Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

On the Rila-Mitchell Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards

  • Conference paper
Computational Science and Its Applications – ICCSA 2005 (ICCSA 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3480))

Included in the following conference series:

  • 944 Accesses

Abstract

We consider the security of the Rila-Mitchell security protocols recently proposed for biometrics-based smartcard systems. We first present a man-in-the-middle (MITM) attack on one of these protocols and hence show that it fails to achieve mutual authentication between the smartcard and smartcard reader. In particular, a hostile smartcard can trick the reader into believing that it is a legitimate card and vice versa. We also discuss security cautions that if not handled carefully would lead to attacks. We further suggest countermeasures to strengthen the protocols against our attacks, as well as to guard against the cautions highlighted. Our emphasis here is that seemingly secure protocols when implemented with poor choices of parameters would lead to attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M.: Explicit Communication Revisited: Two New Attacks on Authentication Protocols. IEEE Transactions on Software Engineering 23(3), 185–186 (1997)

    Article  MathSciNet  Google Scholar 

  2. Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat-Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)

    Google Scholar 

  3. Ferguson, N., Schneier, B.: Practical Cryptography. Wiley Publishing, Indiana (2003)

    Google Scholar 

  4. ISO/IEC. Information Technology - Security Techniques ( Entity Authentication Mechanisms Part 2: Entity authentication using symmetric techniques (1993)

    Google Scholar 

  5. Lowe, G.: An attack on the Needham-Schroeder public-key protocol. Information Processing Letters 56, 131–133 (1995)

    Article  MATH  Google Scholar 

  6. Rila, L., Mitchell, C.J.: Security Analysis of Smartcard to Card Reader Communications for Biometric Cardholder Authentication. In: 5th Smart Card Research and Advanced Application Conference (CARDIS 2002), USENIX, pp. 19–28 (2002)

    Google Scholar 

  7. Rila, L., Mitchell, C.J.: Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 254–264. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edn. John Wiley & Sons, New York (1996)

    MATH  Google Scholar 

  9. Stinson, D.R.: Cryptography: Theory and Practice, 2nd edn. Chapman & Hall/CRC, Florida (2002)

    Google Scholar 

  10. Syverson, P.: A Taxonomy of Replay Attacks. In: 7th IEEE Computer Security Foundations Workshop, pp. 131–136 (1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Research (iSECURES) Lab, Swinburne Sarawak Institute of Technology, 93576, Kuching, Malaysia

    Raphael C. -W. Phan

  2. Multimedia University, 63100, Cyberjaya, Malaysia

    Bok-Min Goi

Authors
  1. Raphael C. -W. Phan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bok-Min Goi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W, T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, P.O. Box, I-06123, Perugia, Italy

    Antonio Laganà

  5. Institute of High Performance Computing, IHCP, 1 Science Park Road, 01-01 The Capricorn, Singapore Science Park II, 117528, Singapore

    Heow Pueh Lee

  6. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  7. Clayton School of IT, Monash University, 3800, Clayton, Australia

    David Taniar

  8. OptimaNumerics Ltd, P.O. Box, Belfast, United Kingdom

    Chih Jeng Kenneth Tan

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Phan, R.C.W., Goi, BM. (2005). On the Rila-Mitchell Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3480. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424758_51

Download citation

  • DOI: https://doi.org/10.1007/11424758_51

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25860-5

  • Online ISBN: 978-3-540-32043-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation