Browse > Article
http://dx.doi.org/10.17662/ksdim.2014.10.1.081

Security Analysis of a Biometric-Based User Authentication Scheme  

Lee, Young Sook (호원대학교 사이버수사 경찰학부)
Publication Information
Journal of Korea Society of Digital Industry and Information Management / v.10, no.1, 2014 , pp. 81-87 More about this Journal
Abstract
Password-based authentication using smart card provides two factor authentications, namely a successful login requires the client to have a valid smart card and a correct password. While it provides stronger security guarantees than only password authentication, it could also fail if both authentication factors are compromised ((1) the user's smart card was stolen and (2) the user's password was exposed). In this case, there is no way to prevent the adversary from impersonating the user. Now, the new technology of biometrics is becoming a popular method for designing a more secure authentication scheme. In terms of physiological and behavior human characteristics, biometric information is used as a form of authentication factor. Biometric information, such as fingerprints, faces, voice, irises, hand geometry, and palmprints can be used to verify their identities. In this article, we review the biometric-based authentication scheme by Cheng et al. and provide a security analysis on the scheme. Our analysis shows that Cheng et al.'s scheme does not guarantee any kind of authentication, either server-to-user authentication or user-to-server authentication. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Cheng et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Cheng et al.'s scheme.
Keywords
Biometric-based Authentication Scheme; Smart Card; Two Factor Authentication; Server Impersonation Attack; User Impersonation Attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. -L. Hsu, "Security of Chien et al.'s remote user authentication scheme using smart cards," Computer Standards and Interfaces, Vol. 26, No. 3, 2004, pp. 167-169.   DOI   ScienceOn
2 M. -S. Hwang and L. -H. Li, "A new remote user authentication scheme using smart cards," IEEE Transaction on Consumer Electronics Vol. 46, No. 1, 2000, pp. 28-30.   DOI   ScienceOn
3 C. -L. Hsu, "Security of Chien et al.'s remote user authentication scheme using smart cards," Computer Standards and Interfaces, Vol. 26, No. 3, 2004, pp. 167-169.   DOI   ScienceOn
4 P. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," in Advances in Cryptology-CRYPTO99, 1999, pp. 388-397.
5 J. Yuan, C. Jiang, and Z. Jiang, "A biometric-based User Authentication for wireless Sensor Networks," Wuhan university journal of national sciences, Vol. 5, No. 3, 2010, PP. 272-276.
6 T. S. Messergers, E. A. Dabbish, and R. H. Sloan, "Examining smart card security under the threat of power analysis attacks," IEEE Trans. Comput. Vol. 51, No. 5, 2002, pp. 541-552.   DOI   ScienceOn
7 Y. Lee, H. Yang, and D. Won. "Attacking and improving on Lee and Chiu's authentication scheme using smart cards," LNCS, 2000, Vol. 6047, pp. 377-385.
8 E. -J. Yoon, and K. Y. Yoo, "A new biometric-based user authentication scheme without using password for wireless sensor networks," Proceedings of 2011 IEEE International workshops of enabling technologies: Infrastructure for collaborative enterprises, 2011, pp. 279-284.
9 M. Kim, K. Lee, S. Kim, and D. Won, "Efficient and Secure Authentication Scheme Preserving User Anonymity," The Korea-Society of Digital Industry& Information Management, 2010, Vol. 6, No. 3, pp. 69-77.
10 Y. Lee, J. Kim, and D. Won. Security Improvement to a Remote User Authentication Scheme for Multi-Server Environment, The Korea-Society of Digital Industry& Information Management, 2011, Vol. 7, No. 4, pp. 23-30.
11 R. Bird, I. Gopal, A. Herzberg, P. A Janson, S. Kutten, R. Molva, and M. Yung, "Systematic design of a family of attack-resistant authentication protocols," IEEE Journal on Selected Areas in Communications, Vol. 11, No. 5, 1993, pp. 679-693.   DOI   ScienceOn
12 Z. Cheng, Y. Lee, C. Chang, and C. Liu, "A novel biometric-based remote user authentication scheme using Quadratic Residues," International Journal of Information and Electronics Engineering, Vol. 3 No. 4, 2013, pp. 419-422.
13 C. -C. Chang and T. -C. Wu, "Remote password authentication with smart cards," IEE Proceedings E -Computers and Digital Techniques, Vol. 138, No. 3, 1991, pp. 165-168.   DOI   ScienceOn
14 H. -Y. Chien, J. -K Jan, and Y. -M Tseng, "An efficient and practical solution to remote authentication: smart card," Computers & Security, Vol. 21, No. 4, 2002, pp. 372-375.   DOI   ScienceOn