An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function

TRANSACTIONAL PROCESSING SYSTEMS
Part of the following topical collections:
  1. Topical Collection on Transactional Processing Systems

Abstract

Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava’s scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava’s scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava’s scheme.

Keywords

Telecare medicine information systems Chaotic hash function Biohashing Security Biometrics Password Anonymity AVISPA 

References

  1. 1.
    AVISPA: Automated validation of internet security protocols and applications. http://www.avispa-project.org/. Accessed Jan 2013.
  2. 2.
    AVISPA: AVISPA Web Tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed Sept 2013.
  3. 3.
    Awasthi, A. K., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):1–4, 2013.Google Scholar
  4. 4.
    Basin, D., Modersheim, S., and Vigano, L., OFMC: A symbolic model checker for security protocols. Int. J. Inf. Sec. 4(3):181–208, 2005.Google Scholar
  5. 5.
    Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.Google Scholar
  6. 6.
    Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:1–9, 2013.Google Scholar
  7. 7.
    Das, A. K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Sec. 5(3):145–151, 2011.Google Scholar
  8. 8.
    Das, A. K., A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Netw. Sci. 2(1–2):12–27, 2013.Google Scholar
  9. 9.
    Das, A. K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.Google Scholar
  10. 10.
    Das, A. K., Massand, A., and Patil, S., A novel proxy signature scheme based on user hierarchical access control policy. J. King Saud University - Comput. Inf. Sci. 25(2):219–228, 2013.Google Scholar
  11. 11.
    Das, A. K., Paul, N. R., and Tripathy, L., Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf. Sci. 209:80–92, 2012.Google Scholar
  12. 12.
    Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.Google Scholar
  13. 13.
    Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.Google Scholar
  14. 14.
    Dolev, D., and Yao, A., On the security of public key protocols. IEEE Trans. Inf. Theory. 29(2):198–208, 1983.Google Scholar
  15. 15.
    Hwang, M.-S., and Li, L.-H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1): 28–30, 2000.Google Scholar
  16. 16.
    Hwang, T., Chen, Y., and Laih, C.-S., Non-interactive password authentications without password tables. In: Proceedings of IEEE Region 10 Conference on Computer and Communication Systems (TENCON’90). Vol. 1, pp. 429–431, 1990.Google Scholar
  17. 17.
    Jaspher, G., Kathrine, W., Kirubakaran, E., and Prakash, P., Smart card based remote user authentication schemes: A survey. Procedia Eng. 38:1318–1326, 2012.Google Scholar
  18. 18.
    Jina, A. T. B., Linga, D. N. C., and Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.Google Scholar
  19. 19.
    Khan, M. K., Kim, S.-K., and Alghathbar, K., Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’. Comput Commun. 34(3):305–309, 2011.Google Scholar
  20. 20.
    Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. In: Proceedings of Advances in Cryptology - CRYPTO’99, LNCS. Vol. 1666, pp. 388–397, 1999.Google Scholar
  21. 21.
    Lamport, L., Password authentification with insecure communication. Commun. ACM. 24(11):770–772, 1981.Google Scholar
  22. 22.
    Li, C.-T., and Hwang, M.-S., An efficient biometric-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33:1–5, 2010.Google Scholar
  23. 23.
    Li, C.-T., Lee, C.-C., Liu, C.-J., and Lee, C.-W., A robust remote user authentication scheme against smart card security breach. In: Proceedings of Data and Applications Security and Privacy XXV, LNCS. VOl. 6818, pp. 231–238, 2011.Google Scholar
  24. 24.
    Li, X., Niu, J.-W., Ma, J., Wang, W.-D., and Liu, C.-L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34:73–79, 2011.Google Scholar
  25. 25.
    Lumini, A., and Nanni, L., An improved BioHashing for human authentication. Pattern Recog. 40(3):1057–1065, 2007.Google Scholar
  26. 26.
    Madhusudhan, R., and Mittal, R. C., Dynamic ID-based remote user password authentication schemes using smart cards: A review. J. Netw. Comput. Appl. 35(4):1235–1248, 2012.Google Scholar
  27. 27.
    Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.Google Scholar
  28. 28.
    Odelu, V., Das, A. K., and Goswami, A., An effective and secure key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 37(2):1–18, 2013.Google Scholar
  29. 29.
    Wang, Y.-Y., Liu, J.-Y., Xiao, F.-X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009.Google Scholar
  30. 30.
    Xiao, D., Liao, X., and Deng, S., One-way hash function construction based on the chaotic map with changeable-parameter. Chaos, Solitons Fractals. 241:65–71, 2005.Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.Center for Security, Theory and Algorithmic ResearchInternational Institute of Information TechnologyHyderabadIndia
  2. 2.Department of MathematicsIndian Institute of TechnologyKharagpurIndia

Personalised recommendations