Abstract
Recently, Lee et al. proposed a fingerprint-based remote user authentication scheme using smart cards. We demonstrate that their scheme is vulnerable and susceptible to the attack and has some practical pitfalls. Their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, so their scheme suscepts from the server spoofing attack. Furthermore, in their scheme, remote system generates and assigns the passwords, and users cannot choose and change their passwords. Moreover, passwords are long pseudorandom numbers and difficult to remember for a user. To solve these problems, we propose an efficient and practical fingerprint-based remote user authentication scheme using smart cards, which is based on one-way collision free hash functions. Proposed scheme not only overcomes all the drawbacks and problems of Lee et al.’s scheme, but also provides a secure and user-friendly fingerprint-based remote user authentication over insecure network. In addition, computational costs and efficiency of the proposed scheme are better than Lee et al.’s scheme.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24(11), 770–772 (1981)
Hwang, M.S., Li, L.H.: A New Remote User Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics 46(1), 28–30 (2000)
El Gamal, T.: A Public-key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information 31(4), 469–472 (1985)
Wang, S.J., Chang, J.F.: Smart Card Based Secure Password Authentication Scheme. Computers and security 15(3), 231–237 (1996)
Yang, W.H., Shieh, S.P.: Password Authentication Schemes with Smart Cards. Computers and Security 18(8), 727–733 (1999)
Sun, H.M.: An Efficient Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 46(4), 958–961 (2000)
Lee, C.C., Hwang, M.S., Yang, W.P.: A Flexible Remote User Authentication Scheme Using Smart Cards. ACM Operating Systems Review 36(3), 46–52 (2002)
Lee, J.K., Ryu, S.R., Yoo, K.Y.: Fingerprint-based Remote User Authentication Scheme Using Smart Cards. IEE Electronics Letters 12, 554–555 (2002)
Hsieh, B.T., Yeh, H.T., Sun, H.M., Lin, C.T.: Cryptanalysis of a Fingerprint-based Remote User Authentication Scheme Using Smart Cards’. In: Proc. IEEE 37th Annual 2003 Int. Carnahan Conf. on Security Technology, Taipei, Taiwan, pp. 349–350 (2003)
Shen, J.J., Lin, C.W., Hwang, M.S.: A Modified Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 49(2), 414–416 (2003)
Chang, C.C., Hwang, K.F.: Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards. Informatics 14(3), 289–294 (2003)
Shyi-Tsong, W., Bin-Chang, C.: A User Friendly Remote Authentication Scheme with Smart cards. Computers & Security 22(6), 547–550 (2003)
Leung, K.C., Cheng, L.M., Fong, A.S., Chan, C.K.: Cryptanalysis of a Modified Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 49(4), 1243–1245 (2003)
Hsu, C.L.: Security of Chien et al.’s Remote User Authentication Scheme Using Smart Cards. Computer Standards and Interfaces 26(3), 167–169 (2004)
Kumar, M.: New Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 50(2), 597–600 (2004)
Yang, C.C., Wang, R.C.: Cryptanalysis of a User Friendly Remote Authentication Scheme with Smart cards. Computers & Security 23(5), 425–427 (2004)
Wu, S.T., Chieu, B.C.: A Note on a User Friendly Remote User Authentication Scheme with Smart Cards. IEICE Transactions Fundamentals 87-A(8), 2180–2181 (2004)
Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Efficient Remote User Authentication Scheme based on Generalized ElGamal Signature Scheme. IEEE Trans. Consumer Electronics 50(2), 568–570 (2004)
Hsu, C.L.: Security of Chien et al.’s Remote User Authentication Scheme Using Smart Cards. Computer Standard and Interfaces 26(3), 167–169 (2004)
Lin, C.H., Lai, Y.Y.: A Flexible Biometrics Remote User Authentication Scheme. Computer Standard and interfaces 27(1), 19–23 (2004)
Yoon, E.J., Ryu, E.K., Yoo, K.Y.: An Improvement of Hwang-Lee-Tang’s Simple Remote User Authentication Scheme. Computers and Security 24, 50–56 (2005)
Ku, W.C., Chang, S.T., Chiang, M.H.: Further Cryptanalysis of Fingerprint-based Remote User Authentication Scheme Using Smartcards. IEE Electronics Letters 41(5) (2005)
Lu, R., Cao, Z.: Efficient Remote User Authentication Scheme Using Smart Card. Computer Networks (April 2005) (article in press)
Jain, A.K., Uludag, U.: Hiding Biometric Data. IEEE Transactions Pattern Analysis and Machine Intelligence 25(11), 1494–1498 (2003)
Jain, A.K., Hong, L., Bolle, R.: On-Line Fingerprint Verification. IEEE Transactions Pattern Analysis and Machine Intelligence 19(4), 302–314 (1997)
Asokan, N., Debar, H., Steiner, M., Waidner, M.: Authenticating Public Terminals. Computer Networks 31(8), 861–870 (April 1999)
Anderson, R.J.: Why Cryptosystems Fail. In: Proc. of First ACM Conference on Computer and Communications Security, November 1993, USA, pp. 215–227 (1993)
Mitchell, C.: Limitations of Challenge-response Entity Authentication. Electronic Letters 25(17), 1195–1196 (August 1989)
Rankl, W., Effing, W. (eds.): Smart Card Handbook, 3rd edn. John Wiley & Sons, Chichester (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Khan, M.K., Zhang, J. (2006). An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2006. Lecture Notes in Computer Science, vol 3903. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11689522_24
Download citation
DOI: https://doi.org/10.1007/11689522_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33052-3
Online ISBN: 978-3-540-33058-5
eBook Packages: Computer ScienceComputer Science (R0)