Cryptanalysis of Cryptanalysis and Improvement of Yan et al Biometric-Based Authentication Scheme for TMIS

Abstract: Remote user authentication is critical requirement in Telecare Medicine Information System (TMIS) to protect the patient personal details, security and integrity of the critical medical records of the patient as the patient data is transmitted over insecure public communication channel called Internet. In 2013, Yan proposed a biometric based remote user authentication scheme and claimed that his scheme is secure. Recently, Dheerendra et al. demonstrated some drawbacks in Yan et al scheme and proposed an improved scheme to erase the drawbacks of Yan et al scheme. We analyze Dheerendra et al scheme and identify that their scheme is vulnerable to off-line identity guessing attack, and on successfully mounting it, the attacker can perfom all major cryptographic attacks.