Trends in Remote User Authentication Based on Smart Card and External Memory

1. Introduction

Recently, authentication has increasingly becomes an important issue. In several applications, such as web-based applications, it is extremely important to verify the identity of a user about what the user claims to be. This can be shown in Fig 1. The conventional method of using passwords and pins has increasingly suffered from threats like forgotten or easily guessed passwords (Karthi and Azhilarasan, 2013). Therefore, there has been an excessive research on alternative methods.

Figure 1.

User Authentication Scheme for remote user environment (Karuppiah, 2016)

Cryptographic systems have been commonly adopted to secure information (Zheng and Zhan, 2006). Whether a symmetric cipher system or a public-key system, its security depends on the secrecy of the secret or private key.

Cryptography, the art of code-marking, has a long and distinguished history of military and diplomatic applications, dating back to ancient civilizations in Mesopotamia, Egypt, India and China (Lo and Zhao, 2008). Moreover, in recent years cryptography has widespread applications in civilian applications such as electronic commerce and electronic businesses. Each time we go on-line to access our banking or credit card data, we should be deeply concerned with our data security.

Different types and configurations of computers are used by millions of people for many purposes such as banking, shopping, military activities and student records processing. These Computers communicate with each other mostly in an ad-hoc network. As such authentication and privacy is a critical issue in many of these web based applications. That is, how does it make sure that unauthorized parties cannot read or modify messages/data?

Cryptographic algorithms play a major role for user data security. As the complexity of algorithm is high the risk of breaking the original plaintext from that of cipher text is less. Greater complexity means greater security. There are three types of cryptographic algorithms: symmetric key algorithm, asymmetric key algorithm and hash function.

There are also biometric cryptosystems that combine biometrics with cryptographic security are known as Biometric cryptosystems, or Crypto-biometric systems (Uludag, 2004). They are biometric template protection techniques that either create a digital key from a biometric or map a digital key to the biometric. Most of the Biometric Cryptosystems need biometric dependent public information, which is used to retrieve or generate keys, which is referred to as helper data. The Helper Data does not reveal any information about the original template but needed for the reconstruction of the digital keys (Karthi and Azhilarasan, 2013).

Research works on remote user authentication schemes with smart card and external memory started since 1990s. These research works are divided into two namely: password-based and biometric based schemes. These divisions can be further categorized into single server and multi-server schemes. Biometric based research works started 2002. Latest research works on both password-based and biometric based are discussed in the following sub-sections of this section.