Weaknesses of the Yoon-Kim-Yoo remote user authentication scheme using smart cards

Chen, Te-Yu; Ling, Chung-Huei; Hwang, Min‐Shiang

doi:10.1109/iweca.2014.6845736

Cited by 6 publications

(2 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, it is impossible to directly apply two-party authentication methods devised for a single server environment to a multiserver environment. To handle this problem, several multiserver authentication schemes (for example [14], [15], [16], [17], [18], [19]) have been proposed in the literature. Yoon and Yoo [20] proposed a multi-server authentication scheme using the biometrics-based smart card and ECC.…”

Section: B Related Workmentioning

confidence: 99%

A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards

Odelu

Das

Goswami

2015

IEEE Trans.Inform.Forensic Secur.

365

212

View full text Add to dashboard Cite

Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we first analyze He-Wang's scheme and show that their scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user's anonymity. Furthermore, He-Wang's scheme cannot provide the user revocation facility when the smart card is lost/stolen or user's authentication parameter is revealed. Apart from these, HeWang's scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase. We then propose a new secure multiserver authentication protocol using biometric-based smart card and ECC with more security functionalities. Using the BurrowsAbadi-Needham (BAN) logic, we show that our scheme provides secure authentication. In addition, we simulate our scheme for the formal security verification using the widely-accepted and used AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, and show that our scheme is secure against passive and active attacks. Our scheme provides high security along with low communication cost, computational cost, and variety of security features. As a result, our scheme is very suitable for battery-limited mobile devices as compared to HeWang's scheme.

show abstract

Section: B Related Workmentioning

confidence: 99%

A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards

Odelu

Das

Goswami

2015

IEEE Trans.Inform.Forensic Secur.

365

212

View full text Add to dashboard Cite

show abstract

“…The existing system tries to overcome a common drawback of older remote authentication schemes [3]. By using smart cards user's identity was static in all the transaction sessions.…”

Section: Existing System:-mentioning

confidence: 99%

Video-Object Steganography Mechanism to Overcome Compression Loss in Biometric Based Authentication

PRAKASH¹,

NIVETHA²

2016

IJAR

View full text Add to dashboard Cite

When sensitive information is exchanged through wireless communication, it requires remote authentication. The Authentication is obtained by the biometric signal, which is difficult to forge copy and share. The method of steganography is employed in providing the authentication. The biometric signals is encrypted with a video-object and sent. The remote authentication is based on the semantic segmentation, chaotic encryption and data hiding. To authenticate user X remotely, X video-object is extracted then the biometric signal is encrypted by chaotic encryption. The encrypted biometric signal is inserted to the most significant wavelet coefficient of video-object by using QSWT (Qualified Significant Wavelet Tree). QSWT provide invisibility and resistant against lossy transition and compression. Now video-object along with biometric signal is extracted as stego-object which is compressed and sent to receiver. While decryption, IDWT (Inverse Discrete Wavelet Transform) is used to retrieve the biometric signal from videoobject. One of the challenging problem in decrypting is the biometric signal is not clear for authentication. This loss occurs due to compression of stegoobject. To overcome the above issue, Image Coder is used to detect the compression loss and Integrate Region Matching is used to reduce the compression loss. This method provides security in encryption and robustness against steganalytic attacks to various transmission losses and JPEG compression issues. This proposed method of biometric based authentication uses bandwidth in an efficient manner.

show abstract

An Improved Hou-Wang’s User Authentication Scheme

Hwang

Yang

2018

Information Science and Applications 2018

View full text Add to dashboard Cite

Weaknesses of the Yoon-Kim-Yoo remote user authentication scheme using smart cards

Cited by 6 publications

References 29 publications

A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards

A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards

Video-Object Steganography Mechanism to Overcome Compression Loss in Biometric Based Authentication

An Improved Hou-Wang’s User Authentication Scheme

Contact Info

Product

Resources

About