Improvement of a Fingerprint-Based Remote User Authentication Scheme

Password authentication has been adopted as one of the most commonly used solutions in network environments to protect resources from unauthorized access. Recently, Khan et al. proposed an efficient fingerprint-based remote user authentication scheme with smart cards, in which a password/verification table is not required on the remote server, and users are allowed to choose and update their passwords freely. In this paper, we show that their scheme is vulnerable to the parallel session attack. Furthermore, their scheme is susceptible to the impersonation attack provided that the information stored in the smart card is disclosed by an adversary. We also propose an improved scheme which is immune to the presented attacks.

[1]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[2]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[3]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[4]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[5]  Muhammad Khurram Khan,et al.  An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards , 2006, ISPEC.

[6]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[7]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[8]  Chin-Chen Chang,et al.  Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards , 2003, Informatica.

[9]  Yu Xiuyuan A Modified Remote User Authentication Scheme Using Smart Cards , 2008 .

[10]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[11]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[12]  Shyi-Tsong Wu,et al.  A user friendly remote authentication scheme with smart cards , 2003, Comput. Secur..

[13]  Wei-Chi Ku,et al.  Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards , 2005 .

[14]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[15]  Manoj Kumar,et al.  New remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[16]  Chien-Lung Hsu Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[17]  Cheng-Chi Lee,et al.  A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[18]  J. K. Lee,et al.  Fingerprint-based remote user authentication scheme using smart cards , 2002 .

[19]  Chi-Kwong Chan,et al.  Cryptanalysis of a modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..