Cryptanalysis of Cryptanalysis and Improvement of Yan et al Biometric-Based Authentication Scheme for TMIS

TL;DR

This paper critically analyzes Yan et al.'s biometric authentication scheme for TMIS, revealing vulnerabilities in Dheerendra et al.'s improvements and demonstrating the scheme's susceptibility to offline identity guessing attacks.

Contribution

The paper provides a detailed cryptanalysis of the improved scheme, exposing security flaws and highlighting the need for more robust biometric authentication methods in TMIS.

Findings

Dheerendra et al.'s scheme is vulnerable to offline identity guessing attacks.

Successful attacks enable major cryptographic exploits.

The analysis underscores the importance of rigorous security evaluation.

Abstract

Remote user authentication is critical requirement in Telecare Medicine Information System (TMIS) to protect the patient personal details, security and integrity of the critical medical records of the patient as the patient data is transmitted over insecure public communication channel called Internet. In 2013, Yan proposed a biometric based remote user authentication scheme and claimed that his scheme is secure. Recently, Dheerendra et al. demonstrated some drawbacks in Yan et al scheme and proposed an improved scheme to erase the drawbacks of Yan et al scheme. We analyze Dheerendra et al scheme and identify that their scheme is vulnerable to off-line identity guessing attack, and on successfully mounting it, the attacker can perfom all major cryptographic attacks.