Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational Science and Its Applications

ICCSA 2005: Computational Science and Its Applications – ICCSA 2005 pp 1065–1074Cite as

On the Rila-Mitchell Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards

  • Conference paper

  • 1607 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3483))

Abstract

We consider the security of the Rila-Mitchell security protocols recently proposed for biometrics-based smartcard systems. We first present a man-in-the-middle (MITM) attack on one of these protocols and hence show that it fails to achieve mutual authentication between the smartcard and smartcard reader. In particular, a hostile smartcard can trick the reader into believing that it is a legitimate card and vice versa. We also discuss security cautions that if not handled carefully would lead to attacks. We further suggest countermeasures to strengthen the protocols against our attacks, as well as to guard against the cautions highlighted. Our emphasis here is that seemingly secure protocols when implemented with poor choices of parameters would lead to attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   139.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M.: Explicit Communication Revisited: Two New Attacks on Authentication Protocols. IEEE Transactions on Software Engineering 23(3), 185–186 (1997)

    Article  MathSciNet  Google Scholar 

  2. Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat-Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)

    Google Scholar 

  3. Ferguson, N., Schneier, B.: Practical Cryptography. Wiley Publishing, Indiana (2003)

    Google Scholar 

  4. ISO/IEC. Information Technology - Security Techniques (Entity Authentication Mechanisms Part 2: Entity authentication using symmetric techniques) (1993)

    Google Scholar 

  5. Lowe, G.: An attack on the Needham-Schroeder public-key protocol. Information Processing Letters 56, 131–133 (1995)

    Article  MATH  Google Scholar 

  6. Rila, L., Mitchell, C.J.: Security Analysis of Smartcard to Card Reader Communications for Biometric Cardholder Authentication. In: 5th Smart Card Research and Advanced Application Conference (CARDIS 2002), USENIX, pp. 19–28 (2002)

    Google Scholar 

  7. Rila, L., Mitchell, C.J.: Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 254–264. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edn. John Wiley & Sons, New York (1996)

    MATH  Google Scholar 

  9. Stinson, D.R.: Cryptography: Theory and Practice, 2nd edn. Chapman & Hall/CRC, Florida (2002)

    Google Scholar 

  10. Syverson, P.: A Taxonomy of Replay Attacks. In: 7th IEEE Computer Security Foundations Workshop, pp. 131–136 (1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Research (iSECURES) Lab, Swinburne Sarawak Institute of Technology, 93576, Kuching, Malaysia

    Raphael C. -W. Phan

  2. Multimedia University, 63100, Cyberjaya, Malaysia

    Bok-Min Goi

Authors
  1. Raphael C. -W. Phan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bok-Min Goi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  5. Institute of High Performance Computing, IHCP, 1 Science Park Road, 01-01 The Capricorn, Singapore Science Park II, 117528, Singapore

    Heow Pueh Lee

  6. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  7. Clayton School of IT, Monash University, 3800, Clayton, Australia

    David Taniar

  8. OptimaNumerics Ltd, Belfast, United Kingdom

    Chih Jeng Kenneth Tan

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Phan, R.C.W., Goi, BM. (2005). On the Rila-Mitchell Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3483. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424925_111

Download citation

  • DOI: https://doi.org/10.1007/11424925_111

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25863-6

  • Online ISBN: 978-3-540-32309-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation