Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

[1]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[2]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[3]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[4]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[5]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[6]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[7]  Miguel A. Patricio,et al.  Privacy and Legal Requirements for Developing Biometric Identification Software in Context-Based Applications 13 , 2010 .

[8]  Min-Shiang Hwang,et al.  A new strong-password authentication scheme using one-way hash functions , 2006 .

[9]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[10]  Muhammad Khurram Khan,et al.  An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards , 2006, ISPEC.

[11]  Gang Qu,et al.  Fingerprint - Iris Fusion Based Identification System Using a Single Hamming Distance Matcher , 2009, 2009 Symposium on Bio-inspired Learning and Intelligent Systems for Security.

[12]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[13]  Chin-Chen Chang,et al.  An Improved Biometrics-based User Authentication Scheme without Concurrency System , 2010, International Journal of Intelligent Information Processing.

[14]  Yixian Yang,et al.  Improved Remote User Authentication Scheme Preserving User Anonymity , 2007, Fifth Annual Conference on Communication Networks and Services Research (CNSR '07).

[15]  Wei-Chi Ku,et al.  Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards , 2005 .