Browse > Article
http://dx.doi.org/10.7236/JIWIT.2012.12.1.231

Security Enhancement of Biometrics-based Remote User Authentication Scheme Using Smart Cards  

An, Young-Hwa (Dept. of Computer and Media Engineering, Kangnam University)
Joo, Young-Do (Dept. of Computer and Media Engineering, Kangnam University)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.12, no.1, 2012 , pp. 231-237 More about this Journal
Abstract
In 2011, Das proposed an effective biometrics-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication, while eliminating the security drawbacks of Li-Hwang's scheme. In this paper, we have shown that Das's scheme is still insecure against several attacks and does not provide mutual authentication. Also, we proposed the enhanced scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result of security analysis, the enhanced scheme is secure against user impersonation attack, server masquerading attack, off-line password guessing attack, and insider attack. And we can see that the enhanced scheme provides mutual authentication between the user and the server.
Keywords
Authentication; User Impersonation Attack; Server Masquerading Attack; Mutual Authentication;
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. S. Hwang, L. H. Li, "A New Remote User Authentication Scheme Using Smart Cards", IEEE Transactions on Consumer Electronics 46, pp. 28-30, 2000   DOI   ScienceOn
2 E. J. Yoon, E. K. Ryu and K. Y. Yoo, "Further Improvements of an Efficient Password based Remote User Authentication Scheme Using Smart Cards", IEEE Transactions on Consumer Electronics 50(2), pp. 612-614, 2004   DOI
3 M. L. Das, A. Sxena and V. P. Gulathi, "A Dynamic ID-based Remote User Authentication Scheme", IEEE Transactions on Consumer Electronics 50(2), pp. 629-631. 2004   DOI   ScienceOn
4 C. W. Lin, C. S. Tsai and M. S. Hwang, "A New Strong-Password Authentication Scheme Using One-Way Hash Functions", Journal of Computer and Systems Sciences International, Vol. 45, No.4, pp. 623-626, 2006   DOI   ScienceOn
5 C. S. Bindu, P. C. S. Reddy and B. Satyanarayana, "Improved Remote User Authentication Scheme Preserving User Anonymity", International Journal of Computer Science and Network Security 8(3), pp. 62-66, 2008
6 W. C. Ku, S. T. Chang and M. H. Chiang, "Further Cryptanalysis of Fingerprint-based Remote User Authentication Scheme Using Smart Cards", Electronics Letters, Vol. 41, No. 5, pp. 240-241 (2005)   DOI
7 M. K. Khan, J. Zhang, "An Efficient and Practical Fingerprint-based Remote User Authentication Scheme with Smart Cards", ISPEC 2006, LNCS 3903, pp. 260-268, 2006
8 C. C. Chang, S. C. Chang and Y. W. Lai, "An Improved Biometrics-based User Authentication Scheme without Concurrency System", International Journal of Intelligent Information Processing, Vol. 1, No. 1, pp. 41-49, 2010   DOI
9 C. T. Li, M. S Hwang, "An Efficient Biometrics -based Remote User Authentication Scheme Using Smart Cards", Journal of Network and Computer Applications, Vol. 33, pp. 1-5, 2010   DOI
10 A. K. Das, "Analysis and Improvement on an Efficient Biometric-based Remote User Authentication Scheme Using Smart Cards", IET Information Security Vol.5, Iss. 3, pp. 145-151, 2011   DOI
11 P. Kocher, J. Jaffe and B. Jun, "Differential Power Analysis", Proceedings of Advances in Cryptology, pp. 388-397, 1999
12 T. S. Messerges, E. A. Dabbish and R. H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks", IEEE Transactions on Computers 51(5), pp. 541-552, 2002   DOI   ScienceOn