Improvement of a Fingerprint-Based Remote User Authentication Scheme

Authors:
Jing Xu;Wen-Tao Zhu;Deng-Guo Feng
Affiliations:
-;-;-
Venue:
ISA '08 Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)
Year:
2008

Citing 0
Cited 1

An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics

Expert Systems with Applications: An International Journal

Quantified Score

Hi-index	0.01

Visualization

Abstract

Password authentication has been adopted as one of the most commonly used solutions in network environments to protect resources from unauthorized access. Recently, Khan et al. proposed an efficient fingerprint-based remote user authentication scheme with smart cards, in which a password/verification table is not required on the remote server, and users are allowed to choose and update their passwords freely. In this paper, we show that their scheme is vulnerable to the parallel session attack. Furthermore, their scheme is susceptible to the impersonation attack provided that the information stored in the smart card is disclosed by an adversary. We also propose an improved scheme which is immune to the presented attacks.