A Robust and Efficient ECC-based Mutual Authentication and Session Key Generation Scheme for Healthcare Applications
- 105 Downloads
Telecare medicine information system (TMIS) has provided an efficient and convenient way for communications of patients at home and medical staffs at clinical centers. To make these communications secure, user authentication by medical servers is considered as a crucial requirement. For this purpose, many user authentication and key agreement protocols have been put forwrad in order to fulfil this vital necessity. Recently, Arshad and Rasoolzadegan have revealed that not only the authentication and key agreement protocols suggested by Amin and Biswas and Giri et al. are defenseless against the replay attack and do not support the perfect forward secrecy, but also Amin and Biswas’s protocol is susceptible to the offline password guessing attack. Nonetheless, in this paper, we demonstrate that Arshad and Rasoolzadegan’s and the other existing schemes still fail to resist a well-known attack. Therefore, to cover this security gap, a new user authentication and session key agreement protocol is recommended that can be employed effectively for offering secure communication channels in TMIS. Our comparative security and performance analyses reveal that the proposed scheme can both solve the existing security drawback and, same as Arshad and Rasoolzadegan’s scheme, has low communication and computational overheads.
KeywordsAnonymity Authentication Key agreement Security TMIS
Compliance with ethical standards
Conflict of interest
A. Ostad-Sharif, D. Abbasinezhad-Mood, and M. Nikooghadam declare that they have no conflict of interest.
Human and animal rights
This article does not contain any studies with human or animal participants performed by any of the authors. Further, this research has been done without any grant.
- 13.J. Srinivas, A. K. Das, N. Kumar and J. Rodrigues, Cloud centric authentication for wearable healthcare monitoring system. IEEE Transactions on Dependable and Secure Computing, 2018.Google Scholar
- 14.S. Roy, A. K. Das, S. Chatterjee, N. Kumar, S. Chattopadhyay and J. J. Rodrigues, Provably secure fine-grained data access control over multiple cloud servers in mobile cloud computing based healthcare applications. IEEE Transactions on Industrial Informatics, 2018.Google Scholar
- 19.R. Canetti and H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels. Advances in Cryptology, pp. 453–474, 2001.Google Scholar
- 22.Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3):200–204, 2013.Google Scholar
- 34.Xu, X., Jin, Z. P., Zhang, H., and Zhu, P., A dynamic ID-based authentication scheme based on ECC for telecare medicine information systems. Appl. Mech. Mater. 457:861–866, 2014.Google Scholar
- 36.Amin, R., Islam, S. H., Biswas, G., Khan, M. K., and Kumar, N., An efficient and practical smart card based anonymity preserving user authentication scheme for tmis using elliptic curve. J. Med. Syst. 39(11):1–18, 2015.Google Scholar
- 38.Jiang, Q., Chen, Z., Li, B., Shen, J., Yang, L., and Ma, J., Security analysis and improvment of bio-hashing based three-factor authentication scheme for telecare medical information systems. J. Ambient. Intell. Humaniz. Comput.:1–13, 2017.Google Scholar
- 44.Das, A. K., A secure and effective user authentication and privacy preserving protocol with smart. Netw. Sci., 2012.Google Scholar
- 45.S. H. Islam and G. P. Biswas, A provably secure identity-based strong designated verifier proxy. Journal of King Saud University-Computer and Information Sciences, 2013.Google Scholar
- 46.AVISPA, Automated validation of internet security protocols and applications. 2014. [Online]. Available: http://www.avispa-project.org/.
- 47.X. Xu, P. Zhu, Q. Wen, Z. Jin, H. Zhang and L. He, A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. Journal of Medical systems, 38, 2014.Google Scholar