Improved Biometric-Based Mutual Authentication and Key Agreement Scheme Using ECC

Recently, biometric based authentication scheme gains popularity due to its high security, integrity, and authenticity properties. In the recent past, Qi et al. improved Chaudhry et al.’s scheme, which is susceptible to the DoS attack and fails to achieve perfect forward secrecy. In this paper, we analyze Qi et al.’s biometric based authentication scheme and show that the scheme cannot withstand key compromise impersonation attack, offline password guessing attack, and known session-specific temporary information attack. We proposed an improved biometric based authentication scheme using Elliptic Curve Cryptography (ECC) with more security functionalities. Further, we prove the mutual authentication and session key security of the proposed scheme using Burrows–Abadi–Needham (BAN) logic and Random Oracle Model (ROM). Moreover, the security analysis endorses that the proposed scheme is robust enough to provide protection against all well known attacks. The simulation results using the AVISPA tool show that the proposed scheme is secure and achieves its goal.