Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data

Recently, to achieve privacy protection using biometrics, Fan and Lin proposed a three-factor authentication scheme based on password, smart card and biometrics. However, the authors have found that Fan and Lin´s proposed scheme (i) has flaws in the design of biometrics privacy, (ii) fails to maintain a verification table, making it vulnerable to stolen-verifier attack and modification attack, and (iii) is vulnerable to insider attacks. Thus, the authors propose an elliptic curve cryptography-based authentication scheme that is improved with regard to security requirements. The authors´ proposed scheme overcomes the flaws of Fan and Lin´s scheme and is secured from attacks. Furthermore, the authors have presented a security analysis of their scheme to show that their scheme is suitable for the biometric systems.