Abstract
In this paper, we research on client-server authentication system without local key storage. We take advantage of the available fuzzy extractor technology to design a client-server authentication system. Our authentication system is built from a fuzzy extractor and a digital signature scheme. Fuzzy extractor is in charge of key generation/reproduction during the client enrollment and client-server authentication stages. The client only stores some public information generated during enrollment procedure. When doing authentication, the extracted key can be reproduced with this public information. Then we use the challenge-response to implement the authentication, which is supported by the digital signature. Overall, our client-server authentication system relaxes the requirement of random sources, and gets rid of the risk of key leakage and key abuse since key storage is not needed.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bai, S., et al.: MPSign: a signature from small-secret middle-product learning with errors. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 66–93. Springer (2020). https://doi.org/10.1007/978-3-030-45374-9
Barbareschi, M., Barone, S., Mazzeo, A., Mazzocca, N.: Efficient reed-muller implementation for fuzzy extractor schemes. In: DTIS 2019, pp. 1–2. IEEE (2019)
Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_28
Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_34
Bennett, C.H., Shor, P.W.: Quantum information theory. IEEE Trans. Inf. Theory 44(6), 2724–2742 (1998)
Chang, D., Garg, S., Hasan, M., Mishra, S.: Cancelable multi-biometric approach using fuzzy extractor and novel bit-wise encryption. IEEE Trans. Inf. Forensics Secur. 15, 3152–3167 (2020)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_31
Gao, Y., Su, Y., Xu, L., Ranasinghe, D.C.: Lightweight (reverse) fuzzy extractor with multiple reference PUF responses. IEEE Trans. Inf. Forensics Secur. 14(7), 1887–1901 (2019)
Karati, S., Das, A., Roychowdhury, D., Bellur, B., Bhattacharya, D., Iyer, A.: Batch verification of ECDSA signatures. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 1–18. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31410-0_1
Katz, J., Lindell, Y.: Introduction to Modern Cryptography, Second Edition. CRC Press, Boca Raton (2014)
Li, Y., Liu, S., Gu, D., Chen, K.: Reusable fuzzy extractor based on the LPN assumption. Comput. J. 63(12), 1826–1834 (2020)
Mai, G., Cao, K., Lan, X., Yuen, P.C.: Secureface: face template protection. IEEE Trans. Inf. Forensics Secur. 16, 262–277 (2021)
Nandakumar, K., Jain, A.K., Pankanti, S.: Fingerprint-based fuzzy vault: implementation and performance. IEEE Trans. Inf. Forensics Secur. 2(4), 744–757 (2007)
Satamraju, K.P., Malarkodi, B.: A PUF-based mutual authentication protocol for internet of things. In: ICCCS 2020, pp. 1–6. IEEE (2020)
Shoup, V.: A Computational Introduction to Number Theory and Algebra. Cambridge University Press, Cambridge (2006)
Ueno, R., Suzuki, M., Homma, N.: Tackling biased PUFs through biased masking: a debiasing method for efficient fuzzy extractor. IEEE Trans. Comput. 68(7), 1091–1104 (2019)
Wen, Y., Liu, S., Han, S.: Reusable fuzzy extractor from the decisional Diffie-Hellman assumption. Des. Codes Cryptogr. 86(11), 2495–2512 (2018)
Acknowledgement
Shengli Liu and Mingming Jiang were partially supported by Guangdong Major Project of Basic and Applied Basic Research (2019B030302008) and National Natural Science Foundation of China (NSFC No. 61925207). Shuai Han was partially supported by National Natural Science Foundation of China (Grant No. 62002223), Shanghai Sailing Program (20YF1421100), and Young Elite Scientists Sponsorship Program by China Association for Science and Technology. Dawu Gu was partially supported by National Key Research and Development Project 2020YFA0712300.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Jiang, M., Liu, S., Han, S., Gu, D. (2021). Authentication System Based on Fuzzy Extractors. In: Liu, Z., Wu, F., Das, S.K. (eds) Wireless Algorithms, Systems, and Applications. WASA 2021. Lecture Notes in Computer Science(), vol 12939. Springer, Cham. https://doi.org/10.1007/978-3-030-86137-7_51
Download citation
DOI: https://doi.org/10.1007/978-3-030-86137-7_51
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86136-0
Online ISBN: 978-3-030-86137-7
eBook Packages: Computer ScienceComputer Science (R0)