Advertisement

An efficient two-factor authentication scheme with key agreement for IoT based E-health care application using smart card

  • M. KarthigaiveniEmail author
  • B. Indrani
Original Research
  • 66 Downloads

Abstract

IoT plays important role in the field of inter-networked applications, like physical electronic devices, vehicles, automobile applications, software applications, sensors devices, buildings, government offices and defense departments. IoT application provides strong connectivity between inter-connected devices, which shares valuable data through a common channel. Security is one of the most important key issue in any kind of information system. The IoT application is an information process and sharing between large volumes of users. In this situation, we are in the need of an efficient authentication mechanism for providing secure communication between the users. In this chapter, we have proposed a two factor authentication scheme using Elliptic Curve Cryptography with smart card. The proposed authentication is based on two-factor authentication with smart card and password, which provides high security with minimum computational cost. The proposed scheme generates new session key for every new session with fresh time stamp and nonce value. The proposed scheme needs minimum computation cost compared with the related authentication schemes using smart card.

Keywords

Internet of things (IoT) Smart card Authentication Password E-healthcare Public-key cryptosystem ECC Session key 

Notes

References

  1. Abdalla M, Fouque P, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: Proceedings of the PKC’05, vol 3386, Lecture Notes in Computer Science, Springer, Interlaken, pp 65–84zbMATHCrossRefGoogle Scholar
  2. Amin R, Biswas GPA (2015) Secure three-factor user authentication and key agreement protocols for TMIS with user anonymity. J Med Syst 39(8):1–19Google Scholar
  3. Amin R, Islam SH, Biswas GP, Khan MK, Kumar N (2015a) An efficient and practical smart card based anonymity preserving user authentication scheme for TMIS using elliptic curve cryptography. J Med Syst 39(11):1–18Google Scholar
  4. Amin R, Islam SH, Biswas GP, Khan MK, Obaidat MS (2015b) Design and analysis of an enhanced patient-server mutual authentication protocol for telecare medical information system. J Med Syst 39(11):1–20Google Scholar
  5. Bellare M, Rogaway P (1994) Entity authentication and key distribution. In: Stinson DR (ed) Advances in cryptology—CRYPTO’ 93. Lecture notes in computer science, vol 773. Springer, New York, pp 232–249CrossRefGoogle Scholar
  6. Brown D (2005) Generic groups, collision resistance, and ECDSA. Des Codes Crypt 35(2005):119–152MathSciNetzbMATHCrossRefGoogle Scholar
  7. Brown E (2016) Who needs the internet of things? https://www.linux.com/news/who-needs-internet-things/
  8. Chang CC, Le HD (2016) A provably secure, efficient and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366MathSciNetCrossRefGoogle Scholar
  9. Chaudhry SA, Naqvi H, Shon T, Sher M, Farash MS (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst 39(6):1–11CrossRefGoogle Scholar
  10. Chen CM, Wang KH, Wu TY, Pan JS, Sun HM (2013) A scalable transitive human-verifiable authentication protocol for mobile devices. IEEE Trans Inf Forensics Secur 8(8):1318–1330CrossRefGoogle Scholar
  11. Chen CM, Xu L, Wu TY, Li CR (2016a) On the security of a chaotic maps-based three-party authenticated key agreement protocol. J Netw Intell 2:61–65Google Scholar
  12. Chen C-M, Xu L, Fang W, Wu T-Y (2016b) A three-party password authenticated key exchange protocol resistant to stolen smart card attacks. Adv Intell Inf Hiding Multimed Signal Process 2016:331–336Google Scholar
  13. Chen BL, Kuo WC, Wuu LC (2019) Robust smart-card-based remote user password authentication scheme. Int J Commun Syst.  https://doi.org/10.1002/dac.2368 (in press) CrossRefGoogle Scholar
  14. Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654MathSciNetzbMATHCrossRefGoogle Scholar
  15. Farash MS (2015) Cryptanalysis and improvement of an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks. Int J Netw Manag 25(1):31–51CrossRefGoogle Scholar
  16. Farash MS, Attari MA (2014) An enhanced and secure three-party password-based authenticated key exchange protocol without using servers public-keys and symmetric cryptosystems. Inf Technol Control 43(2):143–150Google Scholar
  17. Farash MS, Kumari S, Bakhtiari M (2016) Cryptanalysis and improvement of a robust smart card secured authentication scheme on sip using elliptic curve cryptography. Multimed Tools Appl 75(8):4485–4504CrossRefGoogle Scholar
  18. Gope P, Hwang T (2016) An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks. J Netw Comput Appl 62:1–8CrossRefGoogle Scholar
  19. He D, Kumar N, Lee JH, Sherratt RS (2014) Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans Consum Electron 60(1):30–37CrossRefGoogle Scholar
  20. IoT-GSI (2015) Internet of things global standards initiative. ITU, GenevaGoogle Scholar
  21. IoT-SF (2016) Internet of things: science fiction or business fact? Harvard Business Review. November 2014. Retrieved 23 OctoberGoogle Scholar
  22. Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ch SA (2013) A secure authentication scheme for session initiation protocol by using ECC on the basis of the tang and liu scheme. Secur Commun Netw 7(8):1210–1218CrossRefGoogle Scholar
  23. Islam SH, Khan MK (2014) Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J Med Syst 38(10):1–16CrossRefGoogle Scholar
  24. ITU (2012) International Telecommunication Union, overview of the internet of things, recommendation ITU-T Y.2060Google Scholar
  25. Juang WS, Chen ST, Liaw HT (2008) Robust and efficient password-authenticated key agreement using smart card. IEEE Trans Ind Electron 55(6):2551–2556CrossRefGoogle Scholar
  26. Kim H-S, Lee S-W, Yoo K-Y (2003) ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Oper Syst Rev 37(4):32–41CrossRefGoogle Scholar
  27. Lai H, Xiao J, Li L, Yang Y (2012) Applying semigroup property of enhanced chebyshev polynomials to anonymous authentication protocol. Math Problems Eng 2012:454823.  https://doi.org/10.1155/2012/454823 MathSciNetCrossRefzbMATHGoogle Scholar
  28. Lee TF, Hwang T (2011) Provably secure and efficient authentication techniques for the global mobility network. J Syst Softw 84(10):1717–1725CrossRefGoogle Scholar
  29. Li CT, Hwang MS, Chu YP (2008) A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Comput Commun 31(12):2803–2814CrossRefGoogle Scholar
  30. Li XX, Qiu WD, Zheng D, Chen KF, Li JH (2010) Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans Ind Electron 57(2):793–800CrossRefGoogle Scholar
  31. Li W, Wen Q, Su Q, Jin Z (2012) An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network. Comput Commun 35(2):188–195CrossRefGoogle Scholar
  32. Li X, Wen Q, Zhang H, Jin Z (2013a) An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks. Int J Netw Manag 23(5):311–324CrossRefGoogle Scholar
  33. Li X, Niu J, Khan MK, Liao J (2013b) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl.  https://doi.org/10.1016/j.jnca.2013.02.034 (in press) CrossRefGoogle Scholar
  34. Li X, Niu J, Kumari S, Khan MK, Liao J, Liang W (2015) Design and analysis of a chaotic maps-based three-party authenticated key agreement protocol. Nonlinear Dyn 80(3):1209–1220MathSciNetzbMATHCrossRefGoogle Scholar
  35. Lindner T (2015) The supply chain: changing at the speed of technology. Connected World. Retrieved 18 SeptemberGoogle Scholar
  36. Lu Y, Li L, Peng H, Yang Y (2015) An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J Med Syst 39(3):1–8CrossRefGoogle Scholar
  37. Mattern F, Floerkemeier C (2016) From the internet of computers to the internet of things. ETH Zurich, Zurich (Retrieved 23 October) Google Scholar
  38. Mishra D, Mukhopadhyay S, Chaturvedi A, Kumari S, Khan MK (2014) Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J Med Syst 38(6):1–12CrossRefGoogle Scholar
  39. Niu YJ, Wang XY (2011) An anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Numer Simul 16(4):1986–1992MathSciNetzbMATHCrossRefGoogle Scholar
  40. Reddy AS (2016) Reaping the benefits of the internet of things. Cognizant, Teaneck (Retrieved 23 October) Google Scholar
  41. Santucci G (2016) The internet of things: between the revolution of the internet and the metamorphosis of objects. European Commission Community Research and Development Information Service (Retrieved 23 October) Google Scholar
  42. Secure Hash Standard (2005) FIPS PUB 180-1. National Institute of Standards and Technology (NIST), U.S. Department of Commerce, 1995. http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf. Accessed Sep 2015
  43. Shoup V (2005) Sequences of games: a tool for taming complexity in security proofs. https://www.shoup.net/papers/games.pdf
  44. Song R (2010) Advanced smart card based password authentication protocol. Comput Standards Interfaces 32(5):321–325CrossRefGoogle Scholar
  45. Sun DZ, Huai JP, Sun JZ, Li JX, Zhang JW, Feng ZY (2009) Improvements of juang et al.’s password-authenticated key agreement scheme using smart cards. IEEE Trans Ind Electron 56(6):2284–2291CrossRefGoogle Scholar
  46. Sun HM, He BZ, Chen CM, Wu TY, Lin CH, Wang H (2015) A provable authenticated group key agreement protocol for mobile environment. Inf Sci 321:224–237MathSciNetzbMATHCrossRefGoogle Scholar
  47. Tseng HR, Jan RH, Yang W (2009) A chaotic maps-based key agreement protocol that preserves user anonymity. In: IEEE international conference on communications, ICC09, Dresden, Germany, pp 1–6Google Scholar
  48. Vanstone S (1992) Responses to NIST’s proposal. Commun ACM 35(7):50–52Google Scholar
  49. Vermesan O, Friess P (2013) Internet of things: converging technologies for smart environments and integrated ecosystems. River Publishers, Aalborg. ISBN 978-87-92982-96-4Google Scholar
  50. Wazid M, Das AK, Kumari S, Li X, Wu F (2016) Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS. Secur Commun Netw 13(10):1983–2001Google Scholar
  51. Wu S, Chen K (2012) An efficient key-management scheme for hierarchical access control in e-medicine system. J Med Syst 36(4):2325–2337CrossRefGoogle Scholar
  52. Xie Q, Hu B, Wu T (2015) Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using servers public key and smart card. Nonlinear Dyn 79(4):2345–2358MathSciNetzbMATHCrossRefGoogle Scholar
  53. Xu X, Zhu P, Wen Q, Jin Z, Zhang H, He L (2013) A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information system. J Med Syst 38(1):1–7Google Scholar
  54. Xu X, Zhu P, Wen Q, Jin Z, Zhang H, He L (2014) A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. J Med Syst 38:9994CrossRefGoogle Scholar
  55. Xue KP, Hong PL (2012) Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Numer Simul 17(7):2969–2977MathSciNetzbMATHCrossRefGoogle Scholar
  56. Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on sip using elliptic curve cryptography. Comput Standards Interfaces 36(2):397–402CrossRefGoogle Scholar
  57. Zhang L, Zhu S, Tang S (2017) Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE J Biomed Health Inf 21(2):465–475CrossRefGoogle Scholar
  58. Zhao F, Gong P, Li S, Li M, Li P (2013) Cryptanalysis and improvement of a three-party key agreement protocol using enhanced chebyshev polynomials. Nonlinear Dyn 74(1–2):419–427MathSciNetzbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer ApplicationsYadava CollegeMaduraiIndia
  2. 2.Department of Computer ScienceMadurai Kamaraj UniversityMaduraiIndia

Personalised recommendations