Abstract
Electronic Medical Record (EMR) systems is a part of e-healthcare system, which is developing rapidly. In this, it is possible to deliver medical services among multiple participants over a network without physical presence. Since sensitive data is transmitted over public channels, it is very much required to maintain the secrecy of that data. This is achieved by mutual authentication between the participants. For this, various schemes for authentication with smart cards have been proposed. Han et al. proposed one such biometrics-based scheme for the same purpose using hash functions along with symmetric key encryption and elliptic curve cryptography. From cryptanalysis of their scheme, we have pointed out weaknesses viz. no user anonymity, user and server impersonation, man-in-the-middle attack. These security issues have been presented in this article. To overcome these attacks, a scheme has been proposed in this article. Since it does not use symmetric key encryption, the proposed scheme reduces the computational complexity as can be seen in the comparison provided. The security analysis of the proposed scheme, along with BAN (Burrows-Abadi-Needham) logic has been explained in detail. Comparison of the proposed scheme with related schemes with respect to computation cost, execution time and performance is demonstrated. This proves that the proposed scheme performs well in terms of security as well as computational efficiency.
Similar content being viewed by others
References
Amin R, Biswas G (2015) An improved rsa based user authentication and session key agreement protocol usable in tmis. J Med Sys 39(8):79
Arshad H, Nikooghadam M (2014) Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J Med Sys 38(12):136
Barrows RC Jr, Clayton PD (1996) Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association 3(2):139–148
Bhattacharyya D, Ranjan R, Alisherov F, Choi M, et al. (2009) Biometric authentication: a review. Int J u-and e-Service Sci Technol 2(3):13–28
Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proceedings of the Royal Society of London, A. Mathematical and Physical Sciences 426 (1871):233–271
Burt CW, Sisk JE (2005) Which physicians and practices are using electronic medical records? Health Affairs 24(5):1334–1343
Callegati F, Cerroni W, Ramilli M (2009) Man-in-the-middle attack to the https protocol. IEEE Security & Privacy 7(1):78–81
Cao T, Zhai J (2013) Improved dynamic id-based authentication scheme for telecare medical information systems. J Med Sys 37(2):9912
Chang CC, Lee JS, Lo YY, Liu Y (2017) A secure authentication scheme for telecare medical information systems. In: Advances in intelligent information hiding and multimedia signal processing. Springer, Berlin, pp 303–312
Chaturvedi A, Mishra D, Mukhopadhyay S (2013) Improved biometric-based three-factor remote user authentication scheme with key agreement using smart card. In: International conference on information systems security. Springer, Berlin, pp 63–77
Chaturvedi A, Mishra D, Mukhopadhyay S (2017) An enhanced dynamic id-based authentication scheme for telecare medical information systems. Journal of King Saud University-Computer and Information Sciences 29(1):54–62
Chen CL, Lee CC, Hsu CY (2012) Mobile device integration of a fingerprint biometric remote authentication scheme. Int J Commun Syst 25(5):585–597
Chen HM, Lo JW, Yeh CK (2012) An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J Med Sys 36 (6):3907–3915
Das AK (2015) A secure and robust password-based remote user authentication scheme using smart cards for the integrated epr information system. J Med Sys 39(3):25
Debiao H, Jianhua C, Rui Z (2012) A more secure authentication scheme for telecare medicine information systems. J Med Sys 36(3):1989–1995
Goldsmith J, Blumenthal D, Rishel W (2003) Federal health information policy: a case of arrested development. Health Affairs 22(4):44–55
Gunter TD, Terry NP (2005) The emergence of national electronic health record architectures in the united states and Australia: models, costs, and questions. J Med Internet Res 7(1):e3
Han L, Tan X, Wang S, Liang X (2018) An efficient and secure three-factor based authenticated key exchange scheme using elliptic curve cryptosystems. Peer-to-Peer Networking and Applications 11(1):63–73
Irshad A, Sher M, Nawaz O, Chaudhry SA, Khan I, Kumari S (2017) A secure and provable multi-server authenticated key agreement for tmis based on Amin et al. scheme. Multimed Tools Appl 76(15):16463–16489
Islam SH, Biswas G (2013) Design of improved password authentication and update scheme based on elliptic curve cryptography. Mathematical and Computer Modelling 57(11-12):2703–2717
Jiang Q, Chen Z, Li B, Shen J, Yang L, Ma J (2018) Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems. J Ambient Intell Humanized Comput 9(4):1061–1073
Jiang Q, Ma J, Ma Z, Li G (2013) A privacy enhanced authentication scheme for telecare medical information systems. J Med Sys 37(1):9897
Jung J, Kang D, Lee D, Won D (2017) An improved and secure anonymous biometric-based user authentication with key agreement scheme for the integrated epr information system. PloS one 12(1):e0169414
Kang D, Lee D, Cho S, Jung J, Won D (2017) Cryptanalysis and improvement of robust authentication scheme for telecare medicine information systems. In: Proceedings of the 11th international conference on ubiquitous information management and communication. ACM, p 18
Khan MK, Kumari S, Gupta MK (2014) More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816
Kocarev L, Lian S (2011) Chaos-based cryptography: theory, algorithms and applications, vol 354. Springer Science & Business Media, Berlin
Lauter K (2004) The advantages of elliptic curve cryptography for wireless security. IEEE Wireless Communications 11(1):62–67
Lee TF, Chang IP, Lin TH, Wang CC (2013) A secure and efficient password-based user authentication scheme using smart cards for the integrated epr information system. J Med Sys 37(3):9941
Li CT, Lee CC, Weng CY, Chen SJ (2016) A secure dynamic identity and chaotic maps based user authentication and key agreement scheme for e-healthcare systems. J Med Sys 40(11):233
Li CT, Weng CY, Lee CC, Wang CC (2015) A hash based remote user authentication and authenticated key agreement scheme for the integrated epr information system. J Med Sys 39(11):144
Li M, Lou W, Ren K (2010) Data security and privacy in wireless body area networks. IEEE Wireless Communications 17(1):51–58
Li X, Wu F, Khan MK, Xu L, Shen J, Jo M (2018) A secure chaotic map-based remote authentication scheme for telecare medicine information systems. Future Generation Computer Systems 84:149–159
Liu W, Xie Q, Wang S, Hu B (2016) An improved authenticated key agreement protocol for telecare medicine information system. SpringerPlus 5(1):555
Lu Y, Li L, Peng H, Yang Y (2015) An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J Med Sys 39(3):32
Madhusudhan R, Mittal R (2012) Dynamic id-based remote user password authentication schemes using smart cards: a review. J Netw Comput Appl 35 (4):1235–1248
Madhusudhan R, Nayak CS (2018) A robust authentication scheme for telecare medical information systems. Multimed Tools Appl, pp 1–19
Mahaveerakannan R, Dhas CSG (2016) Customized rsa public key cryptosystem using digital signature of secure data transfer natural number algorithm. International Journal of Computer Technology and Application (IJCTA) 9(5):543–548
Mahaveerakannan R, Dhas CSG (2017) A hybrid group key management scheme for uav–mbn network environment increasing efficiency of key distribution in joining operation. In: International conference on intelligent information technologies. Springer, Berlin, pp 93–107
Mir O, van der Weide T, Lee CC (2015) A secure user anonymity and authentication scheme using avispa for telecare medical information systems. J Med Sys 39(9):89
Mishra D (2015) On the security flaws in id-based password authentication schemes for telecare medical information systems. J Med Sys 39(1):154
Mishra D, Mukhopadhyay S, Kumari S, Khan MK, Chaturvedi A (2014) Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J Med Sys 38(5):41
Mishra D, Srinivas J, Mukhopadhyay S (2014) A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J Med Sys 38(10):120
Moon J, Choi Y, Kim J, Won D (2016) An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Sys 40(3):70
Nikooghadam M, Zakerolhosseini A (2012) Secure communication of medical information using mobile agents. J Med Sys 36(6):3839–3850
Ostad-Sharif A, Abbasinezhad-Mood D, Nikooghadam M (2019) A robust and efficient ecc-based mutual authentication and session key generation scheme for healthcare applications. J Med Sys 43(1):10
Othman SB, Trad A, Youssef H (2014) Security architecture for at-home medical care using wireless sensor network. In: 2014 international wireless communications and mobile computing conference (IWCMC). IEEE, pp 304–309
Park C-S (2004) Authentication protocol providing user anonymity and untraceability in wireless mobile communication systems. Comput Netw 44(2):267–273
Qiu S, Xu G, Ahmad H, Wang L (2018) A robust mutual authentication scheme based on elliptic curve cryptography for telecare medical information systems. IEEE Access 6:7452–7463
Rankl W, Effing W (2004) Smart card handbook. Wiley, New York
Siddiqui Z, Abdullah AH, Khan MK, Alghamdi AS (2016) Cryptanalysis and improvement of ‘a secure authentication scheme for telecare medical information system’with nonce verification. Peer-to-Peer Networking and Applications 9(5):841–853
Singh G (2013) A study of encryption algorithms (rsa, des, 3des and aes) for information security. Int J Comput Appl 67(19)
Sutrala AK, Das AK, Odelu V, Wazid M, Kumari S (2016) Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Computer Methods and Programs in Biomedicine 135:167–185
Tsai CS, Lee CC, Hwang MS (2006) Password authentication schemes: current status and key issues. IJ Network Security 3(2):101–115
Wang H, Zhang H, Li J, Chen X (2013) A (3, 3) visual cryptography scheme for authentication. Journal of Shenyang Normal University (Natural Science Edition) 31(3):397–400
Wang X, Zhao J (2010) An improved key agreement protocol based on chaos. Communications in Nonlinear Science and Numerical Simulation 15(12):4052–4057
Wei J, Hu X, Liu W (2012) An improved authentication scheme for telecare medicine information systems. J Med Sys 36(6):3597–3604
Wen F (2014) A more secure anonymous user authentication scheme for the integrated epr information system. J Med Sys 38(5):42
Wen F, Guo D (2014) An improved anonymous authentication scheme for telecare medical information systems. J Med Sys 38(5):26
William S (1999) Cryptography and network security: principles and practice. Prentice-Hall Inc., Englewood Cliffs, pp 23–50
Wu F, Xu L (2013) Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J Med Sys 37(4):9958
Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Comput Elect Eng 45:274–285
Wu ZY, Chung Y, Lai F, Chen TS (2012) A password-based user authentication scheme for the integrated epr information system. J Med Sys 36(2):631–638
Wu ZY, Lee YC, Lai F, Lee HC, Chung Y (2012) A secure authentication scheme for telecare medicine information systems. J Med Sys 36(3):1529–1535
Xie Q, Zhang J, Dong N (2013) Robust anonymous authentication scheme for telecare medical information systems. J Med Sys 37(2):9911
Xiong H, Tao J, Yuan C (2017) Enabling telecare medical information systems with strong authentication and anonymity. IEEE Access 5:5648–5661
Yeh HL, Chen TH, Hu KJ, Shih WK (2013) Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data. IET Information Security 7(3):247–252
Zhou X, Kalker T (2010) On the security of biohashing. In: Media forensics and security II. International Society for Optics and Photonics, vol 7541, p 75410Q
Zhu Z (2012) An efficient authentication scheme for telecare medicine information systems. J Med Sys 36(6):3833–3838
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
R, M., Nayak, C.S. An improved user authentication scheme for electronic medical record systems. Multimed Tools Appl 79, 22007–22026 (2020). https://doi.org/10.1007/s11042-020-08983-7
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-020-08983-7