Design of a Secure Three-Factor Authentication Scheme for Smart Healthcare
- 62 Downloads
Now-a-days, the society is witnessing a keen urge to enhance the quality of healthcare services with the intervention of technology in the health sector. The main focus in transforming traditional healthcare to smart healthcare is on facilitating the patients as well as medical professionals. However, this changover is not easy due to various issues of security and integrity associated with it. Security of patients’s personal health record and privacy can be handled well by permitting only authorized access to the confidential health-data via suitably designed authentication scheme. In pursuit to contribute in this direction, we came across the role of Universal Serial Bus (USB), the most widely accepted interface, in enabling communication between peripheral devices and a host controller like laptop, personal computer, smart phone, tablet etc. In the process, we analysed a recently proposed a three-factor authentication scheme for consumer USB Mass Storage Devices (MSD) by He et al. In this paper, we demonstrate that He et al.’s scheme is vulnerable to leakage of temporary but session specific information attacks, late detection of message replay, forward secrecy attacks, and backward secrecy attacks. Then motivated with the benefits of USB, we propose a secure three-factor authentication scheme for smart healthcare.
KeywordsUniversal serial bus Three-factor authentication Mass storage device Message replay Forward/ backward secrecy
Compliance with ethical standards
Conflict of interest
All the authors declare that they have no conflict of interest.
This article does not contain any studies with human participants or animals performed by any of the authors.
- 1.Al-Zarouni, M., The reality of risks from consented use of USB devices. in Proc. 4th in Proc. 4th Australian Information Security Management Conference, pp. 312–317, 2006.Google Scholar
- 18.Chen, B., QIN, C., YU, L., and JIANG, P., A secure access authentication scheme for removable storage media. Journal of information & Computational Science. 9(15):4353–4363, 2012.Google Scholar
- 23.Amin, R., Islam, S. H., Gope, P., Choo, K.-K. R., and Tapas, N., Anonymity preserving and lightweight multi-medical server authentication protocol for telecare medical information system. IEEE Journal of Biomedical and Health Informatics In press, 2018. https://doi.org/10.1109/JBHI.2018.2870319.
- 24.J. Holdsworth, W.B. Glisson and K-K R. Choo, Medical device vulnerability mitigation effort gap analysis taxonomy. Smart Health, In press, https://doi.org/10.1016/j.smhl.2017.12.001, 2017.
- 26.Challa, S., Das, A. K., Odelu, V., Kumar, N., Kumari, S., Khan, M. K., and Vasilakos, A. V., An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Computers and Electrical Engineering 69:534–554, 2018.CrossRefGoogle Scholar
- 27.S. F. Aghili, H. Mala, M. Shojafar, P. Peris-Lopez, LACO: Lightweight three-factor authentication, access control and ownership transfer scheme for e-health systems in IoT, Future Generation Computer Systems, Elsevier, In press, doi: https://doi.org/10.1016/j.future.2019.02.020, 2019.
- 31.Dodis, Y., Reyzin, L., and Smith, A., Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: InInternational conference on the theory and applications of cryptographic techniques 2004 may 2. Berlin, Heidelberg: Springer, 523–540.Google Scholar