Arabian Journal for Science and Engineering

, Volume 43, Issue 12, pp 8239–8253 | Cite as

A Secure and Efficient TMIS-Based Authentication Scheme Improved Against Zhang et al.’s Scheme

  • Bander A. Alzahrani
  • Azeem IrshadEmail author
Research Article - Computer Engineering and Computer Science


The telecare medicine information systems (TMIS) architecture is exceedingly paving the ways for convenient dispensing of patient-oriented healthcare services at remote distances. At the same time, with the growing convenience in healthcare delivery, the privacy for service seekers cannot be overlooked. Different authentication protocols have been presented in the last few years; nonetheless the recent attacks or identified limitations on those protocols make them ineffective for practical implementation. Lately, Zhang et al. proposed an anonymous TMIS-based authentication scheme. Nonetheless, Zhang et al.’s protocol has been found vulnerable to password guessing, biometric parameter extraction, and server spoofing threat. We have designed an enhanced model countering the identified threats and drawbacks of contemporary TMIS-based schemes. Our proposed scheme includes the proven security features under formal analysis with BAN logic which makes certain the resilience of the contributed scheme.


Remote internet authentication Telecare medical information system Anonymity Authentication Patient health care 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.



This project was funded by the Deanship of Scientific Research (DSR), King Abdulaziz University, Jeddah, under grant no. (G-14-611-39). The authors, therefore, acknowledge with thanks DSR technical and financial support.


  1. 1.
    Li, S.; Wang, C.; Lu, W.; Lin, Y.; Yen, D.: Design and implementation of a telecare information platform. J. Med. Syst. 36(3), 1629–1650 (2012)CrossRefGoogle Scholar
  2. 2.
    Nguyen, L.; Bellucci, E.: Electronic health records implementation: an evaluation of information system impact and contingency factors. Int. J. Med. Inf. 83(11), 779–796 (2014)CrossRefGoogle Scholar
  3. 3.
    Perera, G.; Holbrook, A.; Thabane, L.; Foster, G.; Willison, D.: Views on health information sharing and privacy from primary care practices using electronic medical records. Int. J. Med. Inf. 80(2), 94–101 (2011)CrossRefGoogle Scholar
  4. 4.
    Hur, J.; Kang, K.: Dependable and secure computing in medical information systems. Comput. Commun. 36(1), 20–28 (2012)CrossRefGoogle Scholar
  5. 5.
    Lee, C.D.; Ho, K.I.; Lee, W.B.: A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 15, 550–556 (2011)CrossRefGoogle Scholar
  6. 6.
    Ludwig, W.; Wolf, K.H.; Duwenkamp, C.; Gusew, N.; Hellrung, N.; Marschollek, M.; Wagner, M.; Haux, R.: Health-enabling technologies for the elderly–an overview of services based on a literature review. Comput. Methods Progr. Biomed. 106(2), 70–78 (2012)CrossRefGoogle Scholar
  7. 7.
    Irshad, A.; Chaudhry, S.A.: Comments on “A privacy preserving three-factor authentication protocol for e-health clouds”. J Supercomput 73(4), 1504–1508 (2017)CrossRefGoogle Scholar
  8. 8.
    Irshad, A.; Sher, M.; Nawaz, O.; Chaudhry, S.A.; Khan, I.; Kumari, S.; : A secure and provable multi-server authenticated key agreement for TMIS based on Amin,; et al.: scheme. Multimed. Tools Appl. 76(15), 16463–16489 (2017)Google Scholar
  9. 9.
    Lee, T.F.; Liu, C.M.: A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3), 1–11 (2013)Google Scholar
  10. 10.
    Lee, T.F.: Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems. Comput. Methods Progr. Biomed. 117(3), 464–472 (2014)CrossRefGoogle Scholar
  11. 11.
    Xu, X.; Zhu, P.; Wen, Q.Y.; Jin, Z.P.; Zhang, H.; He, L.: A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information system. J. Med. Syst. 38(1), 1–7 (2014)CrossRefGoogle Scholar
  12. 12.
    Wen, F.T.; Guo, L.D.: An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(5), 1–8 (2014)Google Scholar
  13. 13.
    Farash, M.; Attari, M.: An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn. 77(1–2), 399–411 (2014)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Mishra, D.: Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems. J. Med. Syst. (2015). CrossRefGoogle Scholar
  15. 15.
    Mishra, D.: On the security flaws in ID-based password authentication schemes for telecare medical information systems. J. Med. Syst. 39(1), 1–16 (2015)CrossRefGoogle Scholar
  16. 16.
    Awasthi, A.; Srivastava, K.: A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5), 1–7 (2013)CrossRefGoogle Scholar
  17. 17.
    Mishra, D.; Mukhopadhyay, S.; Kumari, S.; Khan, M.; Chaturvedi, A.: Security enhancement of a biometrics based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5), 1–11 (2014)CrossRefGoogle Scholar
  18. 18.
    Tan, Z.: A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3), 1–9 (2014)CrossRefGoogle Scholar
  19. 19.
    Arshad, H.; Nikooghadam, M.: Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(3), 1–9 (2014)Google Scholar
  20. 20.
    Yan, X.; Li, W.; Li, P.; Wang, J.; Hao, X.; Gong, P.: A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(5), 1–6 (2013)CrossRefGoogle Scholar
  21. 21.
    Mishra, D.; Mukhopadhyay, S.; Chaturvedi, A.; Kumari, S.; Khan, M.: Cryptanalysis and improvement of Yan et al’.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6), 1–12 (2014)CrossRefGoogle Scholar
  22. 22.
    Sarvabhatla, M.; Giri, M.; Vorugunti, C.S.: Cryptanalysis of cryptanalysis and improvement of Yan et al. biometric- based authentication scheme for TMIS, CoRR (2014). arXiv:1406.3943.
  23. 23.
    Amin, R.; Biswas, G.P.: A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8), 78 (2015)CrossRefGoogle Scholar
  24. 24.
    Zhang, L.; Zhu, S.; Tang, S.: Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE J. Biomed. Health Inf. (2016). CrossRefGoogle Scholar
  25. 25.
    Ch, S.A.; Sher, M.; Ghani, A.; Naqvi, H.; Irshad, A.: An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimed. Tools Appl. 74(5), 1711–1723 (2015)CrossRefGoogle Scholar
  26. 26.
    Zhang, L.P.; Zhu, S.H.: Robust ECC-based authenticated key agreement scheme with privacy protection for Telecare Medicine Information Systems. J. Med. Syst. 39(5), 1–13 (2015)CrossRefGoogle Scholar
  27. 27.
    He, D.B.; Chen, Y.: Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn. 69(3), 1149–1157 (2012)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Zhao, F.; Gong, P.; Li, S.; Li, M.; Li, P.: Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dyn. 74(1–2), 419–427 (2013)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Lee, T.F.: An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 37(6), 1–9 (2013)CrossRefGoogle Scholar
  30. 30.
    Chaudhry, S.A.; Mahmood, K.; Naqvi, H.; Khan, M.K.: An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. J. Med. Syst. 39(11), 1–12 (2015)CrossRefGoogle Scholar
  31. 31.
    Mishra, D.; Srinivas, J.; Mukhopadhyay, S.: A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10), 1–10 (2014)CrossRefGoogle Scholar
  32. 32.
    Lin, H.: Improved chaotic maps-based password authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 20(2), 482–488 (2015)CrossRefGoogle Scholar
  33. 33.
    Baptista, M.: Cryptography with chaos. Phys. Lett. A. 24(1–2), 50–54 (1998)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Yau, W.; Phan, R.: Cryptanalysis of a chaotic map-based password-authenticated key agreement protocol using smart cards. Nonlinear Dyn. 79(2), 809–821 (2015)MathSciNetCrossRefGoogle Scholar
  35. 35.
    Chaudhry, S.A.; Naqvi, H.; Shon, T.; Sher, M.; Farash, M.S.: Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6), 1–11 (2015)CrossRefGoogle Scholar
  36. 36.
    Jiang, Q.; Wei, F.; Fu, S.; Ma, J.; Li, G.; Alelaiwi, A.: Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn. 83(4), 2085–2101 (2016)MathSciNetCrossRefGoogle Scholar
  37. 37.
    Lumini, A.; Loris, N.: An improved bio-hashing for human authentication. Pattern Recognit. 40(3), 1057–1065 (2007)CrossRefGoogle Scholar
  38. 38.
    Tan, Z.: Secure delegation-based authentication for telecare medicine information systems. IEEE Access 6, 26091–26110 (2018)CrossRefGoogle Scholar
  39. 39.
    Li, X.; Niu, J.; Kumari, S.; Wu, F.; Choo, K.K.R.: A robust biometrics based three-factor authentication scheme for global mobility networks in smart city. Future Gener. Comput. Syst. 83, 607–618 (2018)CrossRefGoogle Scholar
  40. 40.
    Irshad, A.; Sher, M.; Faisal, M.S.; Ghani, A.; Ul Hassan, M.; Ashraf, ChS: A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Secur. Commun. Netw. 7(8), 1210–1218 (2014)CrossRefGoogle Scholar
  41. 41.
    Irshad, A.; Sher, M.; Chaudhary, S.A.; Naqvi, H.; Farash, M.S.: An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre. J. Supercomput 72(4), 1623–1644 (2016)CrossRefGoogle Scholar
  42. 42.
    Chaudhry, S.A.; Naqvi, H.; Mahmood, K.; Ahmad, H.F.; Khan, M.K.: An improved remote user authentication scheme using elliptic curve cryptography. Wirel. Pers. Commun. 96(4), 5355–5373 (2017)CrossRefGoogle Scholar
  43. 43.
    Chaudhry, S.A.; Khan, I.; Irshad, A.; Ashraf, M.U.; Khan, M.K.; Ahmad, H.F.: A provably secure anonymous authentication scheme for session initiation protocol. Secur. Commun. Netw. 9(18), 5016–5027 (2016)CrossRefGoogle Scholar
  44. 44.
    Khan, I.; Chaudhry, S.A.; Sher, M.; Khan, J.I.; Khan, M.K.: An anonymous and provably secure biometric-based authentication scheme using chaotic maps for accessing medical drop box data. J. Supercomput. 1–19 (2016). CrossRefGoogle Scholar
  45. 45.
    Chaudhry, S.A.; Naqvi, H.; Farash, M.S.; Shon, T.; Sher, M.: An improved and robust biometrics-based three factor authentication scheme for multiserver environments. J. Supercomput. 1–17 (2015). CrossRefGoogle Scholar
  46. 46.
    Blanchet, B.; Cheval, V.; Allamigeon, X.; Smyth, B.: ProVerif: cryptographic protocol verifier in the formal model. Accessed 10 Mar 2018
  47. 47.
    Burrow, M.; Abadi, M.; Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)CrossRefGoogle Scholar
  48. 48.
    Kilinc, H.H.; Yanik, T.: A survey of SIP authentication and key agreement schemes. Commun. Surveys Tutor. IEEE 16(2), 1005–1023 (2014)CrossRefGoogle Scholar
  49. 49.
    Lee, T.F.: Efficient and secure temporal credential-based authenticated key agreement using extended chaotic maps for wireless sensor networks. Sensors 15(7), 14960–14980 (2015)CrossRefGoogle Scholar

Copyright information

© King Fahd University of Petroleum & Minerals 2018

Authors and Affiliations

  1. 1.Faculty of Computing and Information TechnologyKing Abdulaziz UniversityJeddahSaudi Arabia
  2. 2.Department of Computer Science and Software EngineeringInternational Islamic UniversityIslamabadPakistan

Personalised recommendations