Presentation is loading. Please wait.

Presentation is loading. Please wait.

A flexible biometrics remote user authentication scheme Authors: Chu-Hsing Lin and Yi-Yi Lai Sources: Computer Standards & Interfaces, 27(1), pp.19-23,

Published byMorris Walters Modified over 8 years ago

Similar presentations

Presentation on theme: "A flexible biometrics remote user authentication scheme Authors: Chu-Hsing Lin and Yi-Yi Lai Sources: Computer Standards & Interfaces, 27(1), pp.19-23,"— Presentation transcript:

1 A flexible biometrics remote user authentication scheme Authors: Chu-Hsing Lin and Yi-Yi Lai Sources: Computer Standards & Interfaces, 27(1), pp.19-23, 2004. Adviser: Min-Shiang Hwang Speaker: Chun-Ta Li ( 李俊達 )

2 2 Outline IntroductionIntroduction The Lee-Ryu-Yoo schemeThe Lee-Ryu-Yoo scheme Cryptanalysis of the Lee-Ryu-Yoo schemeCryptanalysis of the Lee-Ryu-Yoo scheme The proposed schemeThe proposed scheme ConclusionsConclusions CommentsComments

3 3 Introduction Remote password authentication – [Lamport, 1981]Remote password authentication – [Lamport, 1981] –Insecure channel –User authentication (identity & password) Remote password authentication scheme using smart cards – [Hwang and Li, 2000]Remote password authentication scheme using smart cards – [Hwang and Li, 2000] –Based on ElGamal’s cryptosystem –Only one secret key without password table

4 4 Introduction (cont.) Biometrics remote user authentication scheme using smart cards – [Lee et al., 2002]Biometrics remote user authentication scheme using smart cards – [Lee et al., 2002] –Based on ElGamal’s cryptosystem (two secret keys) –Smart card owner’s fingerprint Minutiae extraction – [Bae et al., 2000]Minutiae extraction – [Bae et al., 2000] Matching – [Ratha et al., 1996]Matching – [Ratha et al., 1996] Lin and Lai point out their scheme is vulnerable to masquerade attackLin and Lai point out their scheme is vulnerable to masquerade attack Lin and Lai propose a flexible scheme (change password)Lin and Lai propose a flexible scheme (change password)

5 5 The Lee-Ryu-Yoo scheme Three phases in the Lee-Ryu-Yoo schemeThree phases in the Lee-Ryu-Yoo scheme –Registration phase (U i offers ID i and fingerprint of U i ) –Login phase (U i inserts smart card and offers ID i, PW i and fingerprint of U i ) – fingerprint verification [Jain et al. 1999] 1.Generate r using minutiae extracted from the imprint fingerprint 2.Compute C 1 = (ID i ) r mod P 3.Compute t = f(T ⊕ PW i ) mod (P-1) 4.Compute M = (ID i ) t mod P 5.Compute C 2 = M(PW i ) r mod P 6.Send the message C = (ID i, C 1, C 2, T) to the remote system Smart card: Smart card: f(.), P and U i ’s fingerprint data Secure channel

6 6 The Lee-Ryu-Yoo scheme (cont.) –Authentication phase 1.The system check the validity of ID i 2.If (T` ﹣ T) > △ T, rejects the login request 3.The system check the validity of equation as follows: C 2 (C 1 SK2 ) -1 mod P = (ID i ) SK1*f(T ⊕ PW i ) C 2 (C 1 SK2 ) -1 mod P = (ID i ) SK1*f(T ⊕ PW i ) = M(PW i ) r * (1/(ID i r ) SK2 ) mod P = M(PW i ) r * (1/(ID i r ) SK2 ) mod P = (ID i ) t (ID i ) SK2*r * (1/ID i r*SK1*SK2 ) mod P = (ID i ) t (ID i ) SK2*r * (1/ID i r*SK1*SK2 ) mod P = (ID i ) SK1*f(T ⊕ PW i ) * ID i SK1*SK2*r / ID i r*SK1*SK2 mod P = (ID i ) SK1*f(T ⊕ PW i ) * ID i SK1*SK2*r / ID i r*SK1*SK2 mod P ?

7 7 Cryptanalysis of the Lee-Ryu-Yoo scheme A legal user U i (owns a pair of ID i and PW i )A legal user U i (owns a pair of ID i and PW i ) U i wants to masquerade another pair of valid (ID d, PW d ) without knowing the two secret keys SK1 and Sk2U i wants to masquerade another pair of valid (ID d, PW d ) without knowing the two secret keys SK1 and Sk2 –U i computes ID d = ID i q mod P –U i computes PW d = (ID d ) SK1*SK2 mod P = (ID i q mod P) SK1*SK2 mod P = (ID i q mod P) SK1*SK2 mod P = (ID i q ) SK1*SK2 mod P = (ID i q ) SK1*SK2 mod P = (ID i SK1*SK2 mod P) q mod P = (ID i SK1*SK2 mod P) q mod P = (PW i ) q mod P = (PW i ) q mod P

8 8 The proposed scheme Three phases in Lin-Lai schemeThree phases in Lin-Lai scheme –Registration phase (U i offers ID i, PW i and fingerprint of U i ) 1.Compute PW i ` = h(PW i ⊕ S i ), where S i denotes U i ’s minutiae template 2.Compute Y i = (ID i Xs mod P) ⊕ PW i `, where Xs denotes the secret key kept securely in the system −Login phase (U i inserts smart card, imprint the fingerprint and offers PW i ) – fingerprint verification [Jain et al. 1999] Smart card Smart card: h(.), P, Y i, S i and ID i

9 9 The proposed scheme (cont.) –Login phase 1.Generate r using minutiae extracted from the imprint fingerprint 2.Compute PW i ” = h(PW i ⊕ S i ) mod P 3.Compute Y i ` = Y i ⊕ PW i ” 4.Compute C 1 = (ID i ) r mod P 5.Compute M = h(Y i ` ⊕ T) mod P 6.Compute C 2 = M(Y i `) r mod P 7.Send the message C = (ID i, C 1, C 2, T) to the remote system

10 10 The proposed scheme (cont.) –Authentication phase 1.The system check the validity of ID i 2.If (T` ﹣ T) > △ T, rejects the login request 3.The system check the validity of equation as follows: C 2 (C 1 Xs ) -1 mod P = h((ID i Xs mod P) ⊕ T) mod P C 2 (C 1 Xs ) -1 mod P = h((ID i Xs mod P) ⊕ T) mod P ? h(Y i ⊕ h(PW i ⊕ S i ) ⊕ T)*(Y i ⊕ h(PW i ⊕ S i )) r * (1/(ID i ) rXs ) mod P = h(Y i ⊕ h(PW i ⊕ S i ) ⊕ T)*(Y i ⊕ h(PW i ⊕ S i )) r * (1/(ID i ) rXs ) mod P h(((ID i Xs mod P) ⊕ h(PW i ⊕ S i )) ⊕ h(PW i ⊕ S i ) ⊕ T)*(((ID i Xs mod P) ⊕ h(PW i ⊕ S i )) ⊕ h(PW i ⊕ S i )) r /(ID i ) rXs mod P = h(((ID i Xs mod P) ⊕ h(PW i ⊕ S i )) ⊕ h(PW i ⊕ S i ) ⊕ T)*(((ID i Xs mod P) ⊕ h(PW i ⊕ S i )) ⊕ h(PW i ⊕ S i )) r /(ID i ) rXs mod P

11 11 The proposed scheme (cont.) –Change password (U i imprint his fingerprint, pass fingerprint verification, inputs old password PW i and the new password PW i *) 1.Compute PW i ” = h(PW i ⊕ S i ) mod P 2.Compute Y i ` = Y i ⊕ PW i ” = ID i Xs mod P 3.Compute new Y i * = Y i ` ⊕ h(PW i * ⊕ S i ) 4.Replace the old Y i with the new Y i * on the smart card

12 12 Conclusions Presented a cryptanalysis of the Lee-Ryu- Yoo schemePresented a cryptanalysis of the Lee-Ryu- Yoo scheme Proposed an improved and flexible scheme that allows user to change their passwordProposed an improved and flexible scheme that allows user to change their password Needs only to maintain one secret key, without password tables and identity tablesNeeds only to maintain one secret key, without password tables and identity tables

13 13 Comments Biometric keyBiometric key password-based authentication fingerprint-based authentication

14 14 Comments (cont.) Biometric-based security applicationsBiometric-based security applications Biometric characteristics Network environments Information security Key authentication Key authentication Conference key Conference key Key hierarchy Key hierarchy E-Voting E-Voting … Internet Internet Distributed network Distributed network Mobile network Mobile network …

Download ppt "A flexible biometrics remote user authentication scheme Authors: Chu-Hsing Lin and Yi-Yi Lai Sources: Computer Standards & Interfaces, 27(1), pp.19-23,"

Similar presentations

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.

An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟.

Computer and Information Security 期末報告 學號 姓名 莊玉麟.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,

A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
1 A secure broadcasting cryptosystem and its application to grid computing Eun-Jun Yoon, Kee-Young Yoo Future Generation Computer Systems (2010),doi:10.1016/j.future.2010.09.012.

1 A secure broadcasting cryptosystem and its application to grid computing Eun-Jun Yoon, Kee-Young Yoo Future Generation Computer Systems (2010),doi: /j.future
1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.
90321011 孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : 2003.11.26 in Computers & Security.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.
1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.

1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.
1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From : ePrint (August 2005) Author : Junghyun Nam, Seungjoo.

1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From : ePrint (August 2005) Author : Junghyun Nam, Seungjoo.
多媒體網路安全實驗室 A Strong User Authentication Framework for Cloud Computing Date : 2012.08.10 Reporter : Hong Ji Wei Authors : Amlan Jyoti Choudhury, Mangal.

多媒體網路安全實驗室 A Strong User Authentication Framework for Cloud Computing Date : Reporter : Hong Ji Wei Authors : Amlan Jyoti Choudhury, Mangal.
1 Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards Authors: W.C Ku, S.T. Chang,and M.H. Chiang Source: Electronics.

1 Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards Authors: W.C Ku, S.T. Chang,and M.H. Chiang Source: Electronics.

Similar presentations

Ads by Google