Cryptanalysis of a Multi-factor Biometric-Based Remote Authentication Scheme

摘要

Since the birth of the Internet technology, many remote user authentication protocols have been designed and developed so that secure communication between a user and a server is possible over an insecure channel. One of the first smart card-based biometric authentication schemes is known as the Li-Hwang protocol. Many researchers have found vulnerabilities and attempted to improve its security. Even if that is the case, this research still finds several weaknesses in the latest protocol proposed by Park et al. The vulnerabilities found in this research include an attack on the integrity of a protocol message, the possibility of a replay attack and the lack of proof of message authenticity.