On the Security of Yoon and Yoo’s Biometrics Remote User Authentication Scheme

Authors: ,

Abstract: With the prevalence of electronic and mobile commerce, remote user authentication has become an essential component in identifying the legality of the log in user. Recently, Yoon and Yoo criticized the biometric-base authentication system proposed by Khan and Zhang that it is doubtful to parallel session attack and privileged insider’s attack. Yoon and Yoo therefore proposed an improved scheme to correct Khan-Zhang’s scheme. In addition, Yoon-Yoo’s scheme largely reduced the computation cost of Khan-Zhang’s scheme. In this paper, we demonstrate that the Yoon-Yoo’s scheme is still vulnerable to offline password guessing attack to break the protocol. First, storing the fingerprint template in the smart card for fingerprint verification is not a good idea in Yoon-Yoo’s scheme. Considering when the contents of the smart card are obtained by an adversary. Second, with the value from the previous valid login message, it allows the adversary to perform offline password guessing attack using the equation. Our study further proposed a secure improvement of Yoon-Yoo’s scheme to correct the aforementioned security flaws with minimum alteration in the computation cost.

WSEAS Transactions on Information Science and Applications, ISSN / E-ISSN: 1790-0832 / 2224-3402, Volume 11, 2014, Art. #10

PDF
XML
Cite
×
Citation Tools
WSEAS AMA
Ming Liu, Wen-Gong Shieh, "On the Security of Yoon and Yoo’s Biometrics Remote User Authentication Scheme," WSEAS Transactions on Information Science and Applications, vol. 11, pp. 94-103, 2014, DOI:
Ming Liu, Wen-Gong Shieh. On the Security of Yoon and Yoo’s Biometrics Remote User Authentication Scheme. WSEAS Transactions on Information Science and Applications. 2014;11:94-103.
Copy to Clipboard
Citation copied to Clipboard

Certification

---