Top

Published in:

01-08-2015 | Patient Facing Systems

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity

Authors: Ruhul Amin, G. P. Biswas

Published in: Journal of Medical Systems | Issue 8/2015

Abstract

Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

Amin, R., Cryptanalysis and an efficient secure id-based remote user authentication using smart card. Int. J. Comput. Appl. 75(13):43–48, 2013.

Amin, R., and Biswas, G., A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J. Med. Syst. 39(3):33, 2015. doi:10.1007/s10916-015-0217-3.PubMedCrossRef

Amin, R., and Biswas, G.: Remote access control mechanism using rabin public key cryptosystem. In: Information Systems Design and Intelligent Applications, Advances in Intelligent Systems and Computing, Vol. 339, pp. 525–533. Springer, India (2015), doi:10.1007/978-81-322-2250-7_52

Amin, R., and Biswas, G.P.: Anonymity preserving secure hash function based authentication scheme for consumer usb mass storage device. In: Computer, Communication, Control and Information Technology (C3IT), 2015 Third International Conference on, pp. 1–6 (2015), doi:10.1109/C3IT.2015.7060190

Amin, R., Maitra, T., Rana, S.P., An improvement of wang. et. al.’s remote user authentication scheme against smart card security breach. Int. J. Comput. Appl. 75(13):37–42, 2013.

Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P., Hem, P., Kouchnarenko, O., Mantovani, J., Mdersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Vigan, L., Vigneron, L.: The avispa tool for the automated validation of internet security protocols and applications. In: Computer Aided Verification, Lecture Notes in Computer Science, Vol. 3576, pp. 281–285 (2005)

Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):1–12, 2014. doi:10.1007/s10916-014-0136-8.CrossRef

Awasthi, A., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):9964, 2013. doi:10.1007/s10916-013-9964-1.PubMedCrossRef

Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9912, 2013. doi:10.1007/s10916-012-9912-5.PubMedCrossRef

10.

Chang, Y.F., Yu, S.H., Shiao, D.R., A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(2):9902, 2013. doi:10.1007/s10916-012-9902-7.PubMedCrossRef

11.

Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.PubMedCrossRef

12.

Das, A.K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):9948, 2013. doi:10.1007/s10916-013-9948-1.PubMedCrossRef

13.

Debiao, H., Jianhua, C., Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.PubMedCrossRef

14.

Dolev, D., and Yao, A.C., On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198–208, 1983.CrossRef

15.

Giri, D., Maitra, T., Amin, R., Srivastava, P., An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1):145, 2014. doi:10.1007/s10916-014-0145-7.PubMedCrossRef

16.

Hafizul Islam, S., and Biswas, G., Dynamic id-based remote user mutual authentication scheme with smartcard using elliptic curve cryptography. J. Electron. (China) 31(5):473–488, 2014. doi:10.1007/s11767-014-4002-0.CrossRef

17.

Islam, S., Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps. Nonlinear Dyn. 78(3):2261–2276, 2014. doi:10.1007/s11071-014-1584-x.CrossRef

18.

Islam, S.H., Design and analysis of an improved smartcard-based remote user password authentication scheme. Int. J. Commun. Syst., 2014. doi:10.1002/dac.2793.

19.

Islam, S.H., and Biswas, G., A pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks. Ann. Telecommun. 67(11-12):547–558, 2012.CrossRef

20.

Islam, S.H., and Biswas, G.P., A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.CrossRef

21.

Islam, S.H., and Biswas, G.P., Design of improved password authentication and update scheme based on elliptic curve cryptography. Math. Comput. Model. 57(11-12):2703–2717, 2013.CrossRef

22.

Islam, S.H., and Biswas, G.P., Design of two-party authenticated key agreement protocol based on ecc and self-certified public keys. Wirel. Pers. Commun.,1–24, 2015. doi:10.1007/s11277-015-2375-5.

23.

Islam, S.H., and Khan, M.K., Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10):135, 2014. doi:10.1007/s10916-014-0135-9.PubMedCrossRef

24.

Jina, A.T.B., Ling, D.N.C., Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.CrossRef

25.

Khan, M.K., and Kumari, S., Cryptanalysis and improvement of an efficient and secure dynamic id-based authentication scheme for telecare medical information systems. Secur. Commun. Netw. 7(2):399–408, 2014. doi:10.1002/sec.791.CrossRef

26.

Khan, M.K., Kumari, S., Gupta, M., More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816, 2014. doi:10.1007/s00607-013-0308-2.CrossRef

27.

Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology CRYPTO 99, Lecture Notes in Computer Science, Vol. 1666, pp. 388–397 (1999)

28.

Kumar, M., Gupta, M.K., Kumari, S., An improved efficient remote password authentication scheme with smart card over insecure networks. Int. J. Netw. Secur. 13(3):167–177, 2011.

29.

Kumari, S., Gupta, M.K., Khan, M.K., Li, X., An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Secur. Commun. Netw. 7:1921–1932, 2014. doi:10.1002/sec.906.CrossRef

30.

Kumari, S., and Khan, M.K., More secure smart card based remote user password authentication scheme with user anonymity. Secur. Commun. Netw. 7:2039–2053, 2013. doi:10.1002/sec.916.CrossRef

31.

Kumari, S., and Khan, M.K., Cryptanalysis and improvement of ’a robust smart-card-based remote user password authentication scheme. Int. J. Commun. Syst. 27:3939–3955, 2014. doi:10.1002/dac.2590.CrossRef

32.

Kumari, S., Khan, M.K., Kumar, R., Cryptanalysis and improvement of a privacy enhanced scheme for telecare medical information systems. J. Med. Syst. 37(4):9952, 2013. doi:10.1007/s10916-013-9952-5.PubMedCrossRef

33.

Kumari, S., Khan, M.K., Li, X., An improved remote user authentication scheme with key agreement. Comput. Electr. Eng. 40(6):1997–2012, 2014. doi:10.1016/j.compeleceng.2014.05.007.CrossRef

34.

Kumari, S., Khan, M.K., Li, X., Wu, F., Design of a user anonymous password authentication scheme without smart card. Int. J. Commun. Syst. 27(10):609–618, 2014. doi:10.1002/dac.2853.

35.

Lee, T.F., Chang, I.P., Lin, T.H., Wang, C.C., A secure and efficient password- based user authentication scheme using smart cards for the integrated epr information system. J. Med. Syst. 37(3):1–7, 2013.

36.

Li, C.T., Hwang, M.S., Chu, Y.P., A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Comput. Commun. 31(12):2803–2814, 2008.CrossRef

37.

Li, W., Wen, Q., Su, Q., Jin, Z., An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network. Comput. Commun. 35(2):188–195, 2012.CrossRef

38.

Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.CrossRef

39.

Lin, H.Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–5, 2013.CrossRef

40.

Liping, Z., and Shaohui, Z., Robust ecc-based authenticated key agreement scheme with privacy protection for telecare medicine information systems. J. Med. Syst. 39(5), 2015. doi:10.1007/s10916-015-0233-3.

41.

Lu, Y., Li, L., Peng, H., Yang, Y., An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J. Med. Syst. 39(3):32, 2015. doi:10.1007/s10916-015-0221-7.PubMedCentralPubMedCrossRef

42.

Lumini, A., and Nanni, L., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 40(3):1057–1065, 2007.CrossRef

43.

Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRef

44.

Mishra, D., A study on id-based authentication schemes for telecare medical information system: CoRR, 2013 . arXiv:1311.0151.

45.

Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M., Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38 (6):24, 2014. doi:10.1007/s10916-014-0024-2.PubMedCrossRef

46.

Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M., Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5):41, 2014. doi:10.1007/s10916-014-0041-1.PubMedCrossRef

47.

Sarvabhatla, M., Giri, M., Vorugunti, C.S., Cryptanalysis of cryptanalysis and improvement of Yan et al. biometric-based authentication scheme for TMIS: CoRR, 2014 . arXiv:1406.3943.

48.

Sood, S.K., Sarje, A.K., Singh, K., A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2):609–618, 2011. Efficient and Robust Security and Services of Wireless Mesh Networks.CrossRef

49.

Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3):200–204, 2013.

50.

Tool, A.W.: http://www.avispa-project.org/web-interface/ (2015)

51.

Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.PubMedCrossRef

52.

Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.PubMedCrossRef

53.

Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9911, 2013.PubMedCrossRef

54.

Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., He, L., A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(6):24, 2014. doi:10.1007/s10916-013-9994-8.CrossRef

55.

Yan, X., Li, W., Li, P., Wang, J., Hao, X., Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(5):1–6, 2013.CrossRef

56.

Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838 , 2012.PubMedCrossRef

Title: A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity
Authors: Ruhul Amin
G. P. Biswas
Publication date: 01-08-2015
Publisher: Springer US
Published in: Journal of Medical Systems / Issue 8/2015
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-015-0258-7

At a glance: The ONWARDS insulin icodec trials

Springer Medicine

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity

Abstract

At a glance: The ONWARDS insulin icodec trials

Springer Medicine

Abstract

Please log in to get access to this content

Other articles of this Issue 8/2015

Evaluation Study for an ISO 13606 Archetype Based Medical Data Visualization Method

Extraction of 3D Femur Neck Trabecular Bone Architecture from Clinical CT Images in Osteoporotic Evaluation: a Novel Framework

Erratum to: Determinants of RFID Adoption in Malaysia’s Healthcare Industry: Occupational Level as a Moderator

Applying Task-Technology Fit Model to the Healthcare Sector: a Case Study of Hospitals’ Computed Tomography Patient-Referral Mechanism

A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System

An Approach for Learning Expressive Ontologies in Medical Domain