A new fingerprint-based remote user authentication scheme using mobile devices

Abstract

Recently, Khan et al. proposed an efficient and practical chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Unfortunately, Yoon-Yoo demonstrated that Khan et al.'s scheme was vulnerable to a privileged insider attack and an impersonation attack by using lost or stolen mobile devices. To isolate such problems, Yoon-Yoo proposed an improvement to Khan et al.'s scheme. However, the two authentication schemes required synchronized clocks between the user and the remote system server because of using timestamps in authentication process. Actually, it is fairly complicated to achieve time concurrency mechanism; and network environment and transmission delay is unpredictable, so some drawbacks exist in their scheme. To overcome those weaknesses, a new fingerprint-based remote user authentication scheme using mobile devices is proposed. The proposed scheme can safely achieve mutual authentication between the users and the remote system. Compared with other related schemes, the proposed scheme not only is secure and efficient but also can provide good characteristics. Hence, our proposed scheme can be easily realized in the practical environment.