Improving the security of ‘a flexible biometrics remote user authentication scheme’

Khan, Muhammad Khurram; Zhang, Jiashu

doi:10.1016/j.csi.2006.01.002

Cited by 145 publications

(84 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…has been used to design biometrics-based user authentication schemes [7][8][9][10]. There are several advantages of using biometrics key as compared to traditional passwords.…”

Section: Introductionmentioning

confidence: 99%

Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards

An¹

2012

Journal of the Korea Society of Computer and Information

View full text Add to dashboard Cite

Many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2010, Chang et al. proposed an improved biometrics-based user authentication scheme without concurrency system which can withstand forgery attack, off-line password guessing attack, replay attack, etc. In this paper, we analyze the security weaknesses of Chang et al.' s scheme and we have shown that Chang et al.' s scheme is still insecure against man-in-the-middle attack, off-line biometrics guessing attack, and does not provide mutual authentication between the user and the server. And we proposed the improved scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result, the proposed scheme is secure for the user authentication attack, the server masquerading attack, the man-in-the-middle attack, and the off-line biometrics guessing attack, does provide the mutual authentication between the user and the remote server. And, in terms of computational complexities, the proposed scheme is more effective than Chang et al.' s scheme.

show abstract

“…has been used to design biometrics-based user authentication schemes [7][8][9][10]. There are several advantages of using biometrics key as compared to traditional passwords.…”

Section: Introductionmentioning

confidence: 99%

Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards

An¹

2012

Journal of the Korea Society of Computer and Information

View full text Add to dashboard Cite

show abstract

“…In 1990, Hwang et al [2] proposed a non-interactive password authentication scheme and its improved version, which additionally uses smart cards. Since then, many password authentication schemes using smart cards have been proposed [3,4,5], and each has its advantages and disadvantages. In 2001, Juang [6] constructed an enhanced version of authentication scheme based on hash function and symmetric key cryptosystem.…”

Section: Related Workmentioning

confidence: 99%

Cryptanalysis of Smart-card-based remote User Authentication Scheme for Multi-server Environment

Sun

Moon

Choi

et al. 2016

The Proceedings of the 4th International Conference on Industrial Application Engineering 2016

View full text Add to dashboard Cite

The traditional remote user authentication scheme is designed for single-server environment. However, with the increasing of network services, the user is not only required to severally register with each server, but also must store a mass of different identities and passwords. Therefore, a large number of password based remote user authentication scheme for multi-server environment have been proposed by researchers. Unfortunately, all the proposed remote user authentication scheme for multi-server environment have a big design defect in the login phase that user have to use the original static ID to login to server without encrypt. To fix this problem, Li et al. proposed a dynamic ID based remote user authentication scheme for multi-server environment. Recently, Shunmuganathan et al. pointed out that Li et al.'s scheme is vulnerable to off-line password guessing attack, stolen smart card attack and user impersonation attack. Later, they proposed an improved protocol to fix these problems. However, we found that Shunmuganathan et al.'s scheme is still vulnerable to off-line password guessing attack, off-line identity guessing attack and user impersonation attack.

show abstract

“…In 2004 Lin and Lai [10] proposed a "flexible biometric remote user authentication scheme". But Khan and Zhang [11] has shown that, this scheme is susceptible to the server spoofing attack. In 2010 Li and Hwang [12] proposed a remote user authentication scheme based on biometric verification but above scheme does not provide proper authentication and cannot resist manin-the middle attack, as shown by Li et al [13] in 2011.…”

Section: Introductionmentioning

confidence: 99%

Biometric Based Remote Login Password Authentication Scheme Using Smart Card

2016

IJAERD

View full text Add to dashboard Cite

show abstract

Improving the security of ‘a flexible biometrics remote user authentication scheme’

Cited by 145 publications

References 19 publications

Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards

Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards

Cryptanalysis of Smart-card-based remote User Authentication Scheme for Multi-server Environment

Biometric Based Remote Login Password Authentication Scheme Using Smart Card

Contact Info

Product

Resources

About