{"title":"改进生物密码认证协议","authors":"Irfan Fadil, A. Barmawi","doi":"10.1109/TSSA.2015.7440428","DOIUrl":null,"url":null,"abstract":"User authentication is a method for authenticating a user. Recently there were some authentication method proposed by researchers, such as a method proposed by Seung et al. where the user authentication process was done using biometric (fingerprint) and password. However, this method has weaknesses such as weak against fake user attack, high time complexity, and it is possible for fake device to obtain the fingerprint of the user. In this work, Elliptic Curve and Keccak Hash Function were proposed to solve the problem. The Elliptic Curve is used for conducting device authentication such that there is no possibility for obtaining user fingerprint by unlegitimate device, while Keccak Hash Function is used for improving the user authentication process, such that the authentication process can be succeeded only if both password and fingerprint is authenticated. The result of experiment shows that the user authentication processing time decreased 35.06 ms-41.6 ms compared with the method proposed by Seung .etal, while the probability of obtaining the fingerprint and password using the proposed method is less than the previous method of 2-57. It is proven that the proposed method is strong against fake device attack for stealing the biometric information and password.","PeriodicalId":428512,"journal":{"name":"2015 9th International Conference on Telecommunication Systems Services and Applications (TSSA)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Improving bio-cryptography authentication protocol\",\"authors\":\"Irfan Fadil, A. Barmawi\",\"doi\":\"10.1109/TSSA.2015.7440428\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"User authentication is a method for authenticating a user. Recently there were some authentication method proposed by researchers, such as a method proposed by Seung et al. where the user authentication process was done using biometric (fingerprint) and password. However, this method has weaknesses such as weak against fake user attack, high time complexity, and it is possible for fake device to obtain the fingerprint of the user. In this work, Elliptic Curve and Keccak Hash Function were proposed to solve the problem. The Elliptic Curve is used for conducting device authentication such that there is no possibility for obtaining user fingerprint by unlegitimate device, while Keccak Hash Function is used for improving the user authentication process, such that the authentication process can be succeeded only if both password and fingerprint is authenticated. The result of experiment shows that the user authentication processing time decreased 35.06 ms-41.6 ms compared with the method proposed by Seung .etal, while the probability of obtaining the fingerprint and password using the proposed method is less than the previous method of 2-57. It is proven that the proposed method is strong against fake device attack for stealing the biometric information and password.\",\"PeriodicalId\":428512,\"journal\":{\"name\":\"2015 9th International Conference on Telecommunication Systems Services and Applications (TSSA)\",\"volume\":\"35 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 9th International Conference on Telecommunication Systems Services and Applications (TSSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TSSA.2015.7440428\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 9th International Conference on Telecommunication Systems Services and Applications (TSSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TSSA.2015.7440428","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
摘要
用户身份验证是对用户进行身份验证的一种方法。最近有一些研究人员提出了一些认证方法,如Seung等人提出的使用生物特征(指纹)和密码来完成用户认证过程的方法。但该方法存在抗假用户攻击能力弱、时间复杂度高、假设备有可能获取用户指纹等缺点。本文提出了椭圆曲线和Keccak哈希函数来解决这一问题。利用椭圆曲线进行设备认证,杜绝非法设备获取用户指纹的可能;利用Keccak哈希函数改进用户认证流程,只有密码和指纹都通过认证,认证过程才能成功。实验结果表明,与Seung等提出的方法相比,该方法的用户认证处理时间缩短了35.06 ms ~ 41.6 ms,而使用该方法获取指纹和密码的概率小于之前方法的2-57。实验证明,该方法具有较强的抗假设备攻击能力,可以有效地窃取用户的生物特征信息和密码。
User authentication is a method for authenticating a user. Recently there were some authentication method proposed by researchers, such as a method proposed by Seung et al. where the user authentication process was done using biometric (fingerprint) and password. However, this method has weaknesses such as weak against fake user attack, high time complexity, and it is possible for fake device to obtain the fingerprint of the user. In this work, Elliptic Curve and Keccak Hash Function were proposed to solve the problem. The Elliptic Curve is used for conducting device authentication such that there is no possibility for obtaining user fingerprint by unlegitimate device, while Keccak Hash Function is used for improving the user authentication process, such that the authentication process can be succeeded only if both password and fingerprint is authenticated. The result of experiment shows that the user authentication processing time decreased 35.06 ms-41.6 ms compared with the method proposed by Seung .etal, while the probability of obtaining the fingerprint and password using the proposed method is less than the previous method of 2-57. It is proven that the proposed method is strong against fake device attack for stealing the biometric information and password.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
