Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security Practice and Experience

ISPEC 2006: Information Security Practice and Experience pp 260–268Cite as

An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3903))

Abstract

Recently, Lee et al. proposed a fingerprint-based remote user authentication scheme using smart cards. We demonstrate that their scheme is vulnerable and susceptible to the attack and has some practical pitfalls. Their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, so their scheme suscepts from the server spoofing attack. Furthermore, in their scheme, remote system generates and assigns the passwords, and users cannot choose and change their passwords. Moreover, passwords are long pseudorandom numbers and difficult to remember for a user. To solve these problems, we propose an efficient and practical fingerprint-based remote user authentication scheme using smart cards, which is based on one-way collision free hash functions. Proposed scheme not only overcomes all the drawbacks and problems of Lee et al.’s scheme, but also provides a secure and user-friendly fingerprint-based remote user authentication over insecure network. In addition, computational costs and efficiency of the proposed scheme are better than Lee et al.’s scheme.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  2. Hwang, M.S., Li, L.H.: A New Remote User Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics 46(1), 28–30 (2000)

    Article  Google Scholar 

  3. El Gamal, T.: A Public-key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information 31(4), 469–472 (1985)

    Article  MATH  Google Scholar 

  4. Wang, S.J., Chang, J.F.: Smart Card Based Secure Password Authentication Scheme. Computers and security 15(3), 231–237 (1996)

    Article  MathSciNet  Google Scholar 

  5. Yang, W.H., Shieh, S.P.: Password Authentication Schemes with Smart Cards. Computers and Security 18(8), 727–733 (1999)

    Article  Google Scholar 

  6. Sun, H.M.: An Efficient Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 46(4), 958–961 (2000)

    Article  Google Scholar 

  7. Lee, C.C., Hwang, M.S., Yang, W.P.: A Flexible Remote User Authentication Scheme Using Smart Cards. ACM Operating Systems Review 36(3), 46–52 (2002)

    Article  Google Scholar 

  8. Lee, J.K., Ryu, S.R., Yoo, K.Y.: Fingerprint-based Remote User Authentication Scheme Using Smart Cards. IEE Electronics Letters 12, 554–555 (2002)

    Article  Google Scholar 

  9. Hsieh, B.T., Yeh, H.T., Sun, H.M., Lin, C.T.: Cryptanalysis of a Fingerprint-based Remote User Authentication Scheme Using Smart Cards’. In: Proc. IEEE 37th Annual 2003 Int. Carnahan Conf. on Security Technology, Taipei, Taiwan, pp. 349–350 (2003)

    Google Scholar 

  10. Shen, J.J., Lin, C.W., Hwang, M.S.: A Modified Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 49(2), 414–416 (2003)

    Article  Google Scholar 

  11. Chang, C.C., Hwang, K.F.: Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards. Informatics 14(3), 289–294 (2003)

    MATH  MathSciNet  Google Scholar 

  12. Shyi-Tsong, W., Bin-Chang, C.: A User Friendly Remote Authentication Scheme with Smart cards. Computers & Security 22(6), 547–550 (2003)

    Article  Google Scholar 

  13. Leung, K.C., Cheng, L.M., Fong, A.S., Chan, C.K.: Cryptanalysis of a Modified Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 49(4), 1243–1245 (2003)

    Article  Google Scholar 

  14. Hsu, C.L.: Security of Chien et al.’s Remote User Authentication Scheme Using Smart Cards. Computer Standards and Interfaces 26(3), 167–169 (2004)

    Article  Google Scholar 

  15. Kumar, M.: New Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics 50(2), 597–600 (2004)

    Article  Google Scholar 

  16. Yang, C.C., Wang, R.C.: Cryptanalysis of a User Friendly Remote Authentication Scheme with Smart cards. Computers & Security 23(5), 425–427 (2004)

    Article  Google Scholar 

  17. Wu, S.T., Chieu, B.C.: A Note on a User Friendly Remote User Authentication Scheme with Smart Cards. IEICE Transactions Fundamentals 87-A(8), 2180–2181 (2004)

    Google Scholar 

  18. Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Efficient Remote User Authentication Scheme based on Generalized ElGamal Signature Scheme. IEEE Trans. Consumer Electronics 50(2), 568–570 (2004)

    Google Scholar 

  19. Hsu, C.L.: Security of Chien et al.’s Remote User Authentication Scheme Using Smart Cards. Computer Standard and Interfaces 26(3), 167–169 (2004)

    Article  Google Scholar 

  20. Lin, C.H., Lai, Y.Y.: A Flexible Biometrics Remote User Authentication Scheme. Computer Standard and interfaces 27(1), 19–23 (2004)

    Article  Google Scholar 

  21. Yoon, E.J., Ryu, E.K., Yoo, K.Y.: An Improvement of Hwang-Lee-Tang’s Simple Remote User Authentication Scheme. Computers and Security 24, 50–56 (2005)

    Article  Google Scholar 

  22. Ku, W.C., Chang, S.T., Chiang, M.H.: Further Cryptanalysis of Fingerprint-based Remote User Authentication Scheme Using Smartcards. IEE Electronics Letters 41(5) (2005)

    Google Scholar 

  23. Lu, R., Cao, Z.: Efficient Remote User Authentication Scheme Using Smart Card. Computer Networks (April 2005) (article in press)

    Google Scholar 

  24. Jain, A.K., Uludag, U.: Hiding Biometric Data. IEEE Transactions Pattern Analysis and Machine Intelligence 25(11), 1494–1498 (2003)

    Article  Google Scholar 

  25. Jain, A.K., Hong, L., Bolle, R.: On-Line Fingerprint Verification. IEEE Transactions Pattern Analysis and Machine Intelligence 19(4), 302–314 (1997)

    Article  Google Scholar 

  26. Asokan, N., Debar, H., Steiner, M., Waidner, M.: Authenticating Public Terminals. Computer Networks 31(8), 861–870 (April 1999)

    Google Scholar 

  27. Anderson, R.J.: Why Cryptosystems Fail. In: Proc. of First ACM Conference on Computer and Communications Security, November 1993, USA, pp. 215–227 (1993)

    Google Scholar 

  28. Mitchell, C.: Limitations of Challenge-response Entity Authentication. Electronic Letters 25(17), 1195–1196 (August 1989)

    Article  Google Scholar 

  29. Rankl, W., Effing, W. (eds.): Smart Card Handbook, 3rd edn. John Wiley & Sons, Chichester (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Research Group for Biometrics and Security, Sichuan Province Key Laboratory of Signal and Information Processing, Southwest Jiaotong University, Chengdu, Sichuan, P.R. China

    Muhammad Khurram Khan & Jiashu Zhang

Authors
  1. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiashu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200240, Shanghai, China

    Kefei Chen  & Xuejia Lai  & 

  2. Singapore Management University (SMU), 80 Stamford Road, 178902, Singapore

    Robert Deng

  3. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Khan, M.K., Zhang, J. (2006). An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2006. Lecture Notes in Computer Science, vol 3903. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11689522_24

Download citation

  • DOI: https://doi.org/10.1007/11689522_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33052-3

  • Online ISBN: 978-3-540-33058-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation