An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards

Recently, Lee et al. proposed a fingerprint-based remote user authentication scheme using smart cards. We demonstrate that their scheme is vulnerable and susceptible to the attack and has some practical pitfalls. Their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, so their scheme suscepts from the server spoofing attack. Furthermore, in their scheme, remote system generates and assigns the passwords, and users cannot choose and change their passwords. Moreover, passwords are long pseudorandom numbers and difficult to remember for a user. To solve these problems, we propose an efficient and practical fingerprint-based remote user authentication scheme using smart cards, which is based on one-way collision free hash functions. Proposed scheme not only overcomes all the drawbacks and problems of Lee et al.'s scheme, but also provides a secure and user-friendly fingerprint-based remote user authentication over insecure network. In addition, computational costs and efficiency of the proposed scheme are better than Lee et al.'s scheme.

[1]  Chin-Chen Chang,et al.  Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards , 2003, Informatica.

[2]  Wang Shiuh-Jeng,et al.  Refereed paper: Smart card based secure password authentication scheme , 1996 .

[3]  Chou Chen Yang,et al.  Cryptanalysis of a user friendly remote authentication scheme with smart cards , 2004, Comput. Secur..

[4]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[5]  Chris J. Mitchell,et al.  Limitations of challenge-response entity authentication , 1989 .

[6]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[7]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[8]  Manoj Kumar,et al.  New remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[9]  Ross J. Anderson Why cryptosystems fail , 1993, CCS '93.

[10]  Chi-Kwong Chan,et al.  Cryptanalysis of a modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[11]  Eun-Jun Yoon,et al.  Efficient remote user authentication scheme based on generalized ElGamal signature scheme , 2004, IEEE Transactions on Consumer Electronics.

[12]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[13]  Hung-Min Sun,et al.  Cryptanalysis of a fingerprint-based remote user authentication scheme using smart cards , 2003, IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings..

[14]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[15]  Wolfgang Rankl,et al.  Smart Card Handbook , 1997 .

[16]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[17]  Chien-Lung Hsu Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[18]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[19]  Anil K. Jain,et al.  Hiding Biometric Data , 2003, IEEE Trans. Pattern Anal. Mach. Intell..

[20]  J. K. Lee,et al.  Fingerprint-based remote user authentication scheme using smart cards , 2002 .

[21]  Cheng-Chi Lee,et al.  A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[22]  Zhenfu Cao,et al.  Efficient remote user authentication scheme using smart card , 2005, Comput. Networks.

[23]  Eun-Jun Yoon,et al.  An improvement of Hwang-Lee-Tang's simple remote user authentication scheme , 2005, Comput. Secur..

[24]  Shyi-Tsong Wu,et al.  A user friendly remote authentication scheme with smart cards , 2003, Comput. Secur..

[25]  Wei-Chi Ku,et al.  Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards , 2005 .

[26]  Hervé Debar,et al.  Authenticating public terminals , 1999, Comput. Networks.

[27]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[28]  Anil K. Jain,et al.  On-line fingerprint verification , 1996, Proceedings of 13th International Conference on Pattern Recognition.