Top

Published in:

01-06-2014 | TRANSACTIONAL PROCESSING SYSTEMS

An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function

Authors: Ashok Kumar Das, Adrijit Goswami

Published in: Journal of Medical Systems | Issue 6/2014

Abstract

Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava’s scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava’s scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava’s scheme.

AVISPA: Automated validation of internet security protocols and applications. http://www.avispa-project.org/. Accessed Jan 2013.

AVISPA: AVISPA Web Tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed Sept 2013.

Awasthi, A. K., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):1–4, 2013.

Basin, D., Modersheim, S., and Vigano, L., OFMC: A symbolic model checker for security protocols. Int. J. Inf. Sec. 4(3):181–208, 2005.

Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.

Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:1–9, 2013.

Das, A. K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Sec. 5(3):145–151, 2011.

Das, A. K., A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Netw. Sci. 2(1–2):12–27, 2013.

Das, A. K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.

10.

Das, A. K., Massand, A., and Patil, S., A novel proxy signature scheme based on user hierarchical access control policy. J. King Saud University - Comput. Inf. Sci. 25(2):219–228, 2013.

11.

Das, A. K., Paul, N. R., and Tripathy, L., Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf. Sci. 209:80–92, 2012.

12.

Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.

13.

Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.

14.

Dolev, D., and Yao, A., On the security of public key protocols. IEEE Trans. Inf. Theory. 29(2):198–208, 1983.

15.

Hwang, M.-S., and Li, L.-H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1): 28–30, 2000.

16.

Hwang, T., Chen, Y., and Laih, C.-S., Non-interactive password authentications without password tables. In: Proceedings of IEEE Region 10 Conference on Computer and Communication Systems (TENCON’90). Vol. 1, pp. 429–431, 1990.

17.

Jaspher, G., Kathrine, W., Kirubakaran, E., and Prakash, P., Smart card based remote user authentication schemes: A survey. Procedia Eng. 38:1318–1326, 2012.

18.

Jina, A. T. B., Linga, D. N. C., and Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.

19.

Khan, M. K., Kim, S.-K., and Alghathbar, K., Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’. Comput Commun. 34(3):305–309, 2011.

20.

Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. In: Proceedings of Advances in Cryptology - CRYPTO’99, LNCS. Vol. 1666, pp. 388–397, 1999.

21.

Lamport, L., Password authentification with insecure communication. Commun. ACM. 24(11):770–772, 1981.

22.

Li, C.-T., and Hwang, M.-S., An efficient biometric-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33:1–5, 2010.

23.

Li, C.-T., Lee, C.-C., Liu, C.-J., and Lee, C.-W., A robust remote user authentication scheme against smart card security breach. In: Proceedings of Data and Applications Security and Privacy XXV, LNCS. VOl. 6818, pp. 231–238, 2011.

24.

Li, X., Niu, J.-W., Ma, J., Wang, W.-D., and Liu, C.-L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34:73–79, 2011.

25.

Lumini, A., and Nanni, L., An improved BioHashing for human authentication. Pattern Recog. 40(3):1057–1065, 2007.

26.

Madhusudhan, R., and Mittal, R. C., Dynamic ID-based remote user password authentication schemes using smart cards: A review. J. Netw. Comput. Appl. 35(4):1235–1248, 2012.

27.

Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

28.

Odelu, V., Das, A. K., and Goswami, A., An effective and secure key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 37(2):1–18, 2013.

29.

Wang, Y.-Y., Liu, J.-Y., Xiao, F.-X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009.

30.

Xiao, D., Liao, X., and Deng, S., One-way hash function construction based on the chaotic map with changeable-parameter. Chaos, Solitons Fractals. 241:65–71, 2005.

Title: An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function
Authors: Ashok Kumar Das
Adrijit Goswami
Publication date: 01-06-2014
Publisher: Springer US
Published in: Journal of Medical Systems / Issue 6/2014
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-014-0027-z

Keynote webinar | Spotlight on medication adherence

Springer Medicine

An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function

Abstract

Keynote webinar | Spotlight on medication adherence

Springer Medicine

Abstract

Please log in to get access to this content

Other articles of this Issue 6/2014

Design and Development of A Mobile-based System for Supporting Emergency Triage Decision Making

A usability framework for speech recognition technologies in clinical handover: A pre-implementation study

Hiding Patients Confidential Datainthe ECG Signal viaa Transform-Domain Quantization Scheme

Development of a Decision Support Engine to Assist Patients with Hospital Selection

Analysis of the Integration of the Physician Rostering Problem and the Surgery Scheduling Problem

Applying Cybernetic Technology to Diagnose Human Pulmonary Sounds