Skip to main content
SpringerLink
Log in
Book cover

Design Frameworks for Wireless Networks pp 23–40Cite as

On the Security Weaknesses in Password-Based Anonymous Authentication Scheme for E-Health Care

  • Chapter
  • First Online:

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 82))

Abstract

With rapid change of Internet technology, E-health care services are available for the patients at anytime and from anywhere. The patients access these services using a public channel. Therefore, the security of privacy maintaining is the prominent issue in E-health service. In order to authorize the patients, the authentication protocol plays a fundamental role in E-health system. Nowadays, a number of protocols based on mutual authentication and session key agreement have been brought before in the domain of security. Recently, Mishra et al. brought an authentication scheme for the remote user in telecare medical information system (TMIS). The claims made suggested that their scheme defends user anonymity and provides an efficient login along with smooth password change phase where wrong input could be quickly identified and the user is also provided with the facility to change password without the intervention of server. However, the authors have shown that the protocol is inadequate for real-world application because of several problems (1) Designing imperfection in login phase; (2) Designing imperfection in authentication phase; (3) Designing imperfection in change of password phase; (4) Lack of biometric update or change phase; (5) Strong replay attack, and (6) Clock synchronization problem. Moreover, we present the performance comparison taking cost comprising with communication, computation, smart card storage, and also with relevant security features.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Chaki, J., Dey, N., Shi, F., & Sherratt, R. S. (2019, January 24). Pattern mining approaches used in sensor-based biometric recognition: A review. IEEE Sensors Journal.

    Google Scholar 

  2. Dey, N., Nandi, B., Dey, M., Biswas, D., Das, A., & Chaudhuri, S. S. (2013, February 22). BioHash code generation from electrocardiogram features. In 2013 3rd IEEE International Advance Computing Conference (IACC) (pp. 732–735). IEEE.

    Google Scholar 

  3. Mishra, R., & Barnwal, A. K. (2015). A privacy preserving secure and efficient authentication scheme for telecare medical information systems. Journal of Medical Systems, 39(5), 54.

    Article  Google Scholar 

  4. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    Article  Google Scholar 

  5. Arshad, H., Teymoori, V., Nikooghadam, M., & Abbassi, H. (2015). On the security of a two-factor authentication and key agreement scheme for telecare medicine information systems. Journal of Medical Systems, 39(8), 76.

    Article  Google Scholar 

  6. Ali, R., & Pal, A. K. (2017). Three-factor-based confidentiality-preserving remote user authentication scheme in multi-server environment. Arabian Journal for Science and Engineering, 42(8), 3655–3672.

    Article  MathSciNet  Google Scholar 

  7. Ali, R., Pal, A. K., Kumari, S., Karuppiah, M., & Conti, M. (2018). A secure user authentication and key-agreement scheme using wireless sensor networks for agriculture monitoring. Future Generation Computer Systems, 84, 200–215.

    Article  Google Scholar 

  8. Ali, R., & Pal, A. K. (2018). An efficient three factorbased authentication scheme in multiserver environment using ECC. International Journal of Communication Systems, 31(4), e3484.

    Article  Google Scholar 

  9. Ali, R., & Pal, A. K. (2017). A secure and robust three-factor based authentication scheme using RSA cryptosystem. International Journal of Business Data Communications and Networking (IJBDCN), 13(1), 74–84.

    Article  Google Scholar 

  10. Chandrakar, P., & Om, H. (2017). Cryptanalysis and extended three-factor remote user authentication scheme in multi-server environment. Arabian Journal for Science and Engineering, 42(2), 765–786.

    Article  Google Scholar 

  11. Chandrakar, P., & Om, H. (2017). A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC. Computer Communications, 110, 26–34.

    Article  Google Scholar 

  12. Chandrakar, P., & Om, H. (2017). Cryptanalysis and improvement of a biometricbased remote user authentication protocol usable in a multiserver environment. Transactions on Emerging Telecommunications Technologies, 28(12), e3200.

    Article  Google Scholar 

  13. Chandrakar, P., & Om, H. (2018). An efficient two-factor remote user authentication and session key agreement scheme using Rabin cryptosystem. Arabian Journal for Science and Engineering, 43(2), 661–673.

    Article  Google Scholar 

  14. Bin Muhaya, F. T. (2015). Cryptanalysis and security enhancement of Zhu’s authentication scheme for Telecare medicine information system. Security and Communication Networks, 8(2), 149–158.

    Article  Google Scholar 

  15. Wazid, M., Zeadally, S., Das, A. K., & Odelu, V. (2016). Analysis of security protocols for mobile healthcare. Journal of Medical Systems, 40(11), 229.

    Article  Google Scholar 

  16. Aslam, M. U., Derhab, A., Saleem, K., Abbas, H., Orgun, M., Iqbal, W., et al. (2017). A survey of authentication schemes in telecare medicine information systems. Journal of Medical Systems, 41(1), 14.

    Article  Google Scholar 

  17. Jiang, Q., Khan, M. K., Lu, X., Ma, J., & He, D. (2016). A privacy preserving three-factor authentication protocol for e-Health clouds. The Journal of Supercomputing, 72(10), 3826–3849.

    Article  Google Scholar 

  18. Wu, F., Xu, L., Kumari, S., & Li, X. (2015). A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Computers & Electrical Engineering. https://doi.org/10.1016/j.compeleceng.2015.02.015.

    Article  Google Scholar 

  19. Wazid, M., Das, A. K., Kumari, S., Li, X., & Wu, F. (2016). Design of an efficient and provably secure anonymity preserving threefactor user authentication and key agreement scheme for TMIS. Security and Communication Networks, 9(13), 1983–2001.

    Google Scholar 

  20. Amin, R., & Biswas, G. P. (2015). A secure three-factor user authentication and key agreement protocol for TMIS with user anonymity. Journal of Medical Systems, 39(8), 1–19.

    Google Scholar 

  21. Jiang, Q., Chen, Z., Li, B., Shen, J., Yang, L., & Ma, J. (2018). Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems. Journal of Ambient Intelligence and Humanized Computing, 9(4), 1061–1073.

    Article  Google Scholar 

  22. Lu, Y., Li, L., Peng, H., & Yang, Y. (2015). An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. Journal of Medical Systems, 39, 32. https://doi.org/10.1007/s10916-015-0221-7.

    Article  Google Scholar 

  23. Wu, F., Xu, L., Kumari, S., Li, X., Das, A. K., & Shen, J. (2018). A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications. Journal of Ambient Intelligence and Humanized Computing, 9(4), 919–930.

    Article  Google Scholar 

  24. Jung, J., Moon, J., & Won, D. (2017). Robust biometric-based anonymous user authenticated key agreement scheme for telecare medicine information systems. KSII Transactions on Internet and Information Systems, 11(7), 3720–3746. https://doi.org/10.3837/tiis.2017.07.023.

  25. Liu, W., Xie, Q., Wang, S., & Hu, B. (2016). An improved authenticated key agreement protocol for telecare medicine information system. SpringerPlus, 5(1), 555. Article (CrossRef Link).

    Google Scholar 

  26. Chatterjee, S., Roy, S., Das, A. K., Chattopadhyay, S., Kumar, N., Reddy, A. G., et al. (2017). On the design of fine grained access control with user authentication scheme for telecare medicine information systems. IEEE Access, 5, 7012–7030.

    Article  Google Scholar 

  27. Mohit, P., Amin, R., Karati, A., Biswas, G. P., & Khan, M. K. (2017). A standard mutual authentication protocol for cloud computing based health care system. Journal of Medical Systems, 41(4), 50.

    Article  Google Scholar 

  28. Chiou, S. Y., Ying, Z., & Liu, J. (2016). Improvement of a privacy authentication scheme based on cloud for medical environment. Journal of Medical Systems, 40(4), 1–15.

    Article  Google Scholar 

  29. Kumar, V., Jangirala, S., & Ahmad, M. (2018). An efficient mutual authentication framework for healthcare system in cloud computing. Journal of Medical Systems, 42(8), 142.

    Article  Google Scholar 

  30. Li, W., Zhang, S., Su, Q., Wen, Q., & Chen, Y. (2018). An anonymous authentication protocol based on cloud for telemedical systems. In Wireless communications and mobile computing.

    Google Scholar 

  31. Qiu, S., Xu, G., Ahmad, H., & Wang, L. (2018). A robust mutual authentication scheme based on elliptic curve cryptography for telecare medical information systems. IEEE Access, 6, 7452–7463.

    Article  Google Scholar 

  32. Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., & He, L. (2013). A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. Journal of Medical Systems, 38, 1–7.

    Google Scholar 

  33. Ostad-Sharif, A., Abbasinezhad-Mood, D., & Nikooghadam, M. (2019). A robust and efficient ECC-based mutual authentication and session key generation scheme for healthcare applications. Journal of Medical Systems, 43(1), 10.

    Article  Google Scholar 

  34. Chaudhry, S. A., Khan, M. T., Khan, M. K., & Shon, T. (2016). A multiserver biometric authentication scheme for tmis using elliptic curve cryptography. Journal of Medical Systems, 40(11), 230.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Applications, Madanapalle Institute of Technology & Science, Madanapalle, 517325, Andhra Pradesh, India

    Rifaqat Ali

  2. Department of Computer Science & Engineering, National Institute of Technology (NIT), Raipur, 492010, Chhattisgarh, India

    Preeti Chandrakar & Aashish Kumar

Authors
  1. Rifaqat Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Preeti Chandrakar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aashish Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rifaqat Ali .

Editor information

Editors and Affiliations

  1. School of Computer Science and Engineering, National Institute of Science and Technology (Autonomous), Brahmapur, Odisha, India

    Santosh Kumar Das

  2. Department of Computer Science and Engineering, University Institute of Technology, University of Burdwan, Bardhaman, West Bengal, India

    Sourav Samanta

  3. Department of Information Technology, Techno India College of Technology, Kolkata, West Bengal, India

    Nilanjan Dey

  4. Department of Electrical Engineering, Malaviya National Institute of Technology, Jaipur, Rajasthan, India

    Rajesh Kumar

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Ali, R., Chandrakar, P., Kumar, A. (2020). On the Security Weaknesses in Password-Based Anonymous Authentication Scheme for E-Health Care. In: Das, S., Samanta, S., Dey, N., Kumar, R. (eds) Design Frameworks for Wireless Networks. Lecture Notes in Networks and Systems, vol 82. Springer, Singapore. https://doi.org/10.1007/978-981-13-9574-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-9574-1_2

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-9573-4

  • Online ISBN: 978-981-13-9574-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation