By Topic

On the security of ID-based password authentication scheme using smart cards and fingerprints

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Chu-Hsing Lin ; Dept. of Comput. Sci. & Inf. Eng., Tunghai Univ., Taichung, Taiwan ; Tri-Show Lin ; Hsiu-Hsia Lin ; Yi-Yi Lai

In 2003 (ACM Operating Systems Review, Vol.37), Kim, Lee and Yoo proposed an ID-based password authentication scheme for log-on to a remote server using smart card, password and fingerprint. In this paper, we show that the KLY protocol is vulnerable to an active adversary who can extract some information embedded in the smart card by using existing smart cards attack methods. By getting the information and eavesdropping the previous login messages of a legal user, an attacker without any password or fingerprint can successfully forge the legal user to obtain services from the system. In this case, the protocol is not sufficient for systems with high level security requirements.

Published in:

Information Technology: Research and Education, 2005. ITRE 2005. 3rd International Conference on

Date of Conference:

27-30 June 2005