Journal of Medical Systems

, 39:89 | Cite as

A Secure User Anonymity and Authentication Scheme Using AVISPA for Telecare Medical Information Systems

Systems-Level Quality Improvement
First Online:
Received:
Accepted:
Part of the following topical collections:
  1. Systems-Level Quality Improvement

Abstract

Telecare medicine information systems (TMIS) have been known as an effective mechanism to increase quality and security of healthcare services. In other to the protection of patient privacy, several authentication schemes have been proposed in TMIS, however, most of them have a security problems. Recently, Das proposed a secure and robust password-based remote user authentication scheme for the integrated EPR information system. However, in this paper, we show that his scheme have some security flaws. Then, we shall propose a secure authentication scheme to overcome their weaknesses. We prove the proposed scheme with random oracle and also use the BAN logic to prove the correctness of the proposed scheme. Furthermore, we simulate our scheme for the formal security analysis using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool.

Keywords

Telecare medical information system Authentication scheme Smart card Password-based remote authentication Random oracle AVISPA 
This is a preview of subscription content, log in to check access.

References

  1. 1.
    Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):9954, 2013.CrossRefPubMedGoogle Scholar
  2. 2.
    Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRefGoogle Scholar
  3. 3.
    Khan, M. K., and Kumari, S., Cryptanalysis and improvement of “An efficient and secure dynamic ID-based authentication scheme for Telecare medical information systems”. Secur. Commun. Netw. 7(2):399–408, 2014.CrossRefGoogle Scholar
  4. 4.
    Witteman, M., Advances in smartcard security. Inf. Secur. Bull. 7:11–22, 2002.Google Scholar
  5. 5.
    Lee, N. Y., and Chen, J. C., Improvement of one-time password authentication scheme using smart card. IEICE Trans. Commun. E88-B(9):3765–3769, 2005.CrossRefGoogle Scholar
  6. 6.
    Chen, T. H., Hsiang, H. C., and Shih, W. K., Security enhancement on an improvement on two remote user authentication schemes using smart cards. Futur. Gener. Comput. Syst. 27(4):377–380, 2011.CrossRefGoogle Scholar
  7. 7.
    Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRefPubMedGoogle Scholar
  8. 8.
    He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36:1989–1995, 2012.CrossRefGoogle Scholar
  9. 9.
    Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.CrossRefPubMedGoogle Scholar
  10. 10.
    Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36:3833–3838, 2012.CrossRefPubMedGoogle Scholar
  11. 11.
    Das, M. L., Saxana, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.CrossRefGoogle Scholar
  12. 12.
    Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.CrossRefPubMedGoogle Scholar
  13. 13.
    Khan, M. K., et al., Cryptanalysis and security enhancement of a more efficient and secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.CrossRefGoogle Scholar
  14. 14.
    Lin, H. Y., On the security of a dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 37:9929, 2013.CrossRefPubMedGoogle Scholar
  15. 15.
    Cao, T., and Zhai, J., Improved dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 37:9912, 2013.CrossRefPubMedGoogle Scholar
  16. 16.
    Sood, S. K., Sarjee, A. K., and Singh, K., An improvement of Liao et al.’s authentication scheme using smart card. IEEE 2nd International Advance Computing Conference (IACC2010), Patiala, India, pp. 240–245, 2010.Google Scholar
  17. 17.
    He, D., Kumar, N., Lee, J. H., and Sherratt, R. S., Enhanced three factor security protocol for consumer USB mass storage devices. IEEE Trans. Consum. Electron. 60(1):30–37, 2014.CrossRefGoogle Scholar
  18. 18.
    Maitra, T., and Giri, D., An efficient biometric and password based remote user authentication using smart card for telecare medical information systems in multi-server environment. J. Med. Syst. 38(12):142, 2014.CrossRefPubMedGoogle Scholar
  19. 19.
    He, D., Kumar, N., Chilamkurti, N., and Lee, J. H., Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J. Med. Syst. 38(10):1–6, 2014.CrossRefGoogle Scholar
  20. 20.
    Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1):28–30, 2000.CrossRefGoogle Scholar
  21. 21.
    Wen, F., and Li, X., An improved dynamic ID-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2):381–387, 2011.CrossRefGoogle Scholar
  22. 22.
    Chen, C., He, D., Chan, S., Bu, S. J., Gao, Y., and Fan, R., Lightweight and provably secure user authentication with anonymity for the global mobility network. Int. J. Commun. Syst. 24(3):347–362, 2011.CrossRefGoogle Scholar
  23. 23.
    Lee, T. F., Chang, J. B., Chan, C. W., and Liu, H. C., Password-based mutual authentication scheme using smart cards. The E-learning and Information Technology Symposium (EITS2010), Tainan, Taiwan, 2010.Google Scholar
  24. 24.
    Das, A., A secure and robust password-based remote user authentication scheme using smart cards for the integrated EPR information system. J. Med. Syst. 39:25, 2015.CrossRefPubMedGoogle Scholar
  25. 25.
    Li, C. T., Lee, C. C., Weng, C. Y., and Fan, C. I., An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Trans. Internet Inf. Syst. 7:119–131, 2013.CrossRefGoogle Scholar
  26. 26.
    Li, C. T., A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Inf. Secur. 7:3–10, 2013.CrossRefGoogle Scholar
  27. 27.
    Wen, F., A more secure anonymous user authentication scheme for the integrated EPR information system. J. Med. Syst. 38(5):42, 2014.CrossRefPubMedGoogle Scholar
  28. 28.
    Wen, F. T., and Guo, D. L., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(5):26, 2014.CrossRefPubMedGoogle Scholar
  29. 29.
    Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38:136, 2014.CrossRefPubMedGoogle Scholar
  30. 30.
    Das, A., A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems. J. Med. Syst. 39:218, 2015.Google Scholar
  31. 31.
    Guo, D., Wen, Q., Li, W., Zhang, H., and Jin, Z., An improved biometrics-based authentication scheme for telecare medical information systems. J. Med. Syst. 39:20, 2015.CrossRefPubMedGoogle Scholar
  32. 32.
    Burrows, M., Abadi, M., and Needham, R., A logic of authentication. ACM Trans. Comput. Syst. 8(1):18–36, 1990.CrossRefGoogle Scholar
  33. 33.
    He, D., and Zeadally, S., An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J. 2(1):72–83, 2015.CrossRefGoogle Scholar
  34. 34.
    Sarkar, P., A Simple and generic construction of authenticated encryption with associated data. ACM Trans. Inf. Syst. Secur. 13(4):33, 2010.CrossRefGoogle Scholar
  35. 35.
    Chang, Y. F., Yu, S. H., and Shiao, D. R., An uniqueness-and anonymity preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.CrossRefPubMedGoogle Scholar
  36. 36.
    The AVISPA Project, HLPSL tutorial: a beginner’s guide to modelling and analysing Internet security protocols. Available at URL: www.avispa-project.org, 2005.
  37. 37.
    AVISPA. Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed on January 2013.
  38. 38.
    Mishraa, D., Das, A. K., and Mukhopadhyay, S., A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst. Appl. 41(18):8129–8143, 2014.CrossRefGoogle Scholar
  39. 39.
    Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37:9933, 2013.CrossRefPubMedGoogle Scholar
  40. 40.
    Stallings, W., Cryptography and network security: principles and practices, 3rd edition. Englewood Cliffs, Prentice Hall, 2003.Google Scholar
  41. 41.
    Li, C. T., Lee, C. C., and Weng, C. Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):77, 2014.CrossRefPubMedGoogle Scholar
  42. 42.
    He, D., Kumar, N., and Chilamkurti, N., A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci. 2015. doi: 10.1016/j.ins.2015.02.010.Google Scholar
  43. 43.
    He, D., and Zeadally, S., Authentication protocol for ambient assisted living system. IEEE Commun. Mag. 35(1):71–77, 2015.CrossRefGoogle Scholar
  44. 44.
    Chen, C. L., Yang, T. T., Chiang, M. L., and Shih, T. F., A privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 38(11):143, 2014.CrossRefPubMedGoogle Scholar
  45. 45.
    Arshad, H., and Nikooghadam, M., An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimedia Tool Appl. 2014. doi: 10.1007/s11042-014-2282-x.Google Scholar
  46. 46.
    Mir, O., and Nikooghadam, M., A secure biometrics based authentication with key agreement scheme in telemedicine networks for E-health services. Wirel. Pers. Commun. 2015. doi: 10.1007/s11277-015-2538-4.Google Scholar
  47. 47.
    He, D., Zhang, Y., and Chen, J., Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wirel. Pers. Commun. 74(2):229–243, 2014.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Institute for Computing and Information SciencesRadboud University NijmegenNijmegenThe Netherlands
  2. 2.Department of Library and Information ScienceFu Jen Catholic UniversityNew Taipei CityTaiwan
  3. 3.Department of Photonics & Communication EngineeringAsia UniversityTaichungTaiwan

Personalised recommendations