Abstract—Password-based authentication schemes are convenient, but vulnerable to simple dictionary attacks. Cryptographic secret keys are safe, but difficult to memorize. Recently, biometric information has been used for authentication schemes because it is difficult to copy, share, forge, and distribute. In 2011, Das proposed a biometric-based authentication scheme, but it has various vulnerabilities such as replay attack, denial-of-service attack, user impersonation attack, and password change problem. To solve these problem, Jiping et al. improved Das’s scheme, but some vulnerabilities have remained still. In this paper, we analyze the cryptanalysis of Jiping et al. authentication scheme. So this paper shows that Jiping et al.’s scheme is vulnerable against server masquerading attack and stolen smart card attack. And also we show the possibility of authentication without login phase in Jiping et al.’s authentication scheme.
Index Terms—User authentication, biometric-base scheme,
client/server system, cryptanalysis on authentication scheme.
The authors are with the School of Information and Communication
Engineering, Sungkyunkwan University, Korea (e-mail:
yschoi@security.re.kr, dhlee@security.re.kr, jykim@security.re.kr,
jwjung@security.re.kr, dhwon@security.re.kr).
Cite: Younsung Choi, Donghoon Lee, Jiye Kim, Jaewook Jung, and Dongho Won, "Cryptanalysis of Improved Biometric-Based User Authentication Scheme for C/S System," International Journal of Information and Education Technology vol. 5, no. 7, pp. 538-542, 2015.