Privacy Preserving Biometric-Based User Authentication Protocol Using Smart Cards

How to provide both security and privacy in communication networks has been an important issue for ubiquitous computing. Especially, user authentication in the current IT services has become one of important security issues. However, the security weaknesses in the user authentication have been exposed seriously due to the careless secret related information management and the sophisticated attack techniques. Recently, an enhanced biometric-based user authentication protocol is proposed by An, which uses three factors, password, smart card and biometrics. However, this paper shows that An's protocol has weaknesses in the password guessing attack and the lack of privacy support if an attacker could get user's smart card, could read on it and could intercept session messages between user and server. Furthermore, this paper proposes a privacy preserving biometric-based user authentication protocol using smart card, which could solve the overall problems in An's protocol and even put privacy considerations on it. The overall security analyses show that the proposed protocol achieves the desired security goals