Cryptanalysis of enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem

Abstract

To achieve the security and privacy, many remote user authentication schemes based on cryptography for telecare medicine information systems have been proposed. Recently, Lu et al. proposed an enhanced biometric-based authentication scheme for telecare medicine information system using elliptic curve cryptosystem. They found that Arshad et al.’s scheme was vulnerable to off-line password guessing attack and user impersonation attack, and claimed that their scheme was more secure against various attacks. However, we demonstrate that their scheme is still insecure and vulnerable to outsider attack, user impersonation attack, server impersonation attack and smart card stolen attack in this paper.