Abstract
Traditional remote user authentication methods mainly employ the possession of a token (magnetic cards, cell phones, personal digital assistant (PDA), and notebook computers, etc.) and/or the knowledge of a secret (password, etc.) in order to establish the identity of an individual. In 2006, Khan et al. proposed an efficient and practical chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. The current paper, however, demonstrates that Khan et al.’s scheme is vulnerable to a privileged insider’s attacks and impersonation attacks by using lost or stolen mobile devices. Also, we present an improvement to their scheme in order to isolate such problems.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Rila, L., Mitchell, C.J.: Security protocols for biometrics-based cardholder authentication in smartcards, 2846th edn. LNCS, vol. 2846, pp. 254–264. Springer-Verlag Heidelberg, Heidelberg (2003)
Khan, M.K., Jiashu, Z., Wang, X.M.: Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons & Fractals, Elsevier Science, doi:10.1016/j.chaos.2006.05.061 (in press)
Wang, X.M., Jiashu, Z., Wenfang, Z.: Keyed hash function based on composite nonlinear autoregressive filter. Acta Phys Sinica;54:5566-73 (in Chinese) (2005)
Ku, W.C., Chuang, H.M., Tsaur, M.J.: Vulnerabilities of Wu-Chieus improved password authentication scheme using smart cards. IEICE Trans. Fundamentals E88–A(11), 3241–3243 (2005)
Menezes, A.J, Oorschot, P.C, Vanstone, S.A: Handbook of applied cryptograph. CRC Press, Boca Raton, FL (1997)
Yoon, E.J, Ryu, E.K, Yoo, K.Y.: An improvement of Hwang.Lee.Tang’s simple remote user authentication scheme. Comput. Secur. 24, 50–56 (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yoon, EJ., Yoo, KY. (2007). A Secure Chaotic Hash-Based Biometric Remote User Authentication Scheme Using Mobile Devices. In: Chang, K.CC., et al. Advances in Web and Network Technologies, and Information Management. APWeb WAIM 2007 2007. Lecture Notes in Computer Science, vol 4537. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72909-9_68
Download citation
DOI: https://doi.org/10.1007/978-3-540-72909-9_68
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72908-2
Online ISBN: 978-3-540-72909-9
eBook Packages: Computer ScienceComputer Science (R0)