Advertisement

A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS

  • Ruhul Amin
  • G. P. Biswas
Patient Facing Systems
Part of the following topical collections:
  1. Patient Facing Systems

Abstract

Telecare Medical Information System (TMIS) makes an efficient and convenient connection between patient(s)/user(s) at home and doctor(s) at a clinical center. To ensure secure connection between the two entities (patient(s)/user(s), doctor(s)), user authentication is enormously important for the medical server. In this regard, many authentication protocols have been proposed in the literature only for accessing single medical server. In order to fix the drawbacks of the single medical server, we have primarily developed a novel architecture for accessing several medical services of the multi-medical server, where a user can directly communicate with the doctor of the medical server securely. Thereafter, we have developed a smart card based user authentication and key agreement security protocol usable for TMIS system using cryptographic one-way hash function. We have analyzed the security of our proposed authentication scheme through both formal and informal security analysis. Furthermore, we have simulated the proposed scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and showed that the scheme is secure against the replay and man-in-the-middle attacks. The informal security analysis is also presented which confirms that the protocol has well security protection on the relevant security attacks. The security and performance comparison analysis confirm that the proposed protocol not only provides security protection on the above mentioned attacks, but it also achieves better complexities along with efficient login and password change phase.

Keywords

Authentication AVISPA simulator Multi-Medical server TMIS Security attacks 

References

  1. 1.
    Amin, R., Cryptanalysis and an efficient secure id-based remote user authentication using smart card. Int. J. Comput. Appl. 75(13):43–48, 2013.Google Scholar
  2. 2.
    Amin, R., Maitra, T., Giri, D., Article: An improved efficient remote user authentication scheme in multi-server environment using smart card. Int. J. Comput. Appl. 69(22):1–6, 2013.Google Scholar
  3. 3.
    Amin, R., Maitra, T., Rana, S.P., An improvement of wang. et. al.’s remote user authentication scheme against smart card security breach. Int. J. Comput. Appl. 75(13):37–42, 2013.Google Scholar
  4. 4.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P., Hem, P., Kouchnarenko, O., Mantovani, J., Mdersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Vigan, L., Vigneron, L.: The avispa tool for the automated validation of internet security protocols and applications. In: Computer Aided Verification, Vol. 3576, pp. 281–285. Lecture Notes in Computer Science (2005)Google Scholar
  5. 5.
    Bhargav-Spantzel, A., Squicciarini, A.C., Modi, S., Young, M., Bertino, E., Elliott, S.J., Privacy preserving multi-factor authentication with biometric. J. Comput. Secur. 15(5):529–560, 2007.Google Scholar
  6. 6.
    Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9912, 2013. doi: 10.1007/s10916-012-9912-5.CrossRefMathSciNetGoogle Scholar
  7. 7.
    Chang, Y.F., Yu, S.H., Shiao, D.R., A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(2):9902, 2013. doi: 10.1007/s10916-012-9902-7.CrossRefGoogle Scholar
  8. 8.
    Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.CrossRefGoogle Scholar
  9. 9.
    Chuang, M.C., and Chen, M.C., An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst. Appl. 41(4, Part 1):1411–1418, 2014.CrossRefGoogle Scholar
  10. 10.
    Das, A., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):9948, 2013. doi: 10.1007/s10916-013-9948-1.CrossRefGoogle Scholar
  11. 11.
    Das, A.K., Analysis and improvement on an effcient biometric based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.CrossRefGoogle Scholar
  12. 12.
    Debiao, H., Jianhua, C., Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRefGoogle Scholar
  13. 13.
    Dolev, D., and Yao, A.C., On the security of public key protocols. Information Theory. IEEE Trans. 29(2):198–208, 1983.zbMATHMathSciNetGoogle Scholar
  14. 14.
    Fan, C.I., and Lin, Y.H., Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. Information Forensics and Security. IEEE Trans. 4(4):933–945, 2009.Google Scholar
  15. 15.
    Guo, C., and Chang, C.C., Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6):1433–1440, 2013.CrossRefzbMATHMathSciNetGoogle Scholar
  16. 16.
    Hao, X., Wang, J., Yang, Q., Yan, X., Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):9919, 2013. doi: 10.1007/s10916-012-9919-y.CrossRefGoogle Scholar
  17. 17.
    Islam, S.H., and Biswas, G.P., A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.CrossRefGoogle Scholar
  18. 18.
    Jiang, Q., Ma, J., Lu, X., Tian, Y., Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J. Med. Syst. 38(2):1–8, 2014. doi: 10.1007/s10916-014-0012-6.CrossRefGoogle Scholar
  19. 19.
    Jiang, Q., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):9897, 2013. doi: 10.1007/s10916-012-9897-0.CrossRefMathSciNetGoogle Scholar
  20. 20.
    Jina, A.T.B., Ling, D.N.C., Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.CrossRefGoogle Scholar
  21. 21.
    Khan, M.K., Kumari, S., Gupta, M., More efficient key-hash based fingerprint remote authentication scheme using mobile device. Comput. 96(9):793–816, 2014. doi: 10.1007/s00607-013-0308-2.CrossRefMathSciNetGoogle Scholar
  22. 22.
    Khan, M.K., and Zhang, J., Improving the security of a flexible biometric remote user authentication scheme. Comput. Stand. Interfaces 29(1):82–85, 2007.CrossRefGoogle Scholar
  23. 23.
    Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology CRYPTO 99. Vol. 1666, pp. 388–397: Lecture Notes in Computer Science, 1999.Google Scholar
  24. 24.
    Kumar, M., Gupta, M.K., Kumari, S., An improved efficient remote password authentication scheme with smart card over insecure networks. Int. J. Netw. Secur. 13(3):167–177, 2011.Google Scholar
  25. 25.
    Kumari, S., Gupta, M.K., Khan, M.K., Li, X., An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Secur. Commun. Netw. 7:1921–1932, 2014. doi: 10.1002/sec.906.CrossRefGoogle Scholar
  26. 26.
    Kumari, S., Khan, M., Kumar, R., Cryptanalysis and improvement of a privacy enhanced scheme for telecare medical information systems. J. Med. Syst. 37(4):9952, 2013. doi: 10.1007/s10916-013-9952-5.CrossRefGoogle Scholar
  27. 27.
    Kumari, S., and Khan, M.K., More secure smart card based remote user password authentication scheme with user anonymity. Secur. Commun. Netw. 7:2039–2053, 2013. doi: 10.1002/sec.916.CrossRefGoogle Scholar
  28. 28.
    Kumari, S., and Khan, M.K., Cryptanalysis and improvement of ’a robust smart-card-based remote user password authentication scheme. Int. J. Commun. Syst. 27:3939–3955, 2014. doi: 10.1002/dac.2590..CrossRefGoogle Scholar
  29. 29.
    Kumari, S., Khan, M.K., Li, X., An improved remote user authentication scheme with key agreement. Comput. & Electr. Eng. 40(6):1997–2012, 2014. doi: 10.1016/j.compeleceng.2014.05.007.CrossRefGoogle Scholar
  30. 30.
    Kumari, S., Khan, M.K., Li, X., Wu, F., Design of a user anonymous password authentication scheme without smart card. Int. J. Commun. Syst. 27(10):609–618, 2014. doi: 10.1002/dac.2853.Google Scholar
  31. 31.
    Lee, C.C., Hsu, C.W., Lai, Y.M., Vasilakos, A., An enhanced mobile-healthcare emergency system based on extended chaotic maps. J. Med. Syst. 37(5):9973, 2013. doi: 10.1007/s10916-013-9973-0.CrossRefGoogle Scholar
  32. 32.
    Lee, T.F., An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 37(6):1–9, 2013. doi: 10.1007/s10916-013-9985-9.CrossRefGoogle Scholar
  33. 33.
    Lee, T.F., Chang, I.P., Lin, T.H., Wang, C.C., A secure and efficient password- based user authentication scheme using smart cards for the integrated epr information system. J. Med. Syst. 37(3):3833–3838, 2013.Google Scholar
  34. 34.
    Li, C.T., and Hwang, M.S., An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.CrossRefGoogle Scholar
  35. 35.
    Li, C.T., Lee, C.C., Weng, C.Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):77, 2014. doi: 10.1007/s10916-014-0077-2.CrossRefGoogle Scholar
  36. 36.
    Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.CrossRefzbMATHGoogle Scholar
  37. 37.
    Li, X., Xiong, Y., Ma, J., Wang, W., An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2):763–769, 2012.CrossRefGoogle Scholar
  38. 38.
    Lin, H.Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–5, 2013.CrossRefGoogle Scholar
  39. 39.
    Lumini, A., and Nanni, L., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 40(3):1057–1065, 2007.CrossRefzbMATHGoogle Scholar
  40. 40.
    Maitra, T., and Giri, D., An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment. J. Med. Syst. 38(12):142, 2014. doi: 10.1007/s10916-014-0142-x.CrossRefGoogle Scholar
  41. 41.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRefMathSciNetGoogle Scholar
  42. 42.
    Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M., Cryptanalysis and improvement of yan et al.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6): 24, 2014. doi: 10.1007/s10916-014-0024-2.CrossRefGoogle Scholar
  43. 43.
    Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10): 120, 2014. doi: 10.1007/s10916-014-0120-3.CrossRefGoogle Scholar
  44. 44.
    Sood, S.K., Sarje, A.K., Singh, K., A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2):609–618, 2011.CrossRefGoogle Scholar
  45. 45.
    Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Netw. 2(3):200–204, 2013.Google Scholar
  46. 46.
  47. 47.
    Wang, B., and Ma, M., A smart card based efficient and secured multi-server authentication scheme. Wirel. Pers. Commun. 68(2):361–378, 2013.CrossRefGoogle Scholar
  48. 48.
    Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.CrossRefGoogle Scholar
  49. 49.
    Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRefGoogle Scholar
  50. 50.
    Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9911, 2013. doi: 10.1007/s10916-012-9911-6.CrossRefGoogle Scholar
  51. 51.
    Xue, K., Hong, P., Ma, C., A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J. Comput. Syst. Sci. 80(1):195–206, 2014.CrossRefzbMATHMathSciNetGoogle Scholar
  52. 52.
    Yan, X., Li, W., Li, P., Wang, J., Hao, X., Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(5):1–6, 2013.CrossRefzbMATHGoogle Scholar
  53. 53.
    Yang, D., and Yang, B.: A biometric password-based multi-server authentication scheme with smart card. In: 2010 International Conference on, Computer Design and Applications (ICCDA). Vol. 5, pp. 554–559 (2010)Google Scholar
  54. 54.
    Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringIndian School of MinesDhanbadIndia

Personalised recommendations