Skip to main content
SpringerLink
Log in

An improved user authentication scheme for electronic medical record systems

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Electronic Medical Record (EMR) systems is a part of e-healthcare system, which is developing rapidly. In this, it is possible to deliver medical services among multiple participants over a network without physical presence. Since sensitive data is transmitted over public channels, it is very much required to maintain the secrecy of that data. This is achieved by mutual authentication between the participants. For this, various schemes for authentication with smart cards have been proposed. Han et al. proposed one such biometrics-based scheme for the same purpose using hash functions along with symmetric key encryption and elliptic curve cryptography. From cryptanalysis of their scheme, we have pointed out weaknesses viz. no user anonymity, user and server impersonation, man-in-the-middle attack. These security issues have been presented in this article. To overcome these attacks, a scheme has been proposed in this article. Since it does not use symmetric key encryption, the proposed scheme reduces the computational complexity as can be seen in the comparison provided. The security analysis of the proposed scheme, along with BAN (Burrows-Abadi-Needham) logic has been explained in detail. Comparison of the proposed scheme with related schemes with respect to computation cost, execution time and performance is demonstrated. This proves that the proposed scheme performs well in terms of security as well as computational efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Amin R, Biswas G (2015) An improved rsa based user authentication and session key agreement protocol usable in tmis. J Med Sys 39(8):79

    Google Scholar 

  2. Arshad H, Nikooghadam M (2014) Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J Med Sys 38(12):136

    Google Scholar 

  3. Barrows RC Jr, Clayton PD (1996) Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association 3(2):139–148

    Google Scholar 

  4. Bhattacharyya D, Ranjan R, Alisherov F, Choi M, et al. (2009) Biometric authentication: a review. Int J u-and e-Service Sci Technol 2(3):13–28

    Google Scholar 

  5. Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proceedings of the Royal Society of London, A. Mathematical and Physical Sciences 426 (1871):233–271

    MathSciNet  MATH  Google Scholar 

  6. Burt CW, Sisk JE (2005) Which physicians and practices are using electronic medical records? Health Affairs 24(5):1334–1343

    Google Scholar 

  7. Callegati F, Cerroni W, Ramilli M (2009) Man-in-the-middle attack to the https protocol. IEEE Security & Privacy 7(1):78–81

    Google Scholar 

  8. Cao T, Zhai J (2013) Improved dynamic id-based authentication scheme for telecare medical information systems. J Med Sys 37(2):9912

    Google Scholar 

  9. Chang CC, Lee JS, Lo YY, Liu Y (2017) A secure authentication scheme for telecare medical information systems. In: Advances in intelligent information hiding and multimedia signal processing. Springer, Berlin, pp 303–312

  10. Chaturvedi A, Mishra D, Mukhopadhyay S (2013) Improved biometric-based three-factor remote user authentication scheme with key agreement using smart card. In: International conference on information systems security. Springer, Berlin, pp 63–77

  11. Chaturvedi A, Mishra D, Mukhopadhyay S (2017) An enhanced dynamic id-based authentication scheme for telecare medical information systems. Journal of King Saud University-Computer and Information Sciences 29(1):54–62

    Google Scholar 

  12. Chen CL, Lee CC, Hsu CY (2012) Mobile device integration of a fingerprint biometric remote authentication scheme. Int J Commun Syst 25(5):585–597

    Google Scholar 

  13. Chen HM, Lo JW, Yeh CK (2012) An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J Med Sys 36 (6):3907–3915

    Google Scholar 

  14. Das AK (2015) A secure and robust password-based remote user authentication scheme using smart cards for the integrated epr information system. J Med Sys 39(3):25

    Google Scholar 

  15. Debiao H, Jianhua C, Rui Z (2012) A more secure authentication scheme for telecare medicine information systems. J Med Sys 36(3):1989–1995

    Google Scholar 

  16. Goldsmith J, Blumenthal D, Rishel W (2003) Federal health information policy: a case of arrested development. Health Affairs 22(4):44–55

    Google Scholar 

  17. Gunter TD, Terry NP (2005) The emergence of national electronic health record architectures in the united states and Australia: models, costs, and questions. J Med Internet Res 7(1):e3

    Google Scholar 

  18. Han L, Tan X, Wang S, Liang X (2018) An efficient and secure three-factor based authenticated key exchange scheme using elliptic curve cryptosystems. Peer-to-Peer Networking and Applications 11(1):63–73

    Google Scholar 

  19. Irshad A, Sher M, Nawaz O, Chaudhry SA, Khan I, Kumari S (2017) A secure and provable multi-server authenticated key agreement for tmis based on Amin et al. scheme. Multimed Tools Appl 76(15):16463–16489

    Google Scholar 

  20. Islam SH, Biswas G (2013) Design of improved password authentication and update scheme based on elliptic curve cryptography. Mathematical and Computer Modelling 57(11-12):2703–2717

    MathSciNet  MATH  Google Scholar 

  21. Jiang Q, Chen Z, Li B, Shen J, Yang L, Ma J (2018) Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems. J Ambient Intell Humanized Comput 9(4):1061–1073

    Google Scholar 

  22. Jiang Q, Ma J, Ma Z, Li G (2013) A privacy enhanced authentication scheme for telecare medical information systems. J Med Sys 37(1):9897

    Google Scholar 

  23. Jung J, Kang D, Lee D, Won D (2017) An improved and secure anonymous biometric-based user authentication with key agreement scheme for the integrated epr information system. PloS one 12(1):e0169414

    Google Scholar 

  24. Kang D, Lee D, Cho S, Jung J, Won D (2017) Cryptanalysis and improvement of robust authentication scheme for telecare medicine information systems. In: Proceedings of the 11th international conference on ubiquitous information management and communication. ACM, p 18

  25. Khan MK, Kumari S, Gupta MK (2014) More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816

    MathSciNet  Google Scholar 

  26. Kocarev L, Lian S (2011) Chaos-based cryptography: theory, algorithms and applications, vol 354. Springer Science & Business Media, Berlin

    Google Scholar 

  27. Lauter K (2004) The advantages of elliptic curve cryptography for wireless security. IEEE Wireless Communications 11(1):62–67

    Google Scholar 

  28. Lee TF, Chang IP, Lin TH, Wang CC (2013) A secure and efficient password-based user authentication scheme using smart cards for the integrated epr information system. J Med Sys 37(3):9941

    Google Scholar 

  29. Li CT, Lee CC, Weng CY, Chen SJ (2016) A secure dynamic identity and chaotic maps based user authentication and key agreement scheme for e-healthcare systems. J Med Sys 40(11):233

    Google Scholar 

  30. Li CT, Weng CY, Lee CC, Wang CC (2015) A hash based remote user authentication and authenticated key agreement scheme for the integrated epr information system. J Med Sys 39(11):144

    Google Scholar 

  31. Li M, Lou W, Ren K (2010) Data security and privacy in wireless body area networks. IEEE Wireless Communications 17(1):51–58

    Google Scholar 

  32. Li X, Wu F, Khan MK, Xu L, Shen J, Jo M (2018) A secure chaotic map-based remote authentication scheme for telecare medicine information systems. Future Generation Computer Systems 84:149–159

    Google Scholar 

  33. Liu W, Xie Q, Wang S, Hu B (2016) An improved authenticated key agreement protocol for telecare medicine information system. SpringerPlus 5(1):555

    Google Scholar 

  34. Lu Y, Li L, Peng H, Yang Y (2015) An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J Med Sys 39(3):32

    Google Scholar 

  35. Madhusudhan R, Mittal R (2012) Dynamic id-based remote user password authentication schemes using smart cards: a review. J Netw Comput Appl 35 (4):1235–1248

    Google Scholar 

  36. Madhusudhan R, Nayak CS (2018) A robust authentication scheme for telecare medical information systems. Multimed Tools Appl, pp 1–19

  37. Mahaveerakannan R, Dhas CSG (2016) Customized rsa public key cryptosystem using digital signature of secure data transfer natural number algorithm. International Journal of Computer Technology and Application (IJCTA) 9(5):543–548

    Google Scholar 

  38. Mahaveerakannan R, Dhas CSG (2017) A hybrid group key management scheme for uav–mbn network environment increasing efficiency of key distribution in joining operation. In: International conference on intelligent information technologies. Springer, Berlin, pp 93–107

  39. Mir O, van der Weide T, Lee CC (2015) A secure user anonymity and authentication scheme using avispa for telecare medical information systems. J Med Sys 39(9):89

    Google Scholar 

  40. Mishra D (2015) On the security flaws in id-based password authentication schemes for telecare medical information systems. J Med Sys 39(1):154

    Google Scholar 

  41. Mishra D, Mukhopadhyay S, Kumari S, Khan MK, Chaturvedi A (2014) Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J Med Sys 38(5):41

    Google Scholar 

  42. Mishra D, Srinivas J, Mukhopadhyay S (2014) A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J Med Sys 38(10):120

    Google Scholar 

  43. Moon J, Choi Y, Kim J, Won D (2016) An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Sys 40(3):70

    Google Scholar 

  44. Nikooghadam M, Zakerolhosseini A (2012) Secure communication of medical information using mobile agents. J Med Sys 36(6):3839–3850

    Google Scholar 

  45. Ostad-Sharif A, Abbasinezhad-Mood D, Nikooghadam M (2019) A robust and efficient ecc-based mutual authentication and session key generation scheme for healthcare applications. J Med Sys 43(1):10

    Google Scholar 

  46. Othman SB, Trad A, Youssef H (2014) Security architecture for at-home medical care using wireless sensor network. In: 2014 international wireless communications and mobile computing conference (IWCMC). IEEE, pp 304–309

  47. Park C-S (2004) Authentication protocol providing user anonymity and untraceability in wireless mobile communication systems. Comput Netw 44(2):267–273

    MATH  Google Scholar 

  48. Qiu S, Xu G, Ahmad H, Wang L (2018) A robust mutual authentication scheme based on elliptic curve cryptography for telecare medical information systems. IEEE Access 6:7452–7463

    Google Scholar 

  49. Rankl W, Effing W (2004) Smart card handbook. Wiley, New York

    Google Scholar 

  50. Siddiqui Z, Abdullah AH, Khan MK, Alghamdi AS (2016) Cryptanalysis and improvement of ‘a secure authentication scheme for telecare medical information system’with nonce verification. Peer-to-Peer Networking and Applications 9(5):841–853

    Google Scholar 

  51. Singh G (2013) A study of encryption algorithms (rsa, des, 3des and aes) for information security. Int J Comput Appl 67(19)

  52. Sutrala AK, Das AK, Odelu V, Wazid M, Kumari S (2016) Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Computer Methods and Programs in Biomedicine 135:167–185

    Google Scholar 

  53. Tsai CS, Lee CC, Hwang MS (2006) Password authentication schemes: current status and key issues. IJ Network Security 3(2):101–115

    Google Scholar 

  54. Wang H, Zhang H, Li J, Chen X (2013) A (3, 3) visual cryptography scheme for authentication. Journal of Shenyang Normal University (Natural Science Edition) 31(3):397–400

    Google Scholar 

  55. Wang X, Zhao J (2010) An improved key agreement protocol based on chaos. Communications in Nonlinear Science and Numerical Simulation 15(12):4052–4057

    MathSciNet  MATH  Google Scholar 

  56. Wei J, Hu X, Liu W (2012) An improved authentication scheme for telecare medicine information systems. J Med Sys 36(6):3597–3604

    Google Scholar 

  57. Wen F (2014) A more secure anonymous user authentication scheme for the integrated epr information system. J Med Sys 38(5):42

    Google Scholar 

  58. Wen F, Guo D (2014) An improved anonymous authentication scheme for telecare medical information systems. J Med Sys 38(5):26

    Google Scholar 

  59. William S (1999) Cryptography and network security: principles and practice. Prentice-Hall Inc., Englewood Cliffs, pp 23–50

    Google Scholar 

  60. Wu F, Xu L (2013) Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J Med Sys 37(4):9958

    Google Scholar 

  61. Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Comput Elect Eng 45:274–285

    Google Scholar 

  62. Wu ZY, Chung Y, Lai F, Chen TS (2012) A password-based user authentication scheme for the integrated epr information system. J Med Sys 36(2):631–638

    Google Scholar 

  63. Wu ZY, Lee YC, Lai F, Lee HC, Chung Y (2012) A secure authentication scheme for telecare medicine information systems. J Med Sys 36(3):1529–1535

    Google Scholar 

  64. Xie Q, Zhang J, Dong N (2013) Robust anonymous authentication scheme for telecare medical information systems. J Med Sys 37(2):9911

    Google Scholar 

  65. Xiong H, Tao J, Yuan C (2017) Enabling telecare medical information systems with strong authentication and anonymity. IEEE Access 5:5648–5661

    Google Scholar 

  66. Yeh HL, Chen TH, Hu KJ, Shih WK (2013) Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data. IET Information Security 7(3):247–252

    Google Scholar 

  67. Zhou X, Kalker T (2010) On the security of biohashing. In: Media forensics and security II. International Society for Optics and Photonics, vol 7541, p 75410Q

  68. Zhu Z (2012) An efficient authentication scheme for telecare medicine information systems. J Med Sys 36(6):3833–3838

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematical and Computational Sciences, National Institute of Technology Karnataka, Surathkal, Karnataka, India

    Madhusudhan R & Chaitanya S. Nayak

Authors
  1. Madhusudhan R
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chaitanya S. Nayak
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Madhusudhan R.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

R, M., Nayak, C.S. An improved user authentication scheme for electronic medical record systems. Multimed Tools Appl 79, 22007–22026 (2020). https://doi.org/10.1007/s11042-020-08983-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-020-08983-7

Keywords

Search

Navigation