An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards

  • Muhammad Khurram Khan
  • Jiashu Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3903)

Abstract

Recently, Lee et al. proposed a fingerprint-based remote user authentication scheme using smart cards. We demonstrate that their scheme is vulnerable and susceptible to the attack and has some practical pitfalls. Their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, so their scheme suscepts from the server spoofing attack. Furthermore, in their scheme, remote system generates and assigns the passwords, and users cannot choose and change their passwords. Moreover, passwords are long pseudorandom numbers and difficult to remember for a user. To solve these problems, we propose an efficient and practical fingerprint-based remote user authentication scheme using smart cards, which is based on one-way collision free hash functions. Proposed scheme not only overcomes all the drawbacks and problems of Lee et al.’s scheme, but also provides a secure and user-friendly fingerprint-based remote user authentication over insecure network. In addition, computational costs and efficiency of the proposed scheme are better than Lee et al.’s scheme.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24(11), 770–772 (1981)CrossRefMathSciNetGoogle Scholar
  2. 2.
    Hwang, M.S., Li, L.H.: A New Remote User Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics 46(1), 28–30 (2000)CrossRefGoogle Scholar
  3. 3.
    El Gamal, T.: A Public-key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information 31(4), 469–472 (1985)MATHCrossRefGoogle Scholar
  4. 4.
    Wang, S.J., Chang, J.F.: Smart Card Based Secure Password Authentication Scheme. Computers and security 15(3), 231–237 (1996)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Yang, W.H., Shieh, S.P.: Password Authentication Schemes with Smart Cards. Computers and Security 18(8), 727–733 (1999)CrossRefGoogle Scholar
  6. 6.
    Sun, H.M.: An Efficient Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 46(4), 958–961 (2000)CrossRefGoogle Scholar
  7. 7.
    Lee, C.C., Hwang, M.S., Yang, W.P.: A Flexible Remote User Authentication Scheme Using Smart Cards. ACM Operating Systems Review 36(3), 46–52 (2002)CrossRefGoogle Scholar
  8. 8.
    Lee, J.K., Ryu, S.R., Yoo, K.Y.: Fingerprint-based Remote User Authentication Scheme Using Smart Cards. IEE Electronics Letters 12, 554–555 (2002)CrossRefGoogle Scholar
  9. 9.
    Hsieh, B.T., Yeh, H.T., Sun, H.M., Lin, C.T.: Cryptanalysis of a Fingerprint-based Remote User Authentication Scheme Using Smart Cards’. In: Proc. IEEE 37th Annual 2003 Int. Carnahan Conf. on Security Technology, Taipei, Taiwan, pp. 349–350 (2003)Google Scholar
  10. 10.
    Shen, J.J., Lin, C.W., Hwang, M.S.: A Modified Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 49(2), 414–416 (2003)CrossRefGoogle Scholar
  11. 11.
    Chang, C.C., Hwang, K.F.: Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards. Informatics 14(3), 289–294 (2003)MATHMathSciNetGoogle Scholar
  12. 12.
    Shyi-Tsong, W., Bin-Chang, C.: A User Friendly Remote Authentication Scheme with Smart cards. Computers & Security 22(6), 547–550 (2003)CrossRefGoogle Scholar
  13. 13.
    Leung, K.C., Cheng, L.M., Fong, A.S., Chan, C.K.: Cryptanalysis of a Modified Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 49(4), 1243–1245 (2003)CrossRefGoogle Scholar
  14. 14.
    Hsu, C.L.: Security of Chien et al.’s Remote User Authentication Scheme Using Smart Cards. Computer Standards and Interfaces 26(3), 167–169 (2004)CrossRefGoogle Scholar
  15. 15.
    Kumar, M.: New Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 50(2), 597–600 (2004)CrossRefGoogle Scholar
  16. 16.
    Yang, C.C., Wang, R.C.: Cryptanalysis of a User Friendly Remote Authentication Scheme with Smart cards. Computers & Security 23(5), 425–427 (2004)CrossRefGoogle Scholar
  17. 17.
    Wu, S.T., Chieu, B.C.: A Note on a User Friendly Remote User Authentication Scheme with Smart Cards. IEICE Transactions Fundamentals 87-A(8), 2180–2181 (2004)Google Scholar
  18. 18.
    Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Efficient Remote User Authentication Scheme based on Generalized ElGamal Signature Scheme. IEEE Trans. Consumer Electronics 50(2), 568–570 (2004)Google Scholar
  19. 19.
    Hsu, C.L.: Security of Chien et al.’s Remote User Authentication Scheme Using Smart Cards. Computer Standard and Interfaces 26(3), 167–169 (2004)CrossRefGoogle Scholar
  20. 20.
    Lin, C.H., Lai, Y.Y.: A Flexible Biometrics Remote User Authentication Scheme. Computer Standard and interfaces 27(1), 19–23 (2004)CrossRefGoogle Scholar
  21. 21.
    Yoon, E.J., Ryu, E.K., Yoo, K.Y.: An Improvement of Hwang-Lee-Tang’s Simple Remote User Authentication Scheme. Computers and Security 24, 50–56 (2005)CrossRefGoogle Scholar
  22. 22.
    Ku, W.C., Chang, S.T., Chiang, M.H.: Further Cryptanalysis of Fingerprint-based Remote User Authentication Scheme Using Smartcards. IEE Electronics Letters 41(5) (2005)Google Scholar
  23. 23.
    Lu, R., Cao, Z.: Efficient Remote User Authentication Scheme Using Smart Card. Computer Networks (April 2005) (article in press) Google Scholar
  24. 24.
    Jain, A.K., Uludag, U.: Hiding Biometric Data. IEEE Transactions Pattern Analysis and Machine Intelligence 25(11), 1494–1498 (2003)CrossRefGoogle Scholar
  25. 25.
    Jain, A.K., Hong, L., Bolle, R.: On-Line Fingerprint Verification. IEEE Transactions Pattern Analysis and Machine Intelligence 19(4), 302–314 (1997)CrossRefGoogle Scholar
  26. 26.
    Asokan, N., Debar, H., Steiner, M., Waidner, M.: Authenticating Public Terminals. Computer Networks 31(8), 861–870 (April 1999)Google Scholar
  27. 27.
    Anderson, R.J.: Why Cryptosystems Fail. In: Proc. of First ACM Conference on Computer and Communications Security, November 1993, USA, pp. 215–227 (1993)Google Scholar
  28. 28.
    Mitchell, C.: Limitations of Challenge-response Entity Authentication. Electronic Letters 25(17), 1195–1196 (August 1989)CrossRefGoogle Scholar
  29. 29.
    Rankl, W., Effing, W. (eds.): Smart Card Handbook, 3rd edn. John Wiley & Sons, Chichester (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Muhammad Khurram Khan
    • 1
  • Jiashu Zhang
    • 1
  1. 1.Research Group for Biometrics and Security, Sichuan Province Key Laboratory of Signal and Information ProcessingSouthwest Jiaotong UniversityChengduP.R. China

Personalised recommendations