Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards

Younghwa An (안영화)

Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2012, 17(2), pp.159-166
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

Younghwa An ¹

¹강남대학교

Accredited

ABSTRACT

Many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2010, Chang et al. proposed an improved biometrics-based user authentication scheme without concurrency system which can withstand forgery attack, off-line password guessing attack, replay attack, etc. In this paper, we analyze the security weaknesses of Chang et al.’s scheme and we have shown that Chang et al.’s scheme is still insecure against man-in-the-middle attack, off-line biometrics guessing attack, and does not provide mutual authentication between the user and the server. And we proposed the improved scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result, the proposed scheme is secure for the user authentication attack, the server masquerading attack, the man-in-the-middle attack, and the off-line biometrics guessing attack, does provide the mutual authentication between the user and the remote server. And, in terms of computational complexities, the proposed scheme is more effective than Chang et al.’s scheme.

KEYWORDS

Authentication, Biometrics, Man-in-the-Middle Attack, Mutual Authentication

Citation status

* References for papers published after 2023 are currently being built.

[journal] J.J. Shen / 2003 / Security Enhancement for the Timestamp-based Password Authentication Scheme Using Smart Cards / Computers and Security 22(7) : 591~595

[journal] E. J. Yoon / 2004 / Further Improvements of an Efficient Password-based Remote User Authentication Scheme Using Smart Cards / IEEE Transactions on Consumer Electronics 50(2) : 612~614

[journal] M.L. Das / 2004 / A Dynamic ID-based Remote User Authentication Scheme / IEEE Transactions on Consumer Electronics 50(2) : 629~631

[journal] C.S. Bindu / 2008 / Improved Remote User Authentication Scheme Preserving User Anonymity / International Journal of Computer Science and Network Security 8(3) : 62~66

[journal] 이영숙 / 2010 / Cryptanalysis and Enhancement of a Remote User Authentication Scheme Using Smart Cards / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 15(1) : 139~147

[journal] 서정만 / 2010 / Security Improvements on the Remote User Authentication Scheme Using Smart Cards / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 15(3) : 91~97

[journal] A.T.B. Jin / 2004 / Biohashing : two Factor Authentication Featuring Fingerprint Data and Tokenized Random Number / Pattern Recognition 37 : 2245~2255

[journal] M.K. Khan / 2007 / Improving the Security of a Flexible Biometrics Remote User Authentication Scheme / Computer Standards and Interfaces 29(1) : 82~85

[journal] C.T. Li / 2010 / An Efficient Biometrics-based Remote User Authentication Scheme Using Smart Cards / Journal of Network and Computer Applications 33 : 1~5

[journal] C.C. Chang / 2010 / An Improved Biometrics-based User Authentication Scheme without Concurrency System / International Journal of Intelligent Information Processing 1(1) : 41~49

[confproc] P. Kocher / 1999 / Differential Power Analysis / Proceedings of Advances in Cryptology : 388~397

[journal] T. S. Messerges / 2002 / Examining Smart-Card Security under the Threat of Power Analysis Attacks / IEEE Transactions on Computers 51(5) : 541~552

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65