and instantiate them with irises and fingerprints, respectively. We perform security analysis of BAKE and show its performance through extensive experiments.

查看原文本刊更多论文

用于安全消息传递的生物识别认证密钥交换

安全消息传递严重依赖于由身份验证密钥交换(Authenticated key Exchange, AKE)协议协商的会话密钥。但是，现有的AKE协议只验证存储在终端中的随机密钥(对应于经过认证的公钥)的存在，而不是验证使用消息传递应用程序的合法用户的存在。在本文中，我们提出了一个生物特征认证密钥交换(BAKE)框架，在该框架中，密钥从用户的生物特征中获得，无需存储。为了保护用户生物特征的隐私性和实现一轮密钥交换，我们提出了一种非对称模糊封装机制(AFEM)，用生物特征密钥派生的公钥封装消息，只有相似的密钥才能解封包。为了证明其实用性，我们提出了两种生物识别密钥的AFEM结构，并分别用虹膜和指纹实例化了它们。我们对BAKE进行了安全性分析，并通过大量的实验证明了它的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

自引率

0.00%

发文量