An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards
Recently, Lee et al. proposed a fingerprint-based remote user authentication scheme using smart cards. We demonstrate that their scheme is vulnerable and susceptible to the attack and has some practical pitfalls. Their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, so their scheme suscepts from the server spoofing attack. Furthermore, in their scheme, remote system generates and assigns the passwords, and users cannot choose and change their passwords. Moreover, passwords are long pseudorandom numbers and difficult to remember for a user. To solve these problems, we propose an efficient and practical fingerprint-based remote user authentication scheme using smart cards, which is based on one-way collision free hash functions. Proposed scheme not only overcomes all the drawbacks and problems of Lee et al.’s scheme, but also provides a secure and user-friendly fingerprint-based remote user authentication over insecure network. In addition, computational costs and efficiency of the proposed scheme are better than Lee et al.’s scheme.
Unable to display preview. Download preview PDF.
- 9.Hsieh, B.T., Yeh, H.T., Sun, H.M., Lin, C.T.: Cryptanalysis of a Fingerprint-based Remote User Authentication Scheme Using Smart Cards’. In: Proc. IEEE 37th Annual 2003 Int. Carnahan Conf. on Security Technology, Taipei, Taiwan, pp. 349–350 (2003)Google Scholar
- 17.Wu, S.T., Chieu, B.C.: A Note on a User Friendly Remote User Authentication Scheme with Smart Cards. IEICE Transactions Fundamentals 87-A(8), 2180–2181 (2004)Google Scholar
- 18.Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Efficient Remote User Authentication Scheme based on Generalized ElGamal Signature Scheme. IEEE Trans. Consumer Electronics 50(2), 568–570 (2004)Google Scholar
- 22.Ku, W.C., Chang, S.T., Chiang, M.H.: Further Cryptanalysis of Fingerprint-based Remote User Authentication Scheme Using Smartcards. IEE Electronics Letters 41(5) (2005)Google Scholar
- 23.Lu, R., Cao, Z.: Efficient Remote User Authentication Scheme Using Smart Card. Computer Networks (April 2005) (article in press) Google Scholar
- 26.Asokan, N., Debar, H., Steiner, M., Waidner, M.: Authenticating Public Terminals. Computer Networks 31(8), 861–870 (April 1999)Google Scholar
- 27.Anderson, R.J.: Why Cryptosystems Fail. In: Proc. of First ACM Conference on Computer and Communications Security, November 1993, USA, pp. 215–227 (1993)Google Scholar
- 29.Rankl, W., Effing, W. (eds.): Smart Card Handbook, 3rd edn. John Wiley & Sons, Chichester (2003)Google Scholar