Privacy Preserving Biometric-Based User Authentication Protocol Using Smart Cards

2014 IEEE 17th International Conference on Computational Science and Engineering Pub Date : 2014-12-19 DOI:10.1109/CSE.2014.285

Minsu Park, Hyunsung Kim, Sung-Woon Lee

{"title":"Privacy Preserving Biometric-Based User Authentication Protocol Using Smart Cards","authors":"Minsu Park, Hyunsung Kim, Sung-Woon Lee","doi":"10.1109/CSE.2014.285","DOIUrl":null,"url":null,"abstract":"How to provide both security and privacy in communication networks has been an important issue for ubiquitous computing. Especially, user authentication in the current IT services has become one of important security issues. However, the security weaknesses in the user authentication have been exposed seriously due to the careless secret related information management and the sophisticated attack techniques. Recently, an enhanced biometric-based user authentication protocol is proposed by An, which uses three factors, password, smart card and biometrics. However, this paper shows that An's protocol has weaknesses in the password guessing attack and the lack of privacy support if an attacker could get user's smart card, could read on it and could intercept session messages between user and server. Furthermore, this paper proposes a privacy preserving biometric-based user authentication protocol using smart card, which could solve the overall problems in An's protocol and even put privacy considerations on it. The overall security analyses show that the proposed protocol achieves the desired security goals.","PeriodicalId":258990,"journal":{"name":"2014 IEEE 17th International Conference on Computational Science and Engineering","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 17th International Conference on Computational Science and Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSE.2014.285","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

How to provide both security and privacy in communication networks has been an important issue for ubiquitous computing. Especially, user authentication in the current IT services has become one of important security issues. However, the security weaknesses in the user authentication have been exposed seriously due to the careless secret related information management and the sophisticated attack techniques. Recently, an enhanced biometric-based user authentication protocol is proposed by An, which uses three factors, password, smart card and biometrics. However, this paper shows that An's protocol has weaknesses in the password guessing attack and the lack of privacy support if an attacker could get user's smart card, could read on it and could intercept session messages between user and server. Furthermore, this paper proposes a privacy preserving biometric-based user authentication protocol using smart card, which could solve the overall problems in An's protocol and even put privacy considerations on it. The overall security analyses show that the proposed protocol achieves the desired security goals.

查看原文本刊更多论文

使用智能卡的基于生物特征的隐私保护用户认证协议

如何在通信网络中提供安全和隐私一直是普适计算的一个重要问题。特别是用户身份验证在当前IT服务中已经成为重要的安全问题之一。但是，由于保密信息管理的疏忽和攻击技术的成熟，使得用户认证中的安全漏洞暴露无遗。最近，an提出了一种基于生物特征的增强型用户认证协议，该协议采用密码、智能卡和生物特征三要素。然而，本文表明，如果攻击者可以获得用户的智能卡，可以读取用户的智能卡，并且可以拦截用户与服务器之间的会话消息，那么An协议在猜密码攻击和缺乏隐私支持方面存在弱点。在此基础上，本文提出了一种基于智能卡的隐私保护生物特征的用户认证协议，解决了安氏协议整体存在的问题，甚至对安氏协议进行了隐私方面的考虑。总体安全性分析表明，提出的协议达到了预期的安全目标。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2014 IEEE 17th International Conference on Computational Science and Engineering

自引率

0.00%

发文量