ABSTRACT
ABSTRACT: In 2013, Li et al. proposed a robust biometrics based three-factor remote user authentication scheme with key agreement using elliptic curve and fuzzy extractor. He claimed that while providing high-level of security and more useful functions, the scheme resolves weaknesses of An’s scheme such as vulnerable to denial-of-service attack and forgery attack, and no session key agreement. However, we found that his scheme is not truly based on three factors as they claimed and cannot resist stolen smart card attack, and insider attack. Therefore, we propose a new scheme that involves adding parallel processing server smart cards as a new security factor and creating a more efficient and stronger authentication protocol based on elliptic curve cryptography and a fuzzy extractor in order to withstand various types of attacks including the above mentioned attacks, and to improve system performance.
