On the security of Baruah et al.'s biometric-based multi-server authentication scheme using smart card

Abstract

In 2015, Baruah et al. proposed a biometric-based multi-server authentication scheme using smart card. Baruah et al. claimed that their proposed scheme is secure to various cryptographic attacks and can provide forward secrecy. However, this paper points out that Baruah et al.’s scheme not only is still vulnerable to identity guessing attack using stolen smart card and replay attack, but also cannot provide perfect forward secrecy unlike their claims. For this reason, Baruah et al.’s scheme is insecure for practical application.