A secure biometrics-based remote user authentication scheme for secure data exchange

The advancement of internetworking and mobile communication technologies has resulted in both improved network security and at the same time have contributed optimal cryptanalysis techniques. Remote user authentication and mutual authentication among the communicating entities is the critical requirement in remote client-server architecture. Several remote user authentication schemes have been proposed using various combinations like the password (1 Factor Authentication), the smart card (2 Factor Authentication) and biometrics (3 Factor Authentication) by various researchers. Recently, in 2013, Khan et al proposed a biometric based (three factor) remote user authentication scheme and claimed that their scheme is secure against various cryptographic attacks. Unfortunately, in this paper we will show that their scheme is vulnerable to user impersonation attack and the adversary can get the password of a legal user etc.