More efficient key-hash based fingerprint remote authentication scheme using mobile device

Today, the world is taking large leaps of progress in technology. The technology is turning the vision of achieving transparency, speed, accuracy, authenticity, friendliness and security in various services and access control mechanisms, into reality. Consequently, new and newer ideas are coming forth by researchers throughout the world. Khan et al. (Chaos Solitons Fractals 35(3):519-524, 2008) proposed remote user authentication scheme with mobile device, using hash-function and fingerprint biometric. In 2012, Chen et al. pointed out forged login attack through loss of mobile device on Khan et al.'s scheme and subsequently proposed a scheme to improve on this drawback. Truong et al. (Proceedings of 26th IEEE International Conference on Advanced Information Networking and Applications, pp 678-685, 2012) demonstrated that in Chen et al.'s scheme, an adversary can successfully replay an intercepted login request. They also showed that how an adversary can make fool of both the participants of Chen et al.'s protocol by taking advantage of the fact that the user is not anonymous in scheme. Further, they proposed an improvement to Chen et al.'s scheme to cut off its problems. Through this paper, we show that Chen et al.'s scheme has some other drawbacks too and the improvement proposed by Truong et al. is still insecure and vulnerable. We also propose an improved scheme which overcomes the flaws and inherits the goodness of both the schemes, Chen et al.'s scheme and Truong et al.'s scheme.