Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress
Clinical Collections
Advances in Alzheimer’s

At a glance: The STEP trials

A round-up of the STEP phase 3 clinical trials evaluating semaglutide for weight loss in people with overweight or obesity.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 3/2015

01-03-2015 | Patient Facing Systems

A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS

Authors: Ruhul Amin, G. P. Biswas

Published in: Journal of Medical Systems | Issue 3/2015

Login to get access

Abstract

Telecare Medical Information System (TMIS) makes an efficient and convenient connection between patient(s)/user(s) at home and doctor(s) at a clinical center. To ensure secure connection between the two entities (patient(s)/user(s), doctor(s)), user authentication is enormously important for the medical server. In this regard, many authentication protocols have been proposed in the literature only for accessing single medical server. In order to fix the drawbacks of the single medical server, we have primarily developed a novel architecture for accessing several medical services of the multi-medical server, where a user can directly communicate with the doctor of the medical server securely. Thereafter, we have developed a smart card based user authentication and key agreement security protocol usable for TMIS system using cryptographic one-way hash function. We have analyzed the security of our proposed authentication scheme through both formal and informal security analysis. Furthermore, we have simulated the proposed scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and showed that the scheme is secure against the replay and man-in-the-middle attacks. The informal security analysis is also presented which confirms that the protocol has well security protection on the relevant security attacks. The security and performance comparison analysis confirm that the proposed protocol not only provides security protection on the above mentioned attacks, but it also achieves better complexities along with efficient login and password change phase.
Literature
1.
Amin, R., Cryptanalysis and an efficient secure id-based remote user authentication using smart card. Int. J. Comput. Appl. 75(13):43–48, 2013.
2.
Amin, R., Maitra, T., Giri, D., Article: An improved efficient remote user authentication scheme in multi-server environment using smart card. Int. J. Comput. Appl. 69(22):1–6, 2013.
3.
Amin, R., Maitra, T., Rana, S.P., An improvement of wang. et. al.’s remote user authentication scheme against smart card security breach. Int. J. Comput. Appl. 75(13):37–42, 2013.
4.
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P., Hem, P., Kouchnarenko, O., Mantovani, J., Mdersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Vigan, L., Vigneron, L.: The avispa tool for the automated validation of internet security protocols and applications. In: Computer Aided Verification, Vol. 3576, pp. 281–285. Lecture Notes in Computer Science (2005)
5.
Bhargav-Spantzel, A., Squicciarini, A.C., Modi, S., Young, M., Bertino, E., Elliott, S.J., Privacy preserving multi-factor authentication with biometric. J. Comput. Secur. 15(5):529–560, 2007.
6.
7.
8.
Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.CrossRef
9.
Chuang, M.C., and Chen, M.C., An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst. Appl. 41(4, Part 1):1411–1418, 2014.CrossRef
10.
11.
Das, A.K., Analysis and improvement on an effcient biometric based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.CrossRef
12.
Debiao, H., Jianhua, C., Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef
13.
Dolev, D., and Yao, A.C., On the security of public key protocols. Information Theory. IEEE Trans. 29(2):198–208, 1983.MATHMathSciNet
14.
Fan, C.I., and Lin, Y.H., Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. Information Forensics and Security. IEEE Trans. 4(4):933–945, 2009.
15.
Guo, C., and Chang, C.C., Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6):1433–1440, 2013.CrossRefMATHMathSciNet
16.
17.
Islam, S.H., and Biswas, G.P., A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.CrossRef
18.
Jiang, Q., Ma, J., Lu, X., Tian, Y., Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J. Med. Syst. 38(2):1–8, 2014. doi:10.​1007/​s10916-014-0012-6.CrossRef
19.
20.
Jina, A.T.B., Ling, D.N.C., Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.CrossRef
21.
22.
Khan, M.K., and Zhang, J., Improving the security of a flexible biometric remote user authentication scheme. Comput. Stand. Interfaces 29(1):82–85, 2007.CrossRef
23.
Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology CRYPTO 99. Vol. 1666, pp. 388–397: Lecture Notes in Computer Science, 1999.
24.
Kumar, M., Gupta, M.K., Kumari, S., An improved efficient remote password authentication scheme with smart card over insecure networks. Int. J. Netw. Secur. 13(3):167–177, 2011.
25.
Kumari, S., Gupta, M.K., Khan, M.K., Li, X., An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Secur. Commun. Netw. 7:1921–1932, 2014. doi:10.​1002/​sec.​906.CrossRef
26.
27.
Kumari, S., and Khan, M.K., More secure smart card based remote user password authentication scheme with user anonymity. Secur. Commun. Netw. 7:2039–2053, 2013. doi:10.​1002/​sec.​916.CrossRef
28.
Kumari, S., and Khan, M.K., Cryptanalysis and improvement of ’a robust smart-card-based remote user password authentication scheme. Int. J. Commun. Syst. 27:3939–3955, 2014. doi:10.​1002/​dac.​2590.​.CrossRef
29.
30.
Kumari, S., Khan, M.K., Li, X., Wu, F., Design of a user anonymous password authentication scheme without smart card. Int. J. Commun. Syst. 27(10):609–618, 2014. doi:10.​1002/​dac.​2853.
31.
32.
33.
Lee, T.F., Chang, I.P., Lin, T.H., Wang, C.C., A secure and efficient password- based user authentication scheme using smart cards for the integrated epr information system. J. Med. Syst. 37(3):3833–3838, 2013.
34.
Li, C.T., and Hwang, M.S., An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.CrossRef
35.
Li, C.T., Lee, C.C., Weng, C.Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):77, 2014. doi:10.​1007/​s10916-014-0077-2.CrossRef
36.
Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.CrossRefMATH
37.
Li, X., Xiong, Y., Ma, J., Wang, W., An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2):763–769, 2012.CrossRef
38.
Lin, H.Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–5, 2013.CrossRef
39.
Lumini, A., and Nanni, L., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 40(3):1057–1065, 2007.CrossRefMATH
40.
Maitra, T., and Giri, D., An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment. J. Med. Syst. 38(12):142, 2014. doi:10.​1007/​s10916-014-0142-x.CrossRef
41.
Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRefMathSciNet
42.
Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M., Cryptanalysis and improvement of yan et al.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6): 24, 2014. doi:10.​1007/​s10916-014-0024-2.CrossRef
43.
Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10): 120, 2014. doi:10.​1007/​s10916-014-0120-3.CrossRef
44.
Sood, S.K., Sarje, A.K., Singh, K., A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2):609–618, 2011.CrossRef
45.
Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Netw. 2(3):200–204, 2013.
46.
47.
Wang, B., and Ma, M., A smart card based efficient and secured multi-server authentication scheme. Wirel. Pers. Commun. 68(2):361–378, 2013.CrossRef
48.
Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.CrossRef
49.
Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRef
50.
51.
Xue, K., Hong, P., Ma, C., A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J. Comput. Syst. Sci. 80(1):195–206, 2014.CrossRefMATHMathSciNet
52.
Yan, X., Li, W., Li, P., Wang, J., Hao, X., Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(5):1–6, 2013.CrossRefMATH
53.
Yang, D., and Yang, B.: A biometric password-based multi-server authentication scheme with smart card. In: 2010 International Conference on, Computer Design and Applications (ICCDA). Vol. 5, pp. 554–559 (2010)
54.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012.CrossRef
Metadata
Title
A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS
Authors
Ruhul Amin
G. P. Biswas
Publication date
01-03-2015
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 3/2015
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-015-0217-3

Other articles of this Issue 3/2015

Journal of Medical Systems 3/2015 Go to the issue

Patient Facing Systems

Reliable Feature Selection for Automated Angle Closure Glaucoma Mechanism Detection

Transactional Processing Systems

Design and Development of a Medical Big Data Processing System Based on Hadoop

Transactional Processing Systems

An Advanced Image Analysis Tool for the Quantification and Characterization of Breast Cancer in Microscopy Images

Mobile Systems

A Wearable Wireless ECG Monitoring System With Dynamic Transmission Power Control for Long-Term Homecare

Systems-Level Quality Improvement

A Secure RFID Mutual Authentication Protocol for Healthcare Environments Using Elliptic Curve Cryptography

Systems-Level Quality Improvement

A Fuzzy Probabilistic Method for Medical Diagnosis