Abstract
We consider the security of the Rila-Mitchell security protocols recently proposed for biometrics-based smartcard systems. We first present a man-in-the-middle (MITM) attack on one of these protocols and hence show that it fails to achieve mutual authentication between the smartcard and smartcard reader. In particular, a hostile smartcard can trick the reader into believing that it is a legitimate card and vice versa. We also discuss security cautions that if not handled carefully would lead to attacks. We further suggest countermeasures to strengthen the protocols against our attacks, as well as to guard against the cautions highlighted. Our emphasis here is that seemingly secure protocols when implemented with poor choices of parameters would lead to attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abadi, M.: Explicit Communication Revisited: Two New Attacks on Authentication Protocols. IEEE Transactions on Software Engineering 23(3), 185–186 (1997)
Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat-Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)
Ferguson, N., Schneier, B.: Practical Cryptography. Wiley Publishing, Indiana (2003)
ISO/IEC. Information Technology - Security Techniques (Entity Authentication Mechanisms Part 2: Entity authentication using symmetric techniques) (1993)
Lowe, G.: An attack on the Needham-Schroeder public-key protocol. Information Processing Letters 56, 131–133 (1995)
Rila, L., Mitchell, C.J.: Security Analysis of Smartcard to Card Reader Communications for Biometric Cardholder Authentication. In: 5th Smart Card Research and Advanced Application Conference (CARDIS 2002), USENIX, pp. 19–28 (2002)
Rila, L., Mitchell, C.J.: Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 254–264. Springer, Heidelberg (2003)
Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edn. John Wiley & Sons, New York (1996)
Stinson, D.R.: Cryptography: Theory and Practice, 2nd edn. Chapman & Hall/CRC, Florida (2002)
Syverson, P.: A Taxonomy of Replay Attacks. In: 7th IEEE Computer Security Foundations Workshop, pp. 131–136 (1994)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Phan, R.C.W., Goi, BM. (2005). On the Rila-Mitchell Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3483. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424925_111
Download citation
DOI: https://doi.org/10.1007/11424925_111
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25863-6
Online ISBN: 978-3-540-32309-9
eBook Packages: Computer ScienceComputer Science (R0)