Browse > Article
http://dx.doi.org/10.9708/jksci.2012.17.7.107

Structural vulnerability analysis and improvement of a biometrics-based remote user authentication scheme of Li and Hwang's  

Shin, Kwang-Cheul (Dept. of Industrial Management Engineering, Sungkyul University)
Publication Information
Journal of the Korea Society of Computer and Information / v.17, no.7, 2012 , pp. 107-115 More about this Journal
Abstract
Recently, Li and Hwang scheme proposed a biometrics-based remote user authentication scheme using smart card. It is asserted that this scheme has very excellent benefits by the operation cost efficiency based on the smart card, one-way function and biometrics using random numbers. But this scheme cannot provide the properly authentication, especially, it is analyzed as the vulnerable security scheme for Denial-of-Service(DoS) attacks by impersonate attacks. The attacker controls the insecure channel, they can easily fabricate messages to pass the user's or server's authentication, and the malicious attacker can impersonate the user to cheat the server and can impersonate the server to cheat the user without knowing any secret information. This paper proposes the strong improved scheme which can respond to multiple attacks by supplementing the function of integrity check from the server which applied variable authenticator and OSPA without exposing the user's password information. It is supplemented pregnable of disguise attack and mutual authentication of Li and Hwang scheme.
Keywords
Mutual Authentication; Biometrics; Information Security; DoS attack; Smart Card;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. K. Kim and M. G. Chung, "More secure remote user authentication scheme." Computer Communications, Vol. 32, No. 6, pp.1018-1021. 2009.   DOI   ScienceOn
2 J. Xu, W. T. Zhu, and D. G. Feng, "An improved smart card based password authentication scheme with provable security," Computer standards & Interface, Vol. 31, No. 4, pp. 723-728, 2009.   DOI   ScienceOn
3 R. Song, "Advanced smart card based password authentication protocol." Computer standards & Interface, Vol. 32, pp. 321-325, 2010   DOI   ScienceOn
4 C. T. Li and M. S. Hwang, "An efficient biometrics-based remote user authentication scheme using smart card." Journal of Network and Computer Applications, Vol. 33, No. 1, pp. 1-5, 2010.   DOI   ScienceOn
5 X. Li, J. W. Niu, J. Ma, W. D. Wang, "Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart card." Journal of Network and Computer Applications, 2011.
6 Lamport L. password authentication with insecure communication. communications of the ACM 1981. 24(11). p. 770-772   DOI   ScienceOn
7 Min-Shiang Hwang and L. H. Li, "A New Remote User Authentication Scheme Using Smarts Cards". IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp.28-30, 2000.   DOI   ScienceOn
8 N. Y. Lee and Y. C. Chiu, " improved remote authentication scheme with smart card," Computer standards & Interface, Vol. 27, No. 2, pp. 177-180, 2005   DOI   ScienceOn