Abstract
User authentication is highly necessary technology in a variety of services. Many researchers have proposed a two-factor authentication scheme using certificate and OTP, smartcard and password, and so on. Two-factor authentication requires an additional factor rather than one-factor authentication. Therefore, loss or exposure can occur, since users always must carry and manage the additional device or factor. For this reason, biometric authentication, used in many services, needs a verification method of the user without an additional factor. Fingerprinting is widely used in service due to excellent recognition, low cost device, and less user-hostile. However, fingerprint recognition always uses the same fingerprint template, due to the inalterability. This causes a problem of reusable fingerprint by a malicious attacker. Therefore, we proposed a secure two-factor user authentication system using fingerprint information and password to solve the existing two-factor problem. The proposed scheme is secure against reuse of a fingerprint. It does not need an extra device, so efficiency and accessibility are improved.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bamasak, O. (2011). Exploring consumers acceptance of mobile payments—an empirical study. International Journal of Information Technology, Communications and Convergence. doi:10.1504/IJITCC.2011.039284.
Bolle R. M., Connell J. H., Ratha N. K. (2002) Biometric perils and patches. Pattern Recognition 35(12): 2727–2738
Buter B., Dijkshoorn N., Modolo D., Nguyen Q., Noort S. V., Poel B., Salah A. A., Akdag Salah A. A. (2011) Explorative visualization and analysis of a social network for arts: The case of deviantART. Journal of Convergence 2(1): 87–94
Chen H., Chen H. (2011) A novel algorithm of fingerprint encryption using minutiae-based transformation. Pattern Recognition Letters 32(2): 305–309
Chong R. M., Tanaka T. (2010) Motion blur identification using maxima locations for blind colour image restoration. Journal of Convergence 1(1): 49–56
Das A. K. (2011) Cryptanalysis and further improvement of a biometric-based remote user authentication scheme using smart cards. International Journal of Network Security & Its Applications 3(2): 13–28
Jia, J., & Cai, L. (2007). Fake finger detection based on time-series fingerprint image analysis. In Proceedings of ICIC’07 international conference on advanced intelligent computing theories and applications, LNCS 4681 (pp. 1140–1150).
Jian, P., Min, W., & Yadong, L. (2008). Design and implementation of an embedded fingerprint identification system for the bank staff identity authentication. ICESS Symposia ’08 (pp. 69–72).
Lee C. H., Choi J. Y., Toh K.-A., Lee S. Y. (2007) Alignment-free cancelable fingerprint templates based on local minutiae information. IEEE Transactions on system, Man, and Cybernetics 37(4): 980–992
Lee Y. H., Kim S. J., Won D. H. (2006) Weakness and improvements of Yong-Lee’s anonymous fingerprinting protocol. IEICE Transactions on Fundamentals 89-A(7): 2084–2087
Li C. T., Hwang M. S. (2010) An efficient biometric-based remote authentication scheme using smart cards. Journal of Network and Computer Applications 33(1): 1–5
Li X., Niu J. W., Wang W. D., Liu C. L. (2011) Cryptanalysis and improvement of a biometric-based remote authentication scheme using smart cards. Journal of Network and Computer Applications 34(1): 73–79
Liou, J. C., Bhashyam, S. (2010). A feasible and cost effective two-factor authentication for online transactions. In Software engineering and data mining (SEDM), 2010 2nd international conference (pp. 47–51).
Liu E., Liang J., Pang L., Xie M., Tian J. (2010) Minutiae and modified Biocode fusion for fingerprint-based key generation. Journal of Network and Computer Applications 33(3): 221–235
Liu, E., Zhao, H., Liang, J., Pang, L., Chen, H., & Tian, J. (2011). Random local region descriptor (RLRD): a new method for fixed-length feature representation of fingerprint image and its application to template protection. Future Generation Computer Systems. doi:10.1016/j.future.2011.01.001.
Moon, D., Chung, Y., Seo, C., Kim, S.-Y., Kim, J.-N. (2012). A practical implementation of fuzzy fingerprint vault for smart cards. Journal of Intelligent Manufacturing. doi:10.1007/s10845-012-0656-3.
Prabhakar S., Pankanti S., Jain A. K. (2003) Biometric recognition: Security and privacy concerns. IEEE Security & Privacy, 1(2): 33–42
Ratha N. K., Chikkerur S., Connell J. H., Bolle R. M. (2007) Generating cancelable fingerprint templates. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(4): 561–572
Ratha N. K., Connell J. H., Bolle R. M. (2001) Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 40(3): 614–634
Rathgeb C., Uhl A. (2010) Two-factor authentication or how to potentially counterfeit experimental results in biometric systems. Lecture Notes in computer Science 6112: 296–305
Shin Y., Shin W. (2010) A telebiometric system mechanism model and biometric network protocol for the security of networked manufacturing. Journal of Intelligent Manufacturing 21(5): 595–605
Uz T., Bebis G., Erol A., Prabhakar S. (2009) Minutiae-based template synthesis and matching for fingerprint authentication. Computer Vision and Image Understanding 113(9): 979–992
Xie, B., Kumar, A., Zhao, D., Reddy, R., & He, B. (2010). On secure communication in integrated heterogeneous wireless networks. International Journal of Information Technology, Communications and Convergence. doi:10.1504/IJITCC.2010.035224.
Yang, H., Jiang, X., Kot, & A. C. (2009). Generating secure cancelable finger print templates using local and global features. In 2nd IEEE international conference on computer science and information technology (pp. 645–649.
Yong, S., & Lee, S. (2005). An efficient fingerprinting scheme with symmetric and commutative encryption. In International workshop on digital watermarking 2005, LNCS 3710 (pp. 54–66).
Zheng, H., Kwak, J., Son, K. H., Lee, W. S., Kim, S. J., & Won, D. H. (2006). Confidence value based multi levels of authentication for ubiquitous computing environments. In Proceedings of ICCSA 2006, international conference on computational science and its applications, LNCS 3981 (pp. 954–963).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Go, W., Lee, K. & Kwak, J. Construction of a secure two-factor user authentication system using fingerprint information and password. J Intell Manuf 25, 217–230 (2014). https://doi.org/10.1007/s10845-012-0669-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10845-012-0669-y