Security Weaknesses and Improvements of a Fingerprint-based Remote User Authentication Scheme Using Smart Cards

Abstract Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2006, Khan et al.[12] proposed an improved fingerprint-based remote user authentication scheme using smart cards that is achieved mutual authentication between the user and the server, while eliminating the drawback of Lee et al.’s scheme[9]. Later, in 2008, Xu et al.[13] pointed out that Khan et al.’s scheme cannot withstand the parallel session attack and the impersonation attack. In this paper, we also analyze the security weaknesses of Khan et al.'s scheme, and we have shown that Khan et al.’s scheme is still vulnerable to the forgery attack, the off-line password guessing attack, the parallel session attack, and the insider attack. And, we propose the improved scheme to overcome these security weaknesses, while preserving all their merits, even if the secret information stored in the smart card is revealed.