Browse > Article
http://dx.doi.org/10.9708/jksci.2014.19.10.099

Contents Error and Security Analysis of 'Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards'  

Park, Mi-Og (Division of Computer Science Engineering, Sungkyul University)
Oh, Gi-Oug (College of Global General Education, Gachon University)
Publication Information
Journal of the Korea Society of Computer and Information / v.19, no.10, 2014 , pp. 99-106 More about this Journal
Abstract
In this paper, we analyze weaknesses of the biometrics-based user authentication scheme proposed by An. The result of analysis An's authentication scheme by the login success scenario proposed in this paper, if the attacker successes to get user's random number, he/she can pass user authentication phase of the legal server. Also the biometrics guessing scenario proposed in this paper shows the legal user's the biometric information is revealed in lost smart card. Since An's authentication scheme submit user ID and biometrics in plain text to the server, it is very vulnerable to inner attack and it is not provide the user anonymity to the server as well as the one to the third by user ID in plain text. Besides An's authentication scheme is contextual error too, due to this, it has weakness and so on that it did not check the validity of the smart card holder.
Keywords
Biometric Information; Smart Card; Mutual Authentication;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 http://news.inews24.com/php/news_view.php?g_serial=795478&g_menu=020800
2 Y.H.An, "Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards," Journal of Korea Society of Computer and Information, Vol.17, No.2, pp. 159-166, Feburary 2012.   과학기술학회마을   DOI   ScienceOn
3 C.C. Chang, S.C. Chang, and Y.W. Lai, "An Improved Biometrics-based User Authentication Scheme without Concurrency System," International Journal of Intelligent Information Processing, Vol.1, No.1, pp.41-49, September 2010.   DOI
4 C.T. Li, M.S. Hwang, "An Efficient Biometrics-based Remote User Authentication Scheme Using Smart Cards," Journal of Network and Computer Applications, Vol.33, Issue 1, pp.1-5, January 2010.   DOI   ScienceOn
5 E. Brier, C. Clavier, and F. Olivier, "Correlation Power Analysis with a Leakage Model," Lecture Notes in Computer Science, Vol.3156, pp.135-152, August 2004.
6 T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, and M.T.M. Shalmani, "On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme," CRYPTO 2008, pp.203-220, August 2008.
7 H. J. Mahanta and A.K. Khan, "Side Channel Attacks and its Impact on Symmetric Algorithms through Power Analysis," Vol.3. No.1 pp.14-18, March 2014.