An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards

  • Muhammad Khurram Khan
  • Jiashu Zhang
Conference paper

DOI: 10.1007/11689522_24

Part of the Lecture Notes in Computer Science book series (LNCS, volume 3903)
Cite this paper as:
Khan M.K., Zhang J. (2006) An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards. In: Chen K., Deng R., Lai X., Zhou J. (eds) Information Security Practice and Experience. ISPEC 2006. Lecture Notes in Computer Science, vol 3903. Springer, Berlin, Heidelberg

Abstract

Recently, Lee et al. proposed a fingerprint-based remote user authentication scheme using smart cards. We demonstrate that their scheme is vulnerable and susceptible to the attack and has some practical pitfalls. Their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, so their scheme suscepts from the server spoofing attack. Furthermore, in their scheme, remote system generates and assigns the passwords, and users cannot choose and change their passwords. Moreover, passwords are long pseudorandom numbers and difficult to remember for a user. To solve these problems, we propose an efficient and practical fingerprint-based remote user authentication scheme using smart cards, which is based on one-way collision free hash functions. Proposed scheme not only overcomes all the drawbacks and problems of Lee et al.’s scheme, but also provides a secure and user-friendly fingerprint-based remote user authentication over insecure network. In addition, computational costs and efficiency of the proposed scheme are better than Lee et al.’s scheme.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Muhammad Khurram Khan
    • 1
  • Jiashu Zhang
    • 1
  1. 1.Research Group for Biometrics and Security, Sichuan Province Key Laboratory of Signal and Information ProcessingSouthwest Jiaotong UniversityChengduP.R. China

Personalised recommendations