Nothing Special   »   [go: up one dir, main page]

Skip to main content

On the Rila-Mitchell Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards

  • Conference paper
Computational Science and Its Applications – ICCSA 2005 (ICCSA 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3483))

Included in the following conference series:

  • 1657 Accesses

Abstract

We consider the security of the Rila-Mitchell security protocols recently proposed for biometrics-based smartcard systems. We first present a man-in-the-middle (MITM) attack on one of these protocols and hence show that it fails to achieve mutual authentication between the smartcard and smartcard reader. In particular, a hostile smartcard can trick the reader into believing that it is a legitimate card and vice versa. We also discuss security cautions that if not handled carefully would lead to attacks. We further suggest countermeasures to strengthen the protocols against our attacks, as well as to guard against the cautions highlighted. Our emphasis here is that seemingly secure protocols when implemented with poor choices of parameters would lead to attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M.: Explicit Communication Revisited: Two New Attacks on Authentication Protocols. IEEE Transactions on Software Engineering 23(3), 185–186 (1997)

    Article  MathSciNet  Google Scholar 

  2. Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat-Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)

    Google Scholar 

  3. Ferguson, N., Schneier, B.: Practical Cryptography. Wiley Publishing, Indiana (2003)

    Google Scholar 

  4. ISO/IEC. Information Technology - Security Techniques (Entity Authentication Mechanisms Part 2: Entity authentication using symmetric techniques) (1993)

    Google Scholar 

  5. Lowe, G.: An attack on the Needham-Schroeder public-key protocol. Information Processing Letters 56, 131–133 (1995)

    Article  MATH  Google Scholar 

  6. Rila, L., Mitchell, C.J.: Security Analysis of Smartcard to Card Reader Communications for Biometric Cardholder Authentication. In: 5th Smart Card Research and Advanced Application Conference (CARDIS 2002), USENIX, pp. 19–28 (2002)

    Google Scholar 

  7. Rila, L., Mitchell, C.J.: Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 254–264. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edn. John Wiley & Sons, New York (1996)

    MATH  Google Scholar 

  9. Stinson, D.R.: Cryptography: Theory and Practice, 2nd edn. Chapman & Hall/CRC, Florida (2002)

    Google Scholar 

  10. Syverson, P.: A Taxonomy of Replay Attacks. In: 7th IEEE Computer Security Foundations Workshop, pp. 131–136 (1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Phan, R.C.W., Goi, BM. (2005). On the Rila-Mitchell Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3483. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424925_111

Download citation

  • DOI: https://doi.org/10.1007/11424925_111

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25863-6

  • Online ISBN: 978-3-540-32309-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics