an efficient biometrics-based remote user authentication scheme using smart cards
TRANSCRIPT
An efficient biometrics-based remote user authentication scheme using smart cards
Source: Journal of Network and Computer Applications, Vol. 33, No. 1, pp. 1-5, January 2010
Authors: Chun-Ta Li and Min-Shiang Hwang
Reporter: Ya-Chieh Huang
Date: 2009/11/05
2
Introduction
♥
3
The proposed protocol (1/5)
The protocol is divided into three phases: Registration Phase Login Phase Authentication Phase
Two participants: User (U) Server (S)
U User
S Server
ID Identity of user
PW Password generated by user (U)
B Biometric template of the user
h( . ) One-way hash function
XS A secret information maintained by the server
|| Concatenation of messages
⊕ XOR operation4
The proposed protocol (2/5)
Notations
5
The proposed protocol (3/5)Registration Phase
U
rXIDhe
fPWhr
Bhf
S
)(
)||(
)( Computes
},),(,{ cardsmart efhID
PWBID ,,
S
6
The proposed protocol (4/5)Login Phase
U S
U
S
R
XIDhre
fPWhr
PW
fBh
B
random Selects
)('
)||( Computes
Inputs
)( Verifies
inputs and cardsmart theInserts?
US RXIDhID )(,
7
The proposed protocol (5/5)Authentication Phase
U S
S
UUS
S
R
RARXIDh
XIDhA
random Selects
)(
)( Computes
SSUUS RXIDhRRXIDhh )(),||)((
SSSS
UUS
RXIDhRXIDh
RRXIDhh
)()( Computes
)||)(( Verifies
)||)(( SS RRXIDhh S
)||)(( Verifies SSS RRXIDhh
Change password
8
U
)||()(
)('
)||( Computes
Inputs
)( Verifies
inputs and cardsmart theInserts?
fPWhXIDhe
XIDhre
fPWhr
PW
fBh
B
newSnew
S
9
Comparisons
Lee–Chiu (2005) Khan et al. (2008) Our scheme
Registration phase 2H + 1E 2H 3H
Login phase 2H + 1E 2H 2H
Authentication phase 2H 5H 5H
Change password Yes Yes Yes
Mutual authentication No Yes Yes
Synchronized clocks Yes Yes No
Non-repudiation No Yes Yes
10
Conclusions
Non-repudiation
Low computation costs
Without synchronized clocks
Mutual authentication
Freely change password