Privacy Preserving Biometric-Based User Authentication Protocol Using Smart Cards

How to provide both security and privacy in communication networks has been an important issue for ubiquitous computing. Especially, user authentication in the current IT services has become one of important security issues. However, the security weaknesses in the user authentication have been exposed seriously due to the careless secret related information management and the sophisticated attack techniques. Recently, an enhanced biometric-based user authentication protocol is proposed by An, which uses three factors, password, smart card and biometrics. However, this paper shows that An's protocol has weaknesses in the password guessing attack and the lack of privacy support if an attacker could get user's smart card, could read on it and could intercept session messages between user and server. Furthermore, this paper proposes a privacy preserving biometric-based user authentication protocol using smart card, which could solve the overall problems in An's protocol and even put privacy considerations on it. The overall security analyses show that the proposed protocol achieves the desired security goals.

[1]  Sung-Woon Lee,et al.  Improvement of HWWM-authenticated key agreement protocol , 2005, Appl. Math. Comput..

[2]  Kee-Young Yoo,et al.  Improved efficient remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[3]  Wei-Chi Ku,et al.  Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards , 2005 .

[4]  Dongho Won,et al.  On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys , 2014, TheScientificWorldJournal.

[5]  Sung-Woon Lee,et al.  Efficient Password-Based Authenticated Key Agreement Protocol , 2004, ICCSA.

[6]  Michael Scott,et al.  Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints , 2004, OPSR.

[7]  Chin-Chen Chang,et al.  An Improved Biometrics-based User Authentication Scheme without Concurrency System , 2010, International Journal of Intelligent Information Processing.

[8]  Hyun Sung Kim,et al.  Location-based authentication protocol for first cognitive radio networking standard , 2011, J. Netw. Comput. Appl..

[9]  Kee-Young Yoo,et al.  Comment on "A remote user authentication scheme using smart cards with forward secrecy , 2004, IEEE Trans. Consumer Electron..

[10]  Kee-Young Yoo,et al.  Improvement of Lee and Lee's authenticated key agreement scheme , 2005, Appl. Math. Comput..

[11]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[12]  Amit K. Awasthi,et al.  A remote user authentication scheme using smart cards with forward secrecy , 2003, IEEE Trans. Consumer Electron..

[13]  Kee-Young Yoo,et al.  ID-based password authentication scheme using smart cards and fingerprints , 2003, OPSR.

[14]  Kee-Young Yoo,et al.  Efficient nonce-based remote user authentication scheme using smart cards , 2005, Appl. Math. Comput..

[15]  Younghwa An,et al.  Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards , 2012, Journal of biomedicine & biotechnology.