Skip to main content
SpringerLink
Log in
Book cover

International Conference on Brain Inspired Cognitive Systems

BICS 2013: Advances in Brain Inspired Cognitive Systems pp 271–277Cite as

Cryptanalysis of Truong et al.’s Fingerprint Biometric Remote Authentication Scheme Using Mobile Device

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 7888))

Abstract

In 2010, Chen et al. focused at the vulnerability of smart card based authentication systems owing to leakage of secret information from smart card. They proposed a scheme with a view to boost the security of such authentication systems. However, in 2012, Truong et al. found Chen et al.’s scheme weak at resisting replay attack and spoofing attacks; thereby they proposed an improved scheme to counterfeit these weaknesses. Undoubtedly, the improved scheme by Truong et al. is free from defects pointed out on Chen et al.’s scheme, but here we show that problems like impersonation attacks, password guessing, etc are adhered with its design. We show that Truong et al.’s scheme violates Chen et al.’s aim to get rid of information-leak hazard from the smart card or mobile device based authentication schemes.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Hwang, M.S., Li, L.H.: A New Remote User Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics 46(1), 28–30 (2000)

    Article  Google Scholar 

  2. Sun, H.M.: An Efficient Remote User Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics 46(4), 958–961 (2000)

    Article  Google Scholar 

  3. Chein, H.Y., Jan, J.K., Tseng, Y.M.: An Efficient and Practical Solution to Remote Authentication: Smart Card. Computers and Security 21(4), 372–375 (2002)

    Article  Google Scholar 

  4. Liao, I.E., Lee, C.C., Hwang, M.S.: A Password Authentication Scheme over Insecure Networks. Journal of Computer and System Sciences 72(4), 727–740 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  5. Lee, J.K., Ryu, S.R., Yoo, K.Y.: Fingerprint based Remote User Authentication Scheme using Smart Cards. Electronics Letters 38(2), 554–555 (2002)

    Article  Google Scholar 

  6. Lin, C.H., Lai, Y.Y.: A Flexible Biometrics Remote User Authentication Scheme. Computer Standards & Interfaces 27(1), 19–23 (2004)

    Article  Google Scholar 

  7. Khan, M.K., Zhang, J.: Improving the Security of ’a Flexible Biometrics Remote User Authentication Scheme’. Comput. Stand. Interfaces 29, 82–85 (2007)

    Article  Google Scholar 

  8. Yuan, J., Jiang, C., Jiang, Z.: A Biometric-Based User Authentication for Wireless Sensor Networks. Wuhan University Journal of Natural Sciences 15, 272–276 (2010), http://dx.doi.org/10.1007/s11859-010-0318-2

    Article  Google Scholar 

  9. Kumari, S., Gupta, M.K., Kumar, M.: Cryptanalysis And Security Enhancement of Chen et al. ’s Remote User Authentication Scheme Using Smart Card. Central European Journal of Computer Science 2(1), C60–75C (2012)

    Article  Google Scholar 

  10. He, D., Chen, J., Hu, J.: A Pairing-free Certificateless Authenticated Key Agreement Protocol. International Journal of Communication Systems 25(2), 221–230 (2012)

    Article  Google Scholar 

  11. Guo, H., Xu, C., Mu, Y., Li, Z.: A Provably Secure Authenticated Key Agreement Protocol for Wireless Communications. Computers and Electrical Engineering 38, 563–572 (2012)

    Article  MATH  Google Scholar 

  12. Wang, R.C., Juang, W.S., Lei, C.L.: Provably Secure And Efficient Identification and Key Agreement Protocol with User Anonymity. Journal of Computer and System Sciences 77, 790–798 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  13. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  14. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smart-card Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  15. Rhee, H.S., Kwon, J.O., Lee, D.H.: A Remote User Authentication Scheme Without using Smart Cards. Computer Standards and Interfaces 31(1), 6–13 (2009)

    Article  Google Scholar 

  16. Chen, C.L., Lee, C.C., Hsu, C.Y.: Mobile Device Integration of a Fingerprint Biometric Remote Authentication Scheme. International Journal of Communication Systems (2011), http://dx.doi.org/10.1002/dac.1277

  17. Sun, D.Z., Huai, J.P., Sun, J.Z., Li, J.X.: Cryptanalysis of a Mutual Authentication Scheme Based on Nonce and Smart Cards. Computer Communications 32(6), 1015–1017 (2009)

    Article  Google Scholar 

  18. Hsu, C.L.: Security of Chein et al.’s Remote User Authentication Scheme using Smart Cards. Computer Standards and Interfaces 26(3), 167–169 (2004)

    Article  Google Scholar 

  19. Ku, W.C., Chen, S.M.: Weaknesses and Improvements of an Efficient Password based Remote User Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics 50(1), 204–207 (2004)

    Article  Google Scholar 

  20. Xiang, T., Wong, K.W., Liao, X.: Cryptanalysis of a Password Authentication Scheme over Insecure Networks. Journal of Computer and System Sciences 74(5), 657–661 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  21. Wang, X.M., Zhang, W.F., Zhang, J.S., Khan, M.K.: Cryptanalysis and Improvement on two Efficient Remote User Authentication Scheme using Smart Cards. Computer Standards and Interfaces 29(5), 507–512 (2007)

    Article  Google Scholar 

  22. Khan, M.K., Kim, S.K., Alghathbar, K.: Cryptanalysis and Security Enhancement of a ‘More Efficient & Secure Dynamic ID-based Remote User Authentication Scheme’. Computer Communications 34(3), 305–309 (2010)

    Article  Google Scholar 

  23. Khan, M.K., Zhang, J., Wang, X.: Chaotic Hash based Fingerprint Biometric Remote User Authentication Scheme on Mobile Devices. Chaos, Solitons & Fractals 35(3), 519–524 (2008)

    Article  Google Scholar 

  24. Truong, T.T., Tran, M.T., Duong, A.D.: Robust Mobile Device Integration of a Fingerprint Biometric Remote Authentication Scheme. In: Proceedings of 26th IEEE International Conference on Advanced Information Networking and Applications, pp. 678–685 (2012)

    Google Scholar 

  25. Bellcore Press Release. New Threat Model Breaks Crypto Codes, Bellcore Press Release (September 1996)

    Google Scholar 

  26. Yen, S.M., Joye, M.: Checking Before Output Not Be Enough Against Fault-based Cryptanalysis. IEEE Transactions on Computers 49(9), 967–970 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center of Excellence in Information Assurance, King Saud University, Riyadh, Kingdom of Saudi Arabia

    Muhammad Khurram Khan

  2. Department of Mathematics, Agra College, Agra, Uttar Pradesh, India

    Saru Kumari

  3. Department of Mathematics, Chaudhary Charan Singh University, Meerut, Uttar Pradesh, India

    Mridul K. Gupta

  4. Prince Muqrin Chair for IT Security, King Saud University, Saudi Arabia

    Fahad T. Bin Muhaya

Authors
  1. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mridul K. Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fahad T. Bin Muhaya
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Chinese Academy of Sciences, Institute of Automation, The State Key Laboratory of Management and Control for Complex Systems, 100190, Beijing, China

    Derong Liu  & Dongbin Zhao  & 

  2. Dipartimento di Elettronica, Informazione e Bioingegneria, Politecnico di Milano, 20133, Milano, Italy

    Cesare Alippi

  3. Department of Computing Science and Mathematics, University of Stirling, FK9 4LA, Stirling, UK

    Amir Hussain

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Khan, M.K., Kumari, S., Gupta, M.K., Muhaya, F.T.B. (2013). Cryptanalysis of Truong et al.’s Fingerprint Biometric Remote Authentication Scheme Using Mobile Device. In: Liu, D., Alippi, C., Zhao, D., Hussain, A. (eds) Advances in Brain Inspired Cognitive Systems. BICS 2013. Lecture Notes in Computer Science(), vol 7888. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38786-9_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38786-9_31

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38785-2

  • Online ISBN: 978-3-642-38786-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation