A Secure and Efficient TMIS-Based Authentication Scheme Improved Against Zhang et al.’s Scheme
- 47 Downloads
Abstract
The telecare medicine information systems (TMIS) architecture is exceedingly paving the ways for convenient dispensing of patient-oriented healthcare services at remote distances. At the same time, with the growing convenience in healthcare delivery, the privacy for service seekers cannot be overlooked. Different authentication protocols have been presented in the last few years; nonetheless the recent attacks or identified limitations on those protocols make them ineffective for practical implementation. Lately, Zhang et al. proposed an anonymous TMIS-based authentication scheme. Nonetheless, Zhang et al.’s protocol has been found vulnerable to password guessing, biometric parameter extraction, and server spoofing threat. We have designed an enhanced model countering the identified threats and drawbacks of contemporary TMIS-based schemes. Our proposed scheme includes the proven security features under formal analysis with BAN logic which makes certain the resilience of the contributed scheme.
Keywords
Remote internet authentication Telecare medical information system Anonymity Authentication Patient health carePreview
Unable to display preview. Download preview PDF.
Notes
Acknowledgements
This project was funded by the Deanship of Scientific Research (DSR), King Abdulaziz University, Jeddah, under grant no. (G-14-611-39). The authors, therefore, acknowledge with thanks DSR technical and financial support.
References
- 1.Li, S.; Wang, C.; Lu, W.; Lin, Y.; Yen, D.: Design and implementation of a telecare information platform. J. Med. Syst. 36(3), 1629–1650 (2012)CrossRefGoogle Scholar
- 2.Nguyen, L.; Bellucci, E.: Electronic health records implementation: an evaluation of information system impact and contingency factors. Int. J. Med. Inf. 83(11), 779–796 (2014)CrossRefGoogle Scholar
- 3.Perera, G.; Holbrook, A.; Thabane, L.; Foster, G.; Willison, D.: Views on health information sharing and privacy from primary care practices using electronic medical records. Int. J. Med. Inf. 80(2), 94–101 (2011)CrossRefGoogle Scholar
- 4.Hur, J.; Kang, K.: Dependable and secure computing in medical information systems. Comput. Commun. 36(1), 20–28 (2012)CrossRefGoogle Scholar
- 5.Lee, C.D.; Ho, K.I.; Lee, W.B.: A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 15, 550–556 (2011)CrossRefGoogle Scholar
- 6.Ludwig, W.; Wolf, K.H.; Duwenkamp, C.; Gusew, N.; Hellrung, N.; Marschollek, M.; Wagner, M.; Haux, R.: Health-enabling technologies for the elderly–an overview of services based on a literature review. Comput. Methods Progr. Biomed. 106(2), 70–78 (2012)CrossRefGoogle Scholar
- 7.Irshad, A.; Chaudhry, S.A.: Comments on “A privacy preserving three-factor authentication protocol for e-health clouds”. J Supercomput 73(4), 1504–1508 (2017)CrossRefGoogle Scholar
- 8.Irshad, A.; Sher, M.; Nawaz, O.; Chaudhry, S.A.; Khan, I.; Kumari, S.; : A secure and provable multi-server authenticated key agreement for TMIS based on Amin,; et al.: scheme. Multimed. Tools Appl. 76(15), 16463–16489 (2017)Google Scholar
- 9.Lee, T.F.; Liu, C.M.: A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3), 1–11 (2013)Google Scholar
- 10.Lee, T.F.: Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems. Comput. Methods Progr. Biomed. 117(3), 464–472 (2014)CrossRefGoogle Scholar
- 11.Xu, X.; Zhu, P.; Wen, Q.Y.; Jin, Z.P.; Zhang, H.; He, L.: A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information system. J. Med. Syst. 38(1), 1–7 (2014)CrossRefGoogle Scholar
- 12.Wen, F.T.; Guo, L.D.: An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(5), 1–8 (2014)Google Scholar
- 13.Farash, M.; Attari, M.: An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn. 77(1–2), 399–411 (2014)MathSciNetCrossRefGoogle Scholar
- 14.Mishra, D.: Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems. J. Med. Syst. (2015). https://doi.org/10.1007/s10916-015-0193-7 CrossRefGoogle Scholar
- 15.Mishra, D.: On the security flaws in ID-based password authentication schemes for telecare medical information systems. J. Med. Syst. 39(1), 1–16 (2015)CrossRefGoogle Scholar
- 16.Awasthi, A.; Srivastava, K.: A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5), 1–7 (2013)CrossRefGoogle Scholar
- 17.Mishra, D.; Mukhopadhyay, S.; Kumari, S.; Khan, M.; Chaturvedi, A.: Security enhancement of a biometrics based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5), 1–11 (2014)CrossRefGoogle Scholar
- 18.Tan, Z.: A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3), 1–9 (2014)CrossRefGoogle Scholar
- 19.Arshad, H.; Nikooghadam, M.: Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(3), 1–9 (2014)Google Scholar
- 20.Yan, X.; Li, W.; Li, P.; Wang, J.; Hao, X.; Gong, P.: A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(5), 1–6 (2013)CrossRefGoogle Scholar
- 21.Mishra, D.; Mukhopadhyay, S.; Chaturvedi, A.; Kumari, S.; Khan, M.: Cryptanalysis and improvement of Yan et al’.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6), 1–12 (2014)CrossRefGoogle Scholar
- 22.Sarvabhatla, M.; Giri, M.; Vorugunti, C.S.: Cryptanalysis of cryptanalysis and improvement of Yan et al. biometric- based authentication scheme for TMIS, CoRR (2014). arXiv:1406.3943.
- 23.Amin, R.; Biswas, G.P.: A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8), 78 (2015)CrossRefGoogle Scholar
- 24.Zhang, L.; Zhu, S.; Tang, S.: Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE J. Biomed. Health Inf. (2016). https://doi.org/10.1109/JBHI.2016.2517146 CrossRefGoogle Scholar
- 25.Ch, S.A.; Sher, M.; Ghani, A.; Naqvi, H.; Irshad, A.: An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimed. Tools Appl. 74(5), 1711–1723 (2015)CrossRefGoogle Scholar
- 26.Zhang, L.P.; Zhu, S.H.: Robust ECC-based authenticated key agreement scheme with privacy protection for Telecare Medicine Information Systems. J. Med. Syst. 39(5), 1–13 (2015)CrossRefGoogle Scholar
- 27.He, D.B.; Chen, Y.: Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn. 69(3), 1149–1157 (2012)MathSciNetCrossRefGoogle Scholar
- 28.Zhao, F.; Gong, P.; Li, S.; Li, M.; Li, P.: Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dyn. 74(1–2), 419–427 (2013)MathSciNetCrossRefGoogle Scholar
- 29.Lee, T.F.: An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 37(6), 1–9 (2013)CrossRefGoogle Scholar
- 30.Chaudhry, S.A.; Mahmood, K.; Naqvi, H.; Khan, M.K.: An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. J. Med. Syst. 39(11), 1–12 (2015)CrossRefGoogle Scholar
- 31.Mishra, D.; Srinivas, J.; Mukhopadhyay, S.: A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10), 1–10 (2014)CrossRefGoogle Scholar
- 32.Lin, H.: Improved chaotic maps-based password authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 20(2), 482–488 (2015)CrossRefGoogle Scholar
- 33.Baptista, M.: Cryptography with chaos. Phys. Lett. A. 24(1–2), 50–54 (1998)MathSciNetCrossRefGoogle Scholar
- 34.Yau, W.; Phan, R.: Cryptanalysis of a chaotic map-based password-authenticated key agreement protocol using smart cards. Nonlinear Dyn. 79(2), 809–821 (2015)MathSciNetCrossRefGoogle Scholar
- 35.Chaudhry, S.A.; Naqvi, H.; Shon, T.; Sher, M.; Farash, M.S.: Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6), 1–11 (2015)CrossRefGoogle Scholar
- 36.Jiang, Q.; Wei, F.; Fu, S.; Ma, J.; Li, G.; Alelaiwi, A.: Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn. 83(4), 2085–2101 (2016)MathSciNetCrossRefGoogle Scholar
- 37.Lumini, A.; Loris, N.: An improved bio-hashing for human authentication. Pattern Recognit. 40(3), 1057–1065 (2007)CrossRefGoogle Scholar
- 38.Tan, Z.: Secure delegation-based authentication for telecare medicine information systems. IEEE Access 6, 26091–26110 (2018)CrossRefGoogle Scholar
- 39.Li, X.; Niu, J.; Kumari, S.; Wu, F.; Choo, K.K.R.: A robust biometrics based three-factor authentication scheme for global mobility networks in smart city. Future Gener. Comput. Syst. 83, 607–618 (2018)CrossRefGoogle Scholar
- 40.Irshad, A.; Sher, M.; Faisal, M.S.; Ghani, A.; Ul Hassan, M.; Ashraf, ChS: A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Secur. Commun. Netw. 7(8), 1210–1218 (2014)CrossRefGoogle Scholar
- 41.Irshad, A.; Sher, M.; Chaudhary, S.A.; Naqvi, H.; Farash, M.S.: An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre. J. Supercomput 72(4), 1623–1644 (2016)CrossRefGoogle Scholar
- 42.Chaudhry, S.A.; Naqvi, H.; Mahmood, K.; Ahmad, H.F.; Khan, M.K.: An improved remote user authentication scheme using elliptic curve cryptography. Wirel. Pers. Commun. 96(4), 5355–5373 (2017)CrossRefGoogle Scholar
- 43.Chaudhry, S.A.; Khan, I.; Irshad, A.; Ashraf, M.U.; Khan, M.K.; Ahmad, H.F.: A provably secure anonymous authentication scheme for session initiation protocol. Secur. Commun. Netw. 9(18), 5016–5027 (2016)CrossRefGoogle Scholar
- 44.Khan, I.; Chaudhry, S.A.; Sher, M.; Khan, J.I.; Khan, M.K.: An anonymous and provably secure biometric-based authentication scheme using chaotic maps for accessing medical drop box data. J. Supercomput. 1–19 (2016). https://doi.org/10.1007/s11227-016-1886-5 CrossRefGoogle Scholar
- 45.Chaudhry, S.A.; Naqvi, H.; Farash, M.S.; Shon, T.; Sher, M.: An improved and robust biometrics-based three factor authentication scheme for multiserver environments. J. Supercomput. 1–17 (2015). https://doi.org/10.1007/s11227-015-1601-y CrossRefGoogle Scholar
- 46.Blanchet, B.; Cheval, V.; Allamigeon, X.; Smyth, B.: ProVerif: cryptographic protocol verifier in the formal model. http://prosecco.gforge.inria.fr/personal/bblanche/prover/. Accessed 10 Mar 2018
- 47.Burrow, M.; Abadi, M.; Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)CrossRefGoogle Scholar
- 48.Kilinc, H.H.; Yanik, T.: A survey of SIP authentication and key agreement schemes. Commun. Surveys Tutor. IEEE 16(2), 1005–1023 (2014)CrossRefGoogle Scholar
- 49.Lee, T.F.: Efficient and secure temporal credential-based authenticated key agreement using extended chaotic maps for wireless sensor networks. Sensors 15(7), 14960–14980 (2015)CrossRefGoogle Scholar