Abstract
With rapid change of Internet technology, E-health care services are available for the patients at anytime and from anywhere. The patients access these services using a public channel. Therefore, the security of privacy maintaining is the prominent issue in E-health service. In order to authorize the patients, the authentication protocol plays a fundamental role in E-health system. Nowadays, a number of protocols based on mutual authentication and session key agreement have been brought before in the domain of security. Recently, Mishra et al. brought an authentication scheme for the remote user in telecare medical information system (TMIS). The claims made suggested that their scheme defends user anonymity and provides an efficient login along with smooth password change phase where wrong input could be quickly identified and the user is also provided with the facility to change password without the intervention of server. However, the authors have shown that the protocol is inadequate for real-world application because of several problems (1) Designing imperfection in login phase; (2) Designing imperfection in authentication phase; (3) Designing imperfection in change of password phase; (4) Lack of biometric update or change phase; (5) Strong replay attack, and (6) Clock synchronization problem. Moreover, we present the performance comparison taking cost comprising with communication, computation, smart card storage, and also with relevant security features.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Chaki, J., Dey, N., Shi, F., & Sherratt, R. S. (2019, January 24). Pattern mining approaches used in sensor-based biometric recognition: A review. IEEE Sensors Journal.
Dey, N., Nandi, B., Dey, M., Biswas, D., Das, A., & Chaudhuri, S. S. (2013, February 22). BioHash code generation from electrocardiogram features. In 2013 3rd IEEE International Advance Computing Conference (IACC) (pp. 732–735). IEEE.
Mishra, R., & Barnwal, A. K. (2015). A privacy preserving secure and efficient authentication scheme for telecare medical information systems. Journal of Medical Systems, 39(5), 54.
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Arshad, H., Teymoori, V., Nikooghadam, M., & Abbassi, H. (2015). On the security of a two-factor authentication and key agreement scheme for telecare medicine information systems. Journal of Medical Systems, 39(8), 76.
Ali, R., & Pal, A. K. (2017). Three-factor-based confidentiality-preserving remote user authentication scheme in multi-server environment. Arabian Journal for Science and Engineering, 42(8), 3655–3672.
Ali, R., Pal, A. K., Kumari, S., Karuppiah, M., & Conti, M. (2018). A secure user authentication and key-agreement scheme using wireless sensor networks for agriculture monitoring. Future Generation Computer Systems, 84, 200–215.
Ali, R., & Pal, A. K. (2018). An efficient three factorbased authentication scheme in multiserver environment using ECC. International Journal of Communication Systems, 31(4), e3484.
Ali, R., & Pal, A. K. (2017). A secure and robust three-factor based authentication scheme using RSA cryptosystem. International Journal of Business Data Communications and Networking (IJBDCN), 13(1), 74–84.
Chandrakar, P., & Om, H. (2017). Cryptanalysis and extended three-factor remote user authentication scheme in multi-server environment. Arabian Journal for Science and Engineering, 42(2), 765–786.
Chandrakar, P., & Om, H. (2017). A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC. Computer Communications, 110, 26–34.
Chandrakar, P., & Om, H. (2017). Cryptanalysis and improvement of a biometricbased remote user authentication protocol usable in a multiserver environment. Transactions on Emerging Telecommunications Technologies, 28(12), e3200.
Chandrakar, P., & Om, H. (2018). An efficient two-factor remote user authentication and session key agreement scheme using Rabin cryptosystem. Arabian Journal for Science and Engineering, 43(2), 661–673.
Bin Muhaya, F. T. (2015). Cryptanalysis and security enhancement of Zhu’s authentication scheme for Telecare medicine information system. Security and Communication Networks, 8(2), 149–158.
Wazid, M., Zeadally, S., Das, A. K., & Odelu, V. (2016). Analysis of security protocols for mobile healthcare. Journal of Medical Systems, 40(11), 229.
Aslam, M. U., Derhab, A., Saleem, K., Abbas, H., Orgun, M., Iqbal, W., et al. (2017). A survey of authentication schemes in telecare medicine information systems. Journal of Medical Systems, 41(1), 14.
Jiang, Q., Khan, M. K., Lu, X., Ma, J., & He, D. (2016). A privacy preserving three-factor authentication protocol for e-Health clouds. The Journal of Supercomputing, 72(10), 3826–3849.
Wu, F., Xu, L., Kumari, S., & Li, X. (2015). A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Computers & Electrical Engineering. https://doi.org/10.1016/j.compeleceng.2015.02.015.
Wazid, M., Das, A. K., Kumari, S., Li, X., & Wu, F. (2016). Design of an efficient and provably secure anonymity preserving threefactor user authentication and key agreement scheme for TMIS. Security and Communication Networks, 9(13), 1983–2001.
Amin, R., & Biswas, G. P. (2015). A secure three-factor user authentication and key agreement protocol for TMIS with user anonymity. Journal of Medical Systems, 39(8), 1–19.
Jiang, Q., Chen, Z., Li, B., Shen, J., Yang, L., & Ma, J. (2018). Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems. Journal of Ambient Intelligence and Humanized Computing, 9(4), 1061–1073.
Lu, Y., Li, L., Peng, H., & Yang, Y. (2015). An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. Journal of Medical Systems, 39, 32. https://doi.org/10.1007/s10916-015-0221-7.
Wu, F., Xu, L., Kumari, S., Li, X., Das, A. K., & Shen, J. (2018). A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications. Journal of Ambient Intelligence and Humanized Computing, 9(4), 919–930.
Jung, J., Moon, J., & Won, D. (2017). Robust biometric-based anonymous user authenticated key agreement scheme for telecare medicine information systems. KSII Transactions on Internet and Information Systems, 11(7), 3720–3746. https://doi.org/10.3837/tiis.2017.07.023.
Liu, W., Xie, Q., Wang, S., & Hu, B. (2016). An improved authenticated key agreement protocol for telecare medicine information system. SpringerPlus, 5(1), 555. Article (CrossRef Link).
Chatterjee, S., Roy, S., Das, A. K., Chattopadhyay, S., Kumar, N., Reddy, A. G., et al. (2017). On the design of fine grained access control with user authentication scheme for telecare medicine information systems. IEEE Access, 5, 7012–7030.
Mohit, P., Amin, R., Karati, A., Biswas, G. P., & Khan, M. K. (2017). A standard mutual authentication protocol for cloud computing based health care system. Journal of Medical Systems, 41(4), 50.
Chiou, S. Y., Ying, Z., & Liu, J. (2016). Improvement of a privacy authentication scheme based on cloud for medical environment. Journal of Medical Systems, 40(4), 1–15.
Kumar, V., Jangirala, S., & Ahmad, M. (2018). An efficient mutual authentication framework for healthcare system in cloud computing. Journal of Medical Systems, 42(8), 142.
Li, W., Zhang, S., Su, Q., Wen, Q., & Chen, Y. (2018). An anonymous authentication protocol based on cloud for telemedical systems. In Wireless communications and mobile computing.
Qiu, S., Xu, G., Ahmad, H., & Wang, L. (2018). A robust mutual authentication scheme based on elliptic curve cryptography for telecare medical information systems. IEEE Access, 6, 7452–7463.
Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., & He, L. (2013). A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. Journal of Medical Systems, 38, 1–7.
Ostad-Sharif, A., Abbasinezhad-Mood, D., & Nikooghadam, M. (2019). A robust and efficient ECC-based mutual authentication and session key generation scheme for healthcare applications. Journal of Medical Systems, 43(1), 10.
Chaudhry, S. A., Khan, M. T., Khan, M. K., & Shon, T. (2016). A multiserver biometric authentication scheme for tmis using elliptic curve cryptography. Journal of Medical Systems, 40(11), 230.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Ali, R., Chandrakar, P., Kumar, A. (2020). On the Security Weaknesses in Password-Based Anonymous Authentication Scheme for E-Health Care. In: Das, S., Samanta, S., Dey, N., Kumar, R. (eds) Design Frameworks for Wireless Networks. Lecture Notes in Networks and Systems, vol 82. Springer, Singapore. https://doi.org/10.1007/978-981-13-9574-1_2
Download citation
DOI: https://doi.org/10.1007/978-981-13-9574-1_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-9573-4
Online ISBN: 978-981-13-9574-1
eBook Packages: EngineeringEngineering (R0)