Abstract
In 2002, Lee, Ryu, and Yoo proposed a fingerprint-based remote user authentication scheme using smart cards. The scheme makes it possible for authenticating the legitimacy of each login user without any password table. In addition, the authors claimed that the scheme can withstand message replay attack and impersonation. In this paper, we shall point out a security flaw in this scheme, that is, <i>n</i> legitimate users can conspire to forge 2<sup><i>n</i></sup>-<i>n</i>-1 valid IDs and PWs for successfully passing the system authentication. Furthermore, we also show that the authentication equation is incorrect. Thus, the scheme is unworkable.
- C. C. Chang, R. J. Hwang, and J. B. Daniel, "Using smart cards to authenticate passwords," in Proceedings of IEEE International Carnahan Conference on Security Technology, pp. 19--21, Ottawa, Canada, Oct. 1993.Google Scholar
- C. C. Chang and S. J. Hwang, "Using smart cards to authenticate remote passwords," Computers and Mathematics with Applications, vol. 26, no. 7, pp. 19--27, 1993.Google ScholarCross Ref
- C. C. Chang, S. M. Tsu, and C. Y. Chen, "Remote scheme for password authentication based on theory of quadratic residues," Computer Communications, vol. 18, no. 12, pp. 936--942, 1995. Google ScholarDigital Library
- M. S. Hwang, "A remote password authentication scheme based on the digital signature method," International Journal of Computer Mathematics, vol. 70, no. 4, pp. 657--666, 1999.Google ScholarCross Ref
- M. S. Hwang and L. H. Li, "A new remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 46, no. 1, pp. 28--30, 2000. Google ScholarDigital Library
- J. K. Lee, S. R. Ryu, and K. Y. Yoo, "Fingerprint-based remote user authentication scheme using smart card," Electronics Letters, vol. 38, no. 12, pp. 554--555, 2002.Google ScholarCross Ref
- S. J. Wang and J. F. Chang, "Smart card based secure password authentication scheme," Computers & Security, vol. 15, no. 3, pp. 231--237, 1996.Google ScholarDigital Library
- T. C. Wu, "Remote login authentication scheme based on a geometric approach," Computer Communications, vol. 18, no. 12, pp. 959--963, 1995. Google ScholarDigital Library
- T. C. Wu and H. S. Sung, "Authentication passwords over an insecure channel," Computers & Security, vol. 15, no. 5, pp. 431--439, 1996.Google ScholarDigital Library
Index Terms
- Remarks on fingerprint-based remote user authentication scheme using smart cards
Recommendations
Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards
Recently, Li and Hwang proposed a biometrics-based remote user authentication scheme using smart cards [Journal of Network and Computer Applications 33 (2010) 1-5]. The scheme is based on biometrics verification, smart card and one-way hash function, ...
A hash-based strong-password authentication scheme without using smart cards
So far, many strong-password authentication schemes have been proposed, however, none is secure enough. In 2003, Lin, Shen, and Hwang proposed a strong-password authentication scheme using smart cards, and claimed that their scheme can resist the ...
Improved Biometric-Based Three-factor Remote User Authentication Scheme with Key Agreement Using Smart Card
ICISS 2013: Proceedings of the 9th International Conference on Information Systems Security - Volume 8303Remote user authentication is a very important mechanism in the network system to verify the correctness of remote user and server over the insecure channel. In remote user authentication, server and user mutually authenticate each other and draw a ...
Comments