1 / 14

A flexible biometrics remote user authentication scheme

A flexible biometrics remote user authentication scheme. Authors: Chu-Hsing Lin and Yi-Yi Lai. Sources: Computer Standards & Interfaces, 27(1),. pp.19-23, 2004. Adviser: Min-Shiang Hwang. Speaker: Chun-Ta Li ( 李俊達 ). Outline. Introduction The Lee-Ryu-Yoo scheme

aiko-stark
Download Presentation

A flexible biometrics remote user authentication scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A flexible biometrics remote user authentication scheme Authors:Chu-Hsing Lin and Yi-Yi Lai Sources:Computer Standards & Interfaces, 27(1), pp.19-23, 2004. Adviser:Min-Shiang Hwang Speaker:Chun-Ta Li (李俊達)

  2. Outline • Introduction • The Lee-Ryu-Yoo scheme • Cryptanalysis of the Lee-Ryu-Yoo scheme • The proposed scheme • Conclusions • Comments

  3. Introduction • Remote password authentication – [Lamport, 1981] • Insecure channel • User authentication (identity & password) • Remote password authentication scheme using smart cards – [Hwang and Li, 2000] • Based on ElGamal’s cryptosystem • Only one secret key without password table

  4. Introduction (cont.) • Biometrics remote user authentication scheme using smart cards – [Lee et al., 2002] • Based on ElGamal’s cryptosystem (two secret keys) • Smart card owner’s fingerprint • Minutiae extraction – [Bae et al., 2000] • Matching – [Ratha et al., 1996] • Lin and Lai point out their scheme is vulnerable to masquerade attack • Lin and Lai propose a flexible scheme (change password)

  5. The Lee-Ryu-Yoo scheme • Three phases in the Lee-Ryu-Yoo scheme • Registration phase (Ui offers IDi and fingerprint of Ui) • Login phase (Ui inserts smart card and offers IDi, PWi and fingerprint of Ui) – fingerprint verification[Jain et al. 1999] • Generate r using minutiae extracted from the imprint fingerprint • Compute C1 = (IDi)r mod P • Compute t = f(T⊕PWi) mod (P-1) • Compute M = (IDi)t mod P • Compute C2 = M(PWi)r mod P • Send the message C = (IDi, C1, C2, T) to the remote system Smart card:f(.), P and Ui’s fingerprint data Secure channel

  6. The Lee-Ryu-Yoo scheme (cont.) • Authentication phase • The system check the validity of IDi • If (T` ﹣T) > △T, rejects the login request • The system check the validity of equation as follows: C2(C1SK2)-1 mod P = (IDi)SK1*f(T⊕PWi) =M(PWi)r * (1/(IDir)SK2) mod P = (IDi)t(IDi) SK2*r * (1/IDi r*SK1*SK2) mod P = (IDi)SK1*f(T⊕PWi) * IDiSK1*SK2*r / IDi r*SK1*SK2 mod P ?

  7. Cryptanalysis of the Lee-Ryu-Yoo scheme • A legal user Ui (owns a pair of IDi and PWi ) • Ui wants to masquerade another pair of valid (IDd, PWd) without knowing the two secret keys SK1 and Sk2 • Ui computes IDd = IDiq mod P • Ui computes PWd = (IDd)SK1*SK2mod P = (IDiq mod P)SK1*SK2 mod P = (IDiq)SK1*SK2 mod P = (IDiSK1*SK2 mod P)q mod P = (PWi)q mod P

  8. The proposed scheme • Three phases in Lin-Lai scheme • Registration phase (Ui offers IDi, PWi and fingerprint of Ui) • Compute PWi` = h(PWi⊕Si), where Si denotes Ui’s minutiae template • Compute Yi = (IDiXs mod P) ⊕ PWi`, where Xs denotes the secret key kept securely in the system • Login phase(Ui inserts smart card, imprint the fingerprint and offers PWi) – fingerprint verification [Jain et al. 1999] Smart card:h(.), P, Yi, Si and IDi

  9. The proposed scheme (cont.) • Login phase • Generate r using minutiae extracted from the imprint fingerprint • Compute PWi”= h(PWi ⊕Si) mod P • Compute Yi` = Yi⊕PWi” • Compute C1 = (IDi)r mod P • Compute M = h(Yi` ⊕ T) mod P • Compute C2 = M(Yi`)r mod P • Send the message C = (IDi, C1, C2, T) to the remote system

  10. The proposed scheme (cont.) • Authentication phase • The system check the validity of IDi • If (T` ﹣T) > △T, rejects the login request • The system check the validity of equation as follows: C2(C1Xs)-1 mod P = h((IDiXs mod P) ⊕ T) mod P ? = h(Yi ⊕h(PWi⊕Si) ⊕ T)*(Yi ⊕h(PWi⊕Si))r *(1/(IDi)rXs)mod P = h(((IDiXs mod P)⊕h(PWi⊕Si))⊕h(PWi⊕Si)⊕T)*(((IDiXs mod P)⊕h(PWi⊕Si))⊕h(PWi⊕Si))r /(IDi)rXsmod P

  11. The proposed scheme (cont.) • Change password (Ui imprint his fingerprint, pass fingerprint verification, inputs old password PWi and the new password PWi*) • Compute PWi” = h(PWi ⊕Si) mod P • Compute Yi`= Yi ⊕ PWi” = IDiXs mod P • Compute new Yi* = Yi` ⊕ h(PWi* ⊕ Si) • Replace the old Yi with the new Yi* on the smart card

  12. Conclusions • Presented a cryptanalysis of the Lee-Ryu-Yoo scheme • Proposed an improved and flexible scheme that allows user to change their password • Needs only to maintain one secret key, without password tables and identity tables

  13. Comments • Biometric key password-based authentication fingerprint-based authentication

  14. Comments (cont.) • Biometric-based security applications • Internet • Distributed network • Mobile network • … • Key authentication • Conference key • Key hierarchy • E-Voting • … Biometric characteristics Information security Network environments

More Related