Improvement of a Fingerprint-Based Remote User Authentication Scheme

Password authentication has been adopted as one of the most commonly used solutions in network environments to protect resources from unauthorized access. Recently, Khan et al. proposed an efficient fingerprint-based remote user authentication scheme with smart cards, in which a password/verification table is not required on the remote server, and users are allowed to choose and update their passwords freely. In this paper, the authors show that their scheme is vulnerable to the parallel session attack. Furthermore, their scheme is susceptible to the impersonation attack provided that the information stored in the smart card is disclosed by an adversary. They also propose an improved scheme which is immune to the presented attacks.