The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Security Enhancement of Biometrics-based Remote User Authentication Scheme Using Smart Cards

스마트 카드를 이용한 생체인식 기반 원격 사용자 인증 스킴의 보안성 개선

  • An, Young-Hwa (Dept. of Computer and Media Engineering, Kangnam University) ;
  • Joo, Young-Do (Dept. of Computer and Media Engineering, Kangnam University)
  • 안영화 (강남대학교 컴퓨터미디어공학부) ;
  • 주영도 (강남대학교 컴퓨터미디어공학부)
  • Received : 2012.01.08
  • Accepted : 2012.02.10
  • Published : 2012.02.29
Download PDF
⟨ Previous Next ⟩

Abstract

In 2011, Das proposed an effective biometrics-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication, while eliminating the security drawbacks of Li-Hwang's scheme. In this paper, we have shown that Das's scheme is still insecure against several attacks and does not provide mutual authentication. Also, we proposed the enhanced scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result of security analysis, the enhanced scheme is secure against user impersonation attack, server masquerading attack, off-line password guessing attack, and insider attack. And we can see that the enhanced scheme provides mutual authentication between the user and the server.

2011년에 Das는 Li-Hwang의 스킴의 보안 문제점을 개선하면서 강력한 인증과 상호 인증을 제공할 수 있는 효율적인 생체인식 기반 원격사용자 스킴을 제안하였다. 본 논문에서는 Das의 인증 스킴이 여러 가지 공격들에 대해 안전하지 않으며 상호 인증도 제공하고 있지 않음을 증명하였다. 또한, 본 논문에서는 비록 스마트 카드에 저장되어 있는 비밀정보가 누출된다 하더라도 이와 같은 보안 문제점들을 해결할 수 있는 개선된 스킴을 제안하였다. 보안성 분석 결과, 개선된 스킴은 사용자 위장 공격, 서버 위장 공격, off-line 패스워드 추측 공격 그리고 내부자 공격에 안전하고 사용자와 서버 사이에 상호인증을 제공함을 알 수 있다.

Keywords

References

  1. M. S. Hwang, L. H. Li, "A New Remote User Authentication Scheme Using Smart Cards", IEEE Transactions on Consumer Electronics 46, pp. 28-30, 2000 https://doi.org/10.1109/30.826377
  2. E. J. Yoon, E. K. Ryu and K. Y. Yoo, "Further Improvements of an Efficient Password based Remote User Authentication Scheme Using Smart Cards", IEEE Transactions on Consumer Electronics 50(2), pp. 612-614, 2004 https://doi.org/10.1109/TCE.2004.1309437
  3. M. L. Das, A. Sxena and V. P. Gulathi, "A Dynamic ID-based Remote User Authentication Scheme", IEEE Transactions on Consumer Electronics 50(2), pp. 629-631. 2004 https://doi.org/10.1109/TCE.2004.1309441
  4. C. W. Lin, C. S. Tsai and M. S. Hwang, "A New Strong-Password Authentication Scheme Using One-Way Hash Functions", Journal of Computer and Systems Sciences International, Vol. 45, No.4, pp. 623-626, 2006 https://doi.org/10.1134/S1064230706040137
  5. C. S. Bindu, P. C. S. Reddy and B. Satyanarayana, "Improved Remote User Authentication Scheme Preserving User Anonymity", International Journal of Computer Science and Network Security 8(3), pp. 62-66, 2008
  6. W. C. Ku, S. T. Chang and M. H. Chiang, "Further Cryptanalysis of Fingerprint-based Remote User Authentication Scheme Using Smart Cards", Electronics Letters, Vol. 41, No. 5, pp. 240-241 (2005) https://doi.org/10.1049/el:20047658
  7. M. K. Khan, J. Zhang, "An Efficient and Practical Fingerprint-based Remote User Authentication Scheme with Smart Cards", ISPEC 2006, LNCS 3903, pp. 260-268, 2006
  8. C. C. Chang, S. C. Chang and Y. W. Lai, "An Improved Biometrics-based User Authentication Scheme without Concurrency System", International Journal of Intelligent Information Processing, Vol. 1, No. 1, pp. 41-49, 2010 https://doi.org/10.4156/ijiip.vol1.issue1.5
  9. C. T. Li, M. S Hwang, "An Efficient Biometrics -based Remote User Authentication Scheme Using Smart Cards", Journal of Network and Computer Applications, Vol. 33, pp. 1-5, 2010 https://doi.org/10.1016/j.jnca.2009.08.001
  10. A. K. Das, "Analysis and Improvement on an Efficient Biometric-based Remote User Authentication Scheme Using Smart Cards", IET Information Security Vol.5, Iss. 3, pp. 145-151, 2011 https://doi.org/10.1049/iet-ifs.2010.0125
  11. P. Kocher, J. Jaffe and B. Jun, "Differential Power Analysis", Proceedings of Advances in Cryptology, pp. 388-397, 1999
  12. T. S. Messerges, E. A. Dabbish and R. H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks", IEEE Transactions on Computers 51(5), pp. 541-552, 2002 https://doi.org/10.1109/TC.2002.1004593

Cited by

  1. Integration of Application Program for Dementia Diagnosis using Biometric Sensor and Oxygen Chamber vol.14, pp.11, 2013, https://doi.org/10.5762/KAIS.2013.14.11.5847
  2. A Design of Protocol Based on Smartcard for Financial Information to Protect in E-payment System vol.14, pp.11, 2013, https://doi.org/10.5762/KAIS.2013.14.11.5872
  3. A Study of Authentication Method for Id-Based Encryption Using In M2M Environment vol.14, pp.4, 2013, https://doi.org/10.5762/KAIS.2013.14.4.1926
  4. Weaknesses and Improvement of User Authentication Scheme against Smart-Card Loss Attack vol.16, pp.6, 2016, https://doi.org/10.7236/JIIBC.2016.16.6.95