Advertisement

Journal of Medical Systems

, 43:10 | Cite as

A Robust and Efficient ECC-based Mutual Authentication and Session Key Generation Scheme for Healthcare Applications

  • Arezou Ostad-Sharif
  • Dariush Abbasinezhad-Mood
  • Morteza NikooghadamEmail author
Mobile & Wireless Health
  • 105 Downloads
Part of the following topical collections:
  1. Mobile & Wireless Health

Abstract

Telecare medicine information system (TMIS) has provided an efficient and convenient way for communications of patients at home and medical staffs at clinical centers. To make these communications secure, user authentication by medical servers is considered as a crucial requirement. For this purpose, many user authentication and key agreement protocols have been put forwrad in order to fulfil this vital necessity. Recently, Arshad and Rasoolzadegan have revealed that not only the authentication and key agreement protocols suggested by Amin and Biswas and Giri et al. are defenseless against the replay attack and do not support the perfect forward secrecy, but also Amin and Biswas’s protocol is susceptible to the offline password guessing attack. Nonetheless, in this paper, we demonstrate that Arshad and Rasoolzadegan’s and the other existing schemes still fail to resist a well-known attack. Therefore, to cover this security gap, a new user authentication and session key agreement protocol is recommended that can be employed effectively for offering secure communication channels in TMIS. Our comparative security and performance analyses reveal that the proposed scheme can both solve the existing security drawback and, same as Arshad and Rasoolzadegan’s scheme, has low communication and computational overheads.

Keywords

Anonymity Authentication Key agreement Security TMIS 

Notes

Compliance with ethical standards

Conflict of interest

A. Ostad-Sharif, D. Abbasinezhad-Mood, and M. Nikooghadam declare that they have no conflict of interest.

Human and animal rights

This article does not contain any studies with human or animal participants performed by any of the authors. Further, this research has been done without any grant.

References

  1. 1.
    Chaudhry, S. A., Mahmood, K., Naqvi, H., and Khan, M. K., An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. J. Med. Syst. 39(11):175, 2015.CrossRefGoogle Scholar
  2. 2.
    Jindal, A., Dua, A., Kumar, N., Das, A. K., Vasilakos, A. V., and Rodrigues, J. J., Providing Healthcare-as-a-Service Using Fuzzy Rule Based Big Data Analytics in Cloud Computing. IEEE Journal of Biomedical and Health Informatics 22(5):1605–1618, 2018.CrossRefGoogle Scholar
  3. 3.
    Lee, T. F., Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems. Comput. Methods Prog. Biomed. 117(3):464–472, 2014.CrossRefGoogle Scholar
  4. 4.
    Chaudhry, S. A., Naqvi, H., and Khan, M. K., An enhanced lightweight anonymous biometric based authentication scheme for TMIS. Multimedia Tools and Applications 77(5):5503–5524, 2018.CrossRefGoogle Scholar
  5. 5.
    Amin, R., and Biswas, G. P., A novel user authentication and key agreement for accessing multi-medical server usable in TMIS. J. Med. Syst. 39(3):33, 2015.CrossRefGoogle Scholar
  6. 6.
    Zhang, K., Yang, K., Liang, X., Su, Z., Shen, X., and Luo, H. H., Security and privacy for mobile healthcare networks. IEEE Wirel. Commun. 22(4):104–112, 2015.CrossRefGoogle Scholar
  7. 7.
    Li, C. T., Shih, D. H., and Wang, C. C., Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems. Comput. Methods Prog. Biomed. 157:191–203, 2018.CrossRefGoogle Scholar
  8. 8.
    Irshad, A., Sher, M., Nawaz, O., Chaudhry, S. A., Khan, I., and Kumari, S., A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme. Multimedia Tools and Applications 76(15):16463–16489, 2017.CrossRefGoogle Scholar
  9. 9.
    Sutrala, A. K., Das, A. K., Odelu, V., Wazid, M., and Kumari, S., Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Comput. Methods Prog. Biomed. 135:167–185, 2016.CrossRefGoogle Scholar
  10. 10.
    Wazid, M., Zeadally, S., Das, A. K., and Odelu, V., Analysis of security protocols for mobile healthcare. J. Med. Syst. 40(11):229, 2016.CrossRefGoogle Scholar
  11. 11.
    Wu, F., Xu, L., Kumari, S., Li, X., Das, A. K., and Shen, J., A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications. J. Ambient. Intell. Humaniz. Comput. 9(4):919–930, 2018.CrossRefGoogle Scholar
  12. 12.
    Chaudhary, R., Jindal, A., Aujla, G. S., Kumar, N., Das, A. K., and Saxena, N., LSCSH: Lattice-Based Secure Cryptosystem for Smart Healthcare in Smart Cities Environment. IEEE Commun. Mag. 56(4):24–32, 2018.CrossRefGoogle Scholar
  13. 13.
    J. Srinivas, A. K. Das, N. Kumar and J. Rodrigues, Cloud centric authentication for wearable healthcare monitoring system. IEEE Transactions on Dependable and Secure Computing, 2018.Google Scholar
  14. 14.
    S. Roy, A. K. Das, S. Chatterjee, N. Kumar, S. Chattopadhyay and J. J. Rodrigues, Provably secure fine-grained data access control over multiple cloud servers in mobile cloud computing based healthcare applications. IEEE Transactions on Industrial Informatics, 2018.Google Scholar
  15. 15.
    Chaudhry, S. A., Khan, M. T., Khan, M. K., and Shon, T., A multiserver biometric authentication scheme for TMIS using elliptic curve cryptography. J. Med. Syst. 40(11):230, 2016.CrossRefGoogle Scholar
  16. 16.
    Arshad, H., and Rasoolzadegan, A., Design of a secure authentication and key agreement scheme preserving user privacy usable in telecare midicine information systems. J. Med. Syst. 40(11):237, 2016.CrossRefGoogle Scholar
  17. 17.
    Giri, D., Maitra, T., Amin, R., and Srivastava, P. D., An efficient and robust RSA-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1):145, 2015.CrossRefGoogle Scholar
  18. 18.
    Amin, R., and Biswas, G. P., An improved RSA based user authentication and session key agreement protocol usable in TMIS. J. Med. Syst. 39(8):79, 2015.CrossRefGoogle Scholar
  19. 19.
    R. Canetti and H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels. Advances in Cryptology, pp. 453–474, 2001.Google Scholar
  20. 20.
    Hwang, M. S., and Li, L. H., A new remote user authentication scheme user smart cards. IEEE Transactions on Consumers Electronics 46(1):28–30, 2000.CrossRefGoogle Scholar
  21. 21.
    Sun, H. M., An efficient user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(4):958–961, 2000.CrossRefGoogle Scholar
  22. 22.
    Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3):200–204, 2013.Google Scholar
  23. 23.
    Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):136, 2014.CrossRefGoogle Scholar
  24. 24.
    Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3):16, 2014.CrossRefGoogle Scholar
  25. 25.
    Das, A. K., and Goswami, A., An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function. J. Med. Syst. 38(6):27, 2014.CrossRefGoogle Scholar
  26. 26.
    Awasthi, A. K., and Sirvastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):9964, 2013.CrossRefGoogle Scholar
  27. 27.
    Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., and Khan, M. K., Cryptoanalysis and improvment of Yen et al.;s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):24, 2014.CrossRefGoogle Scholar
  28. 28.
    Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):9954, 2013.CrossRefGoogle Scholar
  29. 29.
    Chaudhry, S. A., Naqvi, H., Shon, T., Sher, M., and Farash, M. S., Cryptoanalysis and improvment of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6):66, 2015.CrossRefGoogle Scholar
  30. 30.
    Islam, S. H., and Khan, M. K., Cryptoanalysis and improvment of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10):135, 2014.CrossRefGoogle Scholar
  31. 31.
    Arshad, H., Teymoori, V., Nikooghadam, M., and Abbassi, H., On the security of a two-factor authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 39(8):76, 2015.CrossRefGoogle Scholar
  32. 32.
    Bin Muhaya, F. T., Cryptoanalysis and security enhancement of Zhau's authentication scheme for telecare midicine information systems. Security and Communication Networks 8(2):149–158, 2015.CrossRefGoogle Scholar
  33. 33.
    Amin, R., and Biswas, G. P., A secure three-factor user authentication and key agreement protocol for TMIS with user anonymity. J. Med. Syst. 39(8):78, 2015.CrossRefGoogle Scholar
  34. 34.
    Xu, X., Jin, Z. P., Zhang, H., and Zhu, P., A dynamic ID-based authentication scheme based on ECC for telecare medicine information systems. Appl. Mech. Mater. 457:861–866, 2014.Google Scholar
  35. 35.
    Tseng, C. H., Wang, S. H., and Tsaur, W. J., Hierarchical and dynamic elliptic curve cryptosystem based self-certified public key scheme for medical data protection. IEEE Trans. Reliab. 64(3):1078–1085, 2015.CrossRefGoogle Scholar
  36. 36.
    Amin, R., Islam, S. H., Biswas, G., Khan, M. K., and Kumar, N., An efficient and practical smart card based anonymity preserving user authentication scheme for tmis using elliptic curve. J. Med. Syst. 39(11):1–18, 2015.Google Scholar
  37. 37.
    Zhang, L., Zhu, S., and Tang, S., Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE Journal of Biomedical and health informatics 21(2):465–475, 2017.CrossRefGoogle Scholar
  38. 38.
    Jiang, Q., Chen, Z., Li, B., Shen, J., Yang, L., and Ma, J., Security analysis and improvment of bio-hashing based three-factor authentication scheme for telecare medical information systems. J. Ambient. Intell. Humaniz. Comput.:1–13, 2017.Google Scholar
  39. 39.
    Lu, Y., Li, L., Peng, H., and Yang, Y., An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J. Med. Syst. 39(3):32, 2015.CrossRefGoogle Scholar
  40. 40.
    Qiu, S., Xu, G., Ahmad, H., and Wang, L., A robust mutual authentication scheme based on elliptic curve cryptography for telecare medical information systems. IEEE Access 6:7452–7463, 2018.CrossRefGoogle Scholar
  41. 41.
    Li, C. T., Shih, D. H., and Wang, C. C., Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems. Comput. Methods Prog. Biomed. 157:191–203, 2018.CrossRefGoogle Scholar
  42. 42.
    Mohit, P., Amin, R., Karati, A., Biswas, G. P., and Khan, M. K., A standard mutual authentication protocol for cloud computing based health care system. J. Med. Syst. 41(4):50, 2017.CrossRefGoogle Scholar
  43. 43.
    Yau, W. C., and Phan, R. C. W., Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(6):9993, 2013.CrossRefGoogle Scholar
  44. 44.
    Das, A. K., A secure and effective user authentication and privacy preserving protocol with smart. Netw. Sci., 2012.Google Scholar
  45. 45.
    S. H. Islam and G. P. Biswas, A provably secure identity-based strong designated verifier proxy. Journal of King Saud University-Computer and Information Sciences, 2013.Google Scholar
  46. 46.
    AVISPA, Automated validation of internet security protocols and applications. 2014. [Online]. Available: http://www.avispa-project.org/.
  47. 47.
    X. Xu, P. Zhu, Q. Wen, Z. Jin, H. Zhang and L. He, A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. Journal of Medical systems, 38, 2014.Google Scholar
  48. 48.
    He, D., Kumar, N., Khan, M., and Lee, J. H., Anonymous two-factor authentication for consumer roaming service in global mobility networks. IEEE Trans. Consum. Electron. 59(4):811–817, 2013.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Computer Engineering and Information TechnologyImam Reza International UniversityMashhadIran

Personalised recommendations