Abstract
In 2010, Chen et al. focused at the vulnerability of smart card based authentication systems owing to leakage of secret information from smart card. They proposed a scheme with a view to boost the security of such authentication systems. However, in 2012, Truong et al. found Chen et al.’s scheme weak at resisting replay attack and spoofing attacks; thereby they proposed an improved scheme to counterfeit these weaknesses. Undoubtedly, the improved scheme by Truong et al. is free from defects pointed out on Chen et al.’s scheme, but here we show that problems like impersonation attacks, password guessing, etc are adhered with its design. We show that Truong et al.’s scheme violates Chen et al.’s aim to get rid of information-leak hazard from the smart card or mobile device based authentication schemes.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Hwang, M.S., Li, L.H.: A New Remote User Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics 46(1), 28–30 (2000)
Sun, H.M.: An Efficient Remote User Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics 46(4), 958–961 (2000)
Chein, H.Y., Jan, J.K., Tseng, Y.M.: An Efficient and Practical Solution to Remote Authentication: Smart Card. Computers and Security 21(4), 372–375 (2002)
Liao, I.E., Lee, C.C., Hwang, M.S.: A Password Authentication Scheme over Insecure Networks. Journal of Computer and System Sciences 72(4), 727–740 (2006)
Lee, J.K., Ryu, S.R., Yoo, K.Y.: Fingerprint based Remote User Authentication Scheme using Smart Cards. Electronics Letters 38(2), 554–555 (2002)
Lin, C.H., Lai, Y.Y.: A Flexible Biometrics Remote User Authentication Scheme. Computer Standards & Interfaces 27(1), 19–23 (2004)
Khan, M.K., Zhang, J.: Improving the Security of ’a Flexible Biometrics Remote User Authentication Scheme’. Comput. Stand. Interfaces 29, 82–85 (2007)
Yuan, J., Jiang, C., Jiang, Z.: A Biometric-Based User Authentication for Wireless Sensor Networks. Wuhan University Journal of Natural Sciences 15, 272–276 (2010), http://dx.doi.org/10.1007/s11859-010-0318-2
Kumari, S., Gupta, M.K., Kumar, M.: Cryptanalysis And Security Enhancement of Chen et al. ’s Remote User Authentication Scheme Using Smart Card. Central European Journal of Computer Science 2(1), C60–75C (2012)
He, D., Chen, J., Hu, J.: A Pairing-free Certificateless Authenticated Key Agreement Protocol. International Journal of Communication Systems 25(2), 221–230 (2012)
Guo, H., Xu, C., Mu, Y., Li, Z.: A Provably Secure Authenticated Key Agreement Protocol for Wireless Communications. Computers and Electrical Engineering 38, 563–572 (2012)
Wang, R.C., Juang, W.S., Lei, C.L.: Provably Secure And Efficient Identification and Key Agreement Protocol with User Anonymity. Journal of Computer and System Sciences 77, 790–798 (2011)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smart-card Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)
Rhee, H.S., Kwon, J.O., Lee, D.H.: A Remote User Authentication Scheme Without using Smart Cards. Computer Standards and Interfaces 31(1), 6–13 (2009)
Chen, C.L., Lee, C.C., Hsu, C.Y.: Mobile Device Integration of a Fingerprint Biometric Remote Authentication Scheme. International Journal of Communication Systems (2011), http://dx.doi.org/10.1002/dac.1277
Sun, D.Z., Huai, J.P., Sun, J.Z., Li, J.X.: Cryptanalysis of a Mutual Authentication Scheme Based on Nonce and Smart Cards. Computer Communications 32(6), 1015–1017 (2009)
Hsu, C.L.: Security of Chein et al.’s Remote User Authentication Scheme using Smart Cards. Computer Standards and Interfaces 26(3), 167–169 (2004)
Ku, W.C., Chen, S.M.: Weaknesses and Improvements of an Efficient Password based Remote User Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics 50(1), 204–207 (2004)
Xiang, T., Wong, K.W., Liao, X.: Cryptanalysis of a Password Authentication Scheme over Insecure Networks. Journal of Computer and System Sciences 74(5), 657–661 (2008)
Wang, X.M., Zhang, W.F., Zhang, J.S., Khan, M.K.: Cryptanalysis and Improvement on two Efficient Remote User Authentication Scheme using Smart Cards. Computer Standards and Interfaces 29(5), 507–512 (2007)
Khan, M.K., Kim, S.K., Alghathbar, K.: Cryptanalysis and Security Enhancement of a ‘More Efficient & Secure Dynamic ID-based Remote User Authentication Scheme’. Computer Communications 34(3), 305–309 (2010)
Khan, M.K., Zhang, J., Wang, X.: Chaotic Hash based Fingerprint Biometric Remote User Authentication Scheme on Mobile Devices. Chaos, Solitons & Fractals 35(3), 519–524 (2008)
Truong, T.T., Tran, M.T., Duong, A.D.: Robust Mobile Device Integration of a Fingerprint Biometric Remote Authentication Scheme. In: Proceedings of 26th IEEE International Conference on Advanced Information Networking and Applications, pp. 678–685 (2012)
Bellcore Press Release. New Threat Model Breaks Crypto Codes, Bellcore Press Release (September 1996)
Yen, S.M., Joye, M.: Checking Before Output Not Be Enough Against Fault-based Cryptanalysis. IEEE Transactions on Computers 49(9), 967–970 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Khan, M.K., Kumari, S., Gupta, M.K., Muhaya, F.T.B. (2013). Cryptanalysis of Truong et al.’s Fingerprint Biometric Remote Authentication Scheme Using Mobile Device. In: Liu, D., Alippi, C., Zhao, D., Hussain, A. (eds) Advances in Brain Inspired Cognitive Systems. BICS 2013. Lecture Notes in Computer Science(), vol 7888. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38786-9_31
Download citation
DOI: https://doi.org/10.1007/978-3-642-38786-9_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38785-2
Online ISBN: 978-3-642-38786-9
eBook Packages: Computer ScienceComputer Science (R0)