Cryptanalysis And Further Improvement Of A Biometric-Based Remote User Authentication Scheme Using Smart Cards

TL;DR

This paper critically analyzes a biometric-based remote user authentication scheme, revealing security weaknesses, and proposes an improved version that ensures proper authentication and secure session key establishment.

Contribution

It identifies security flaws in Li et al.'s scheme and introduces an enhanced scheme that guarantees authentication and secure session key generation.

Findings

Li et al.'s scheme has security vulnerabilities.

The improved scheme ensures proper authentication.

It successfully establishes a session key after authentication.

Abstract

Recently, Li et al. proposed a secure biometric-based remote user authentication scheme using smart cards to withstand the security flaws of Li-Hwang's efficient biometric-based remote user authentication scheme using smart cards. Li et al.'s scheme is based on biometrics verification, smart card and one-way hash function, and it also uses the random nonce rather than a synchronized clock, and thus it is efficient in computational cost and more secure than Li-Hwang's scheme. Unfortunately, in this paper we show that Li et al.'s scheme still has some security weaknesses in their design. In order to withstand those weaknesses in their scheme, we further propose an improvement of their scheme so that the improved scheme always provides proper authentication and as a result, it establishes a session key between the user and the server at the end of successful user authentication.