Design and Analysis of a Secure Three Factor User Authentication Scheme Using Biometric and Smart Card

TL;DR

This paper proposes a new three-factor remote user authentication scheme using biometric data and smart cards, addressing security flaws in existing systems and ensuring mutual authentication and session key agreement.

Contribution

The paper introduces a secure three-factor authentication scheme that overcomes security vulnerabilities of previous methods, providing mutual authentication and password recovery.

Findings

Scheme resists impersonation and masquerading attacks

Ensures mutual authentication and session key agreement

Provides password and smart card recovery features

Abstract

Password security can no longer provide enough security in the area of remote user authentication. Considering this security drawback, researchers are trying to find solution with multifactor remote user authentication system. Recently, three factor remote user authentication using biometric and smart card has drawn a considerable attention of the researchers. However, most of the current proposed schemes have security flaws. They are vulnerable to attacks like user impersonation attack, server masquerading attack, password guessing attack, insider attack, denial of service attack, forgery attack, etc. Also, most of them are unable to provide mutual authentication, session key agreement and password, or smart card recovery system. Considering these drawbacks, we propose a secure three factor user authentication scheme using biometric and smart card. Through security analysis, we show that our proposed scheme can overcome drawbacks of existing systems and ensure high security in remote user authentication.