Security Enhancement of Biometric-Based Authentication Systems Using Smart Card

Remote authentication has been extensively studied over the past few decades, with password-based authentication being a common approach since Lamport's 1981 proposal of a password-based remote authentication scheme. Despite numerous advancements, including the introduction of biometric and smart card-based schemes by Li and Hwang, as well as Chen et al.'s claims of robustness against various attacks, these protocols continue to exhibit vulnerabilities. These weaknesses include susceptibility to attacks such as replay, man-in-the-middle, user impersonation, and offline password guessing, among others. In this study, we conduct a comprehensive analysis of several existing biometric-based authentication protocols, identifying critical vulnerabilities and areas for improvement. To address these issues, we propose a novel authentication protocol that leverages the biometrics of mobile devices. Our protocol incorporates a collision-free one-way hash function to enhance security. We conduct a thorough security analysis of the proposed protocol using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, alongside both formal and informal security evaluations. The results of these analyses indicate that our proposed scheme significantly improves security by effectively mitigating common attacks that have compromised previous protocols. Additionally, our protocol demonstrates superior computational efficiency, making it practical for real-world applications. By addressing the security flaws inherent in existing protocols and optimizing for performance, our scheme provides a robust and efficient solution for secure remote authentication using mobile device biometrics.