Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress
Clinical Collections
Advances in Alzheimer’s

Keynote webinar | Spotlight on medication adherence

LIVE: Thursday 27th June 2024, 18:00-19:30 (CEST)
Join our expert panel to discover why you need to understand the drivers of non-adherence in your patients, and how you can optimize medication adherence in your clinics to drastically improve patient outcomes.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 11/2015

01-11-2015 | Systems-Level Quality Improvement

Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems

Authors: Ruhul Amin, SK Hafizul Islam, G. P. Biswas, Muhammad Khurram Khan, Xiong Li

Published in: Journal of Medical Systems | Issue 11/2015

Login to get access

Abstract

The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.’s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.’s scheme and additionally achieves extra security requirements.
Literature
1.
Amin, R, Cryptanalysis and an efficient secure id-based remote user authentication using smart card. Int. J. Comput. Appl. 75(13):43–48, 2013.
2.
Amin, R, and Biswas, GP, Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arab. J. Sci. Eng.,1–15, 2015. doi:10.​1007/​s13369-015-1743-5.
3.
Amin, R, and Biswas, GP, Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel. Pers. Commun., 1–24, 2015. doi:10.​1007/​s11277-015-2616-7.
4.
5.
Amin, R, and Biswas, GP, A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J. Med. Syst. 39(3):33, 2015. doi:10.​1007/​s10916-015-0217-3.
6.
Amin, R, and Biswas, GP, Remote access control mechanism using rabin public key cryptosystem. In: Information Systems Design and Intelligent Applications, Advances in Intelligent Systems and Computing. Vol. 339, pp. 525–533. Springer, India. 2015. doi:10.​1007/​978-81-322-2250-7_​52.
7.
8.
9.
Amin, R, Islam, SH, Biswas, GP, Khan, MK: An efficient remote mutual authentication scheme using smart mobile phone over insecure networks. In: Cyber Situational Awareness, 2015 International Conference on Data Analytics and Assessment (CyberSA). pp. 1–7, 2015, doi:10.​1109/​CyberSA.​2015.​7166114
10.
Amin, R, Maitra, T, Rana, SP, An improvement of Wang et. al.’s remote user authentication scheme against smart card security breach. Int. J. Comput. Appl. 75(13):37–42, 2013.
11.
An, Y, Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. J. Biomed. Biotechnol. 6, 2012. doi:10.​1155/​2012/​519723.
12.
An, YH: Security improvements of dynamic id-based remote user authentication scheme with session key agreement. In: 2013 15th International Conference on Advanced Communication Technology (ICACT), pp. 1072–1076 (2013)
13.
Arshad, H, and Nikooghadam, M, Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):1–12, 2014. doi:10.​1007/​s10916-014-0136-8.
14.
15.
Chang, YF, Tai, WL, Chang, HC, Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 27(11):3430–3440, 2014. doi:10.​1002/​dac.​2552.
16.
17.
Chaudhry, SA, Farash, MS, Naqvi, H, Kumari, S, Khan, MK, An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks, 2015. doi:10.​1002/​sec.​1299.
18.
Chaudhry, SA, Naqvi, H, Shon, T, Sher, M, Farash, MS, Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6):66, 2015. doi:10.​1007/​s10916-015-0244-0.CrossRefPubMed
19.
Chaudhry, SA, Uddin, N, Sher, M, Ghani, A, Naqvi, H, Irshad, A, An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimedia Tools and Applications 74(5):1711–1723, 2015. doi:10.​1007/​s11042-014-2283-9.CrossRef
20.
Chou, JS, Huang, CH, Huang, YS, Chen4, Y: Efficient two-pass anonymous identity authentication using smart card. Cryptology ePrint Archive, Report 2013/402 (2013)
21.
22.
Das, AK, Cryptanalysis and further improvement of a biometric-based remote user authentication scheme using smart cards. International Journal of Network Security and Its Applications 3(2):13–28, 2011.CrossRef
23.
24.
Dolev, D, and Yao, AC, On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198–208, 1983.CrossRef
25.
Farash, MS, Chaudhry, SA, Heydari, M, Sajad Sadough, SM, Kumari, S, Khan, MK, A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int. J. Commun. Syst., 2015. doi:10.​1002/​dac.​3019.
26.
Fu, Z, Sun, X, Liu, Q, Zhou, L, Shu, J, Achieving efficient cloud search services: Multikeyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans. Commun. E98B(1):190–200, 2015.CrossRef
27.
28.
Guo, P, Wang, J, Li, B, Lee, S, A variable threshold-value authentication architecture for wireless mesh networks. J. Internet Technol. 15(6):929–936, 2014.
29.
30.
He, D, Jianhua, C, Rui, Z, A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef
31.
32.
33.
He, D, Kumar, N, Chen, J, Lee, CC, Chilamkurti, N, Yeo, SS, Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems. 21(1):49–60, 2015. doi:10.​1007/​s00530-013-0346-9.CrossRef
34.
35.
36.
37.
38.
Islam, S H, Khan, MK, Obaidat, MS, Muhaya, F.T.B, Provably secure and anonymous password authentication protocol for roaming service in global mobility networks using extended chaotic maps. Wirel. Pers. Commun.,1–22, 2015. doi:10.​1007/​s11277-015-2542-8.
39.
Islam, SH, Design and analysis of an improved smartcard based remote user password authentication scheme. Int. J. Commun. Syst., 2014. doi:10.​1002/​dac.​2793.
40.
Islam, SH, A provably secure id-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wirel. Pers. Commun. 79(3):1975–1991, 2014. doi:10.​1007/​s11277-014-1968-8.CrossRef
41.
42.
Islam, SH, and Biswas, GP, A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.CrossRef
43.
Islam, SH, and Biswas, GP, Design of improved password authentication and update scheme based on elliptic curve cryptography. Math. Comput. Model. 57(1112):2703–2717, 2013. doi:10.​1016/​j.​mcm.​2011.​07.​001. Information System Security and Performance Modeling and Simulation for Future Mobile Networks.CrossRef
44.
45.
Jina, A.T.B, Ling, D.N.C, Goh, A, Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.CrossRef
46.
Khan, MK, and He, D, A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography. Sec. and Commun. Netw. 5(11):1260–1266, 2012. doi:10.​1002/​sec.​573.
47.
Khan, MK, and Kumari, S, An improved biometrics-based remote user authentication scheme with user anonymity. BioMed Res. Int.,9, 2013. doi:10.​1155/​2013/​491289.
48.
49.
Kocher, P, Jaffe, J, Jun, B: Differential power analysis. In: Advances in Cryptology CRYPTO 99, Lecture Notes in Computer Science, Vol. 1666, pp. 388–397 (1999)
50.
Kumari, S, and Khan, MK, More secure smart card-based remote user password authentication scheme with user anonymity. Secur. Commun. Netw. 7(11):2039–2053, 2014. doi:10.​1002/​sec.​916.
51.
52.
53.
Kumari, S, Khan, MK, Li, X, Wu, F, Design of a user anonymous password authentication scheme without smart card. Int. J. Commun. Syst. 27(10):609–618, 2014. doi:10.​1002/​dac.​2853.
54.
Lee, JK, Ryu, SR, Yoo, KY, Fingerprint-based remote user authentication scheme using smart cards. Electron. Lett. 38(12):554–555, 2002.CrossRef
55.
Li, CT, and Hwang, MS, An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.CrossRef
56.
57.
58.
Li, X, Niu, JW, Ma, J, Wang, WD, Liu, CL, Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.CrossRef
59.
60.
61.
Lumini, A, and Nanni, L, An improved biohashing for human authentication. Pattern Recogn. 40(3): 1057–1065, 2007.CrossRef
62.
Messerges, TS, Dabbish, EA, Sloan, RH, Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRef
63.
64.
Mishra, D, Mukhopadhyay, S, Chaturvedi, A, Kumari, S, Khan, MK, Cryptanalysis and improvement of yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6): 24, 2014. doi:10.​1007/​s10916-014-0024-2.CrossRefPubMed
65.
Mishra, D, Mukhopadhyay, S, Kumari, S, Khan, M, Chaturvedi, A, Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5):41, 2014. doi:10.​1007/​s10916-014-0041-1.CrossRefPubMed
66.
Ren, Y, Shen, J, Wang, J, Han, J, Lee, S, Mutual verifiable provable data auditing in public cloud storage. J. Internet Technol. 16(2):317–323, 2014.
67.
68.
69.
70.
Wei, J, Hu, X, Liu, W, An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.CrossRefPubMed
71.
72.
Wu, ZY, Lee, YC, Lai, F, Lee, HC, Chung, Y, A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRefPubMed
73.
Xu, X, Zhu, P, Wen, Q, Jin, Z, Zhang, H, He, L, A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(6):24, 2014. doi:10.​1007/​s10916-013-9994-8.​.CrossRef
74.
75.
Metadata
Title
Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems
Authors
Ruhul Amin
SK Hafizul Islam
G. P. Biswas
Muhammad Khurram Khan
Xiong Li
Publication date
01-11-2015
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 11/2015
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-015-0318-z

Other articles of this Issue 11/2015

Journal of Medical Systems 11/2015 Go to the issue

Transactional Processing Systems

FIR: An Effective Scheme for Extracting Useful Metadata from Social Media

Patient Facing Systems

A Fuzzy Inference System for Closed-Loop Deep Brain Stimulation in Parkinson’s Disease

Mobile Systems

A Context-Aware Application to Increase Elderly Users Compliance with Physical Rehabilitation Exercises at Home via Animatronic Biofeedback

Education & Training

An Empirical Assessment of a Technology Acceptance Model for Apps in Medical Education

Systems-Level Quality Improvement

User Interface Requirements for Web-Based Integrated Care Pathways: Evidence from the Evaluation of an Online Care Pathway Investigation Tool

Systems-Level Quality Improvement

A Hash Based Remote User Authentication and Authenticated Key Agreement Scheme for the Integrated EPR Information System