Browse > Article
http://dx.doi.org/10.9708/jksci.2012.17.2.159

Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards  

An, Young-Hwa (Division of Computer and Media Information Engineering, Kangnam University)
Abstract
Many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2010, Chang et al. proposed an improved biometrics-based user authentication scheme without concurrency system which can withstand forgery attack, off-line password guessing attack, replay attack, etc. In this paper, we analyze the security weaknesses of Chang et al.'s scheme and we have shown that Chang et al.'s scheme is still insecure against man-in-the-middle attack, off-line biometrics guessing attack, and does not provide mutual authentication between the user and the server. And we proposed the improved scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result, the proposed scheme is secure for the user authentication attack, the server masquerading attack, the man-in-the-middle attack, and the off-line biometrics guessing attack, does provide the mutual authentication between the user and the remote server. And, in terms of computational complexities, the proposed scheme is more effective than Chang et al.'s scheme.
Keywords
Authentication; Biometrics; Man-in-the-Middle Attack; Mutual Authentication;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 A.T.B. Jin, D.N.C. Ling and A. Goh, "Biohashing: two Factor Authentication Featuring Fingerprint Data and Tokenized Random Number," Pattern Recognition, Vol.37, pp.2245-2255, 2004.   DOI   ScienceOn
2 M.K. Khan, J. Zhang, "Improving the Security of a Flexible Biometrics Remote User Authentication Scheme," Computer Standards and Interfaces, Vol.29, No.1, pp.82-85, 2007.   DOI   ScienceOn
3 C.T. Li, M.S. Hwang, "An Efficient Biometrics- based Remote User Authentication Scheme Using Smart Cards," Journal of Network and Computer Applications, Vol.33, pp.1-5, 2010.   DOI   ScienceOn
4 C.C. Chang, S.C. Chang, and Y.W. Lai, "An Improved Biometrics-based User Authentication Scheme without Concurrency System," International Journal of Intelligent Information Processing, Vol.1, No.1, pp. 41-49, 2010.   DOI
5 P. Kocher, J. Jaffe and B. Jun, "Differential Power Analysis," Proceedings of Advances in Cryptology, pp.388-397, 1999.
6 T. S. Messerges, E. A. Dabbish and R.H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks," IEEE Transactions on Computers, Vol.51, No.5, pp.541-552, 2002.   DOI   ScienceOn
7 J.J. Shen, C.W. Lin andM.S. Hwang, "Security Enhancement for the Timestamp-based Password Authentication Scheme Using Smart Cards," Computers and Security, 22(7), pp.591-595, 2003.   DOI   ScienceOn
8 E. J. Yoon, E. K. Ryu and K. Y. Yoo, "Further Improvements of an Efficient Password-based Remote User Authentication Scheme Using Smart Cards," IEEE Transactions on Consumer Electronics, Vol.50, No.2, pp.612-614, 2004.   DOI   ScienceOn
9 M.L. Das, A. Sxena and V.P. Gulathi, "A Dynamic ID-based Remote User Authentication Scheme," IEEE Transactions on Consumer Electronics, Vol.50, No.2, pp.629-631, 2004.   DOI   ScienceOn
10 C.S. Bindu, P.C.S. Reddy and B. Satyanarayana, "Improved Remote User Authentication Scheme Preserving User Anonymity," International Journal of Computer Science and Network Security, Vol.8, No.3, pp.62-66, 2008.
11 Y. Lee, D. Won, "Cryptanalysis and Enhancement of a Remote User Authentication Scheme Using Smart Cards," Journal of The Korea Society of Computer and Information, Vol. 15, N0. 1, pp. 139-147, 2010.   과학기술학회마을   DOI
12 S.M. Seo, Y.H. An, "Security Improvements on the Remote User Authentication Scheme Using Smart Cards," Journal of The Korea Society of Computer and Information, Vol. 15, No. 3, pp. 91-97, 2010.   과학기술학회마을   DOI