Title :
On the security of ID-based password authentication scheme using smart cards and fingerprints
Author :
Chu-Hsing Lin; Tri-Show Lin; Hsiu-Hsia Lin; Yi-Yi Lai
Author_Institution :
Dept. of Comput. Sci. & Inf. Eng., Tunghai Univ., Taichung, Taiwan
fDate :
6/27/1905 12:00:00 AM
Abstract :
In 2003 (ACM Operating Systems Review, Vol.37), Kim, Lee and Yoo proposed an ID-based password authentication scheme for log-on to a remote server using smart card, password and fingerprint. In this paper, we show that the KLY protocol is vulnerable to an active adversary who can extract some information embedded in the smart card by using existing smart cards attack methods. By getting the information and eavesdropping the previous login messages of a legal user, an attacker without any password or fingerprint can successfully forge the legal user to obtain services from the system. In this case, the protocol is not sufficient for systems with high level security requirements.
Keywords :
"Authentication","Smart cards","Fingerprint recognition","Law","Legal factors","Information security","Protocols","Data mining","Synchronization","Clocks"
Conference_Titel :
Information Technology: Research and Education, 2005. ITRE 2005. 3rd International Conference on
Print_ISBN :
0-7803-8932-8
DOI :
10.1109/ITRE.2005.1503110
