基于区块链技术的生物特征和口令双因子跨域认证方案

为解决传统跨域认证方式不多且方案复杂的问题，提出了基于区块链技术的生物特征和口令双因子跨域认证方案。首先，使用模糊提取技术提取生物特征的随机密钥参与认证，解决了生物特征泄露导致永久不可用的问题；其次，利用不易篡改的区块链存储生物特征公开信息，解决了模糊提取技术易受主动攻击威胁的问题；最后，基于区块链的分布式存储功能与联盟链架构，实现了用户在本地和异地环境下的双因子跨域认证。安全性分析和效率分析的结果表明，在安全性方面，所提方案具有抗中间人攻击、抗重放攻击等安全属性；在效率与可用性方面，该方案效率适中，用户无需携带智能卡，系统的可扩展性强。

Biometric and password two-factor cross domain authentication scheme based on blockchain technology

The traditional cross domain authentication schemes are few and complex. In order to solve the problems, a new biometric and password two-factor cross domain authentication scheme based on blockchain technology was proposed. Firstly, the fuzzy extraction technology was used to extract the random key of biometrics for participation authentication, and the problem of permanent unavailability caused by the biometric leakage was solved. Secondly, the untampered blockchain was used to store the public information of biometrics, and the threat of being vulnerable to active attacks for the fuzzy extraction technology was solved. Finally, based on the distributed storage function and consortium blockchain architecture of blockchain, the two-factor cross domain authentication of user in local and remote environment was realized. The results of security analysis and efficiency analysis show that, in terms of security, the proposed scheme has the security properties of anti-man-in-the-middle attack and anti-replay attack; in terms of efficiency and feasibility, the efficiency of the proposed scheme is moderate, users do not need to carry smart cards, and the expandability of system is strong.