An Improved Biometrics-Based Authentication Scheme for Telecare Medical Information Systems
- 289 Downloads
Telecare medical information system (TMIS) offers healthcare delivery services and patients can acquire their desired medical services conveniently through public networks. The protection of patients’ privacy and data confidentiality are significant. Very recently, Mishra et al. proposed a biometrics-based authentication scheme for telecare medical information system. Their scheme can protect user privacy and is believed to resist a range of network attacks. In this paper, we analyze Mishra et al.’s scheme and identify that their scheme is insecure to against known session key attack and impersonation attack. Thereby, we present a modified biometrics-based authentication scheme for TMIS to eliminate the aforementioned faults. Besides, we demonstrate the completeness of the proposed sche-me through BAN-logic. Compared to the related schemes, our protocol can provide stronger security and it is more practical.
KeywordsTelecare medical information systems Biometrics Authentication Anonymity Untraceability BAN-logic
The authors are grateful to the editor and anonymous reviewers for their valuable suggestions, which improved the paper. This work is supported by NSFC (Grant Nos. 61300181, 61202434), the Fundamental Research Funds for the Central Universities (Grant No. 2015RC23).
- 3.Wen, F.T., Susilo, W., Yang, G.M., A robust smart card-based anonymous user authentication protocol for wireless communications. Security Comm. Networks, 2013. 10.1002/sec.816.
- 6.Li, X., Niu, J.W., Khan, M.K., Liao, J.G., Zhao, X.K., Robust three-factor remote user authentication scheme with key agreement for multimedia systems, 2013. doi: 10.1002/sec.961.
- 12.Wen, F.T., and Guo, D.L., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst., 2014. doi: 10.1007/s10916-014-0026-0.
- 14.Das, A.K., and Goswami, A., An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function, 2014. doi: 10.1007/s10916-014-0027-z.
- 15.Jiang, Q., Ma, J.F., Lu, X., Tian, Y.L., Robust Chaotic Map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems, 2014. doi: 10.1007/s10916-014-0012-6.
- 16.Tan, Z.W., An efficient biometrics-based authentication scheme for telecare medicine information systems. Przegl. Elektrotech. 89(5):200–204, 2013.Google Scholar
- 18.Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., and Khan, M., Cryptanalysis and improvement of Yan et al.’s Biometric-based authentication scheme for telecare medicine information systemes. J. Med. Syst., 2014. doi: 10.1007/s10916-014-0024-2.
- 19.Tan, Z.W., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst., 2014. doi: 10.1007/s10916-014-0016-2.
- 20.Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst., 2014. doi: 10.1007/s10916-014-0136-8.
- 21.Maitra, T., and Giri, D., An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment. J. Med. Syst., 2014. doi: 10.1007/s10916-014-0142-x.
- 22.Li, X.L.,Wen, Q.Y., Li, W.M., Zhang, H., and Jin, Z.P., Secure privacy-preserving biometric authentication scheme for telecare medicine information systems. J. Med. Syst., 2014. doi: 10.1007/s10916-014-0139-5.
- 23.Li, X., Niu, J.W., Wang, Z.B., Chen, C.S., Applying biometrics to design three-factor remote user authentication scheme with key agreement. Secur. Commun. Netw. 7(10):1488–1497, 2014.Google Scholar
- 24.Das, A.K., and Goswami, A., An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function. J. Med. Syst., 2014. doi: 10.1007/s10916-014-0027-z.
- 25.Kocher, P., Jaffe, J., Jun, B., Differential power analysis, pp. 388–397. Santa Barbara: Proceedings of Advances in Cryptology, 1999.Google Scholar
- 27.Juels, A., and Wattenberg, M., A fuzzy commitment scheme. CCS ’99 Proceedings of the 6th ACM conference on Computer and communications security, pp. 28–36. New York: ACM, 1999.Google Scholar