Cryptanalysis of Truong et al.'s Fingerprint Biometric Remote Authentication Scheme Using Mobile Device

In 2010, Chen et al. focused at the vulnerability of smart card based authentication systems owing to leakage of secret information from smart card. They proposed a scheme with a view to boost the security of such authentication systems. However, in 2012, Truong et al. found Chen et al.'s scheme weak at resisting replay attack and spoofing attacks; thereby they proposed an improved scheme to counterfeit these weaknesses. Undoubtedly, the improved scheme by Truong et al. is free from defects pointed out on Chen et al.'s scheme, but here we show that problems like impersonation attacks, password guessing, etc are adhered with its design. We show that Truong et al.'s scheme violates Chen et al.'s aim to get rid of information-leak hazard from the smart card or mobile device based authentication schemes.

[1]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[2]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[3]  Chin-Laung Lei,et al.  Provably secure and efficient identification and key agreement protocol with user anonymity , 2011, J. Comput. Syst. Sci..

[4]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[5]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[6]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[7]  Cheng-Chi Lee,et al.  Mobile device integration of a fingerprint biometric remote authentication scheme , 2012, Int. J. Commun. Syst..

[8]  Manoj Kumar,et al.  Cryptanalysis and security enhancement of Chen et al.’s remote user authentication scheme using smart card , 2012, Central European Journal of Computer Science.

[9]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[10]  Anh Duc Duong,et al.  Robust Mobile Device Integration of a Fingerprint Biometric Remote Authentication Scheme , 2012, 2012 IEEE 26th International Conference on Advanced Information Networking and Applications.

[11]  Zhoujun Li,et al.  A provably secure authenticated key agreement protocol for wireless communications , 2012, Comput. Electr. Eng..

[12]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[13]  Changjun Jiang,et al.  A biometric-based user authentication for wireless sensor networks , 2010, Wuhan University Journal of Natural Sciences.

[14]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[15]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[16]  Kwok-Wo Wong,et al.  Cryptanalysis of a password authentication scheme over insecure networks , 2008, J. Comput. Syst. Sci..

[17]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[18]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[19]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.

[20]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.

[21]  J. K. Lee,et al.  Fingerprint-based remote user authentication scheme using smart cards , 2002 .

[22]  Dong Hoon Lee,et al.  A remote user authentication scheme without using smart cards , 2009, Comput. Stand. Interfaces.

[23]  Chien-Lung Hsu Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[24]  Sahadeo Padhye,et al.  A pairing‐free certificateless authenticated key agreement protocol , 2012, Int. J. Commun. Syst..

[25]  Xiaomin Wang,et al.  Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices , 2008 .

[26]  Jizhou Sun,et al.  Cryptanalysis of a mutual authentication scheme based on nonce and smart cards , 2009, Comput. Commun..

[27]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..