Advertisement

A robust authentication scheme for telecare medical information systems

  • R. MadhusudhanEmail author
  • Chaitanya S. Nayak
Article
  • 64 Downloads

Abstract

With the speedy progress in technology, the Internet has become a non-separable part of human life. It is obvious to use the Internet in all fields and medical field is no exception. The concept of establishing telecare medicine information systems(TMIS) for patients is gaining more popularity recently. To ensure the privacy of patients and to allow authorized access to remote medical servers, many authentication schemes have been proposed. Li et al., in 2016, proposed a secure dynamic identity and chaotic maps based user authentication and key agreement scheme. They claimed that the scheme is resistant to most of the known attacks. However, from thorough cryptanalysis, we have proved that their scheme is vulnerable to user impersonation attack, password guessing attack and server impersonation attack. We have also illustrated that their scheme does not provide user anonymity, convenient smart card revocation and security to session key. To overcome the aforementioned security weaknesses, we have proposed an enhanced authentication scheme using chaotic maps, which has been discussed in this paper along with its cryptanalysis. Cryptanalysis of the proposed scheme proves that the scheme is more robust and suitable for implementation.

Keywords

User authentication Password Chaotic map Hash functions Mutual authentication Security 

Notes

References

  1. 1.
    Amin R, Biswas G (2015) An improved rsa based user authentication and session key agreement protocol usable in tmis. J Med Syst 39(8):79CrossRefGoogle Scholar
  2. 2.
    Anderson JG (2007) Social, ethical and legal barriers to e-health. Int J Med Inf 76(5):480–483Google Scholar
  3. 3.
    Bai T, Lin J, Li G, Wang H, Ran P, Li Z, Li D, Pang Y, Wu W, Jeon G (2018) A lightweight method of data encryption in bans using electrocardiogram signal, Future Generation Computer SystemsGoogle Scholar
  4. 4.
    Bhatt C, Dey N, Ashour AS (2017) Internet of things and big data technologies for next generation healthcareGoogle Scholar
  5. 5.
    Breaux T, Antón A (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Trans Softw Eng 34(1):5–20CrossRefGoogle Scholar
  6. 6.
    Burrows M, Abadi M, Needham RM (1989) A logic of authentication. In: Proceedings of the royal society of London a: mathematical, physical and engineering sciences, vol 426, pp 233–271 The Royal SocietyMathSciNetCrossRefGoogle Scholar
  7. 7.
    Cao T, Zhai J (2013) Improved dynamic id-based authentication scheme for telecare medical information systems. J Med Syst 37(2):9912CrossRefGoogle Scholar
  8. 8.
    Chaturvedi A, Mishra D, Mukhopadhyay S (2013) Improved biometric-based three-factor remote user authentication scheme with key agreement using smart card. In: International conference on information systems security, pp 63–77 SpringerCrossRefGoogle Scholar
  9. 9.
    Chen HM, Lo JW, Yeh CK (2012) An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J Med Syst 36(6):3907–3915CrossRefGoogle Scholar
  10. 10.
    Chen TL, Chung YF, Lin FY (2012) A study on agent-based secure scheme for electronic medical record system. J Med Syst 36(3):1345–1357CrossRefGoogle Scholar
  11. 11.
    Das AK (2015) A secure and robust password-based remote user authentication scheme using smart cards for the integrated epr information system. J Med Syst 39(3):25CrossRefGoogle Scholar
  12. 12.
    Debiao H, Jianhua C, Rui Z (2012) A more secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1989–1995CrossRefGoogle Scholar
  13. 13.
    Devaney RL, Siegel PB, Mallinckrodt AJ, McKay S (1993) A first course in chaotic dynamical systems: theory and experiment. Comput Phys 7(4):416–417CrossRefGoogle Scholar
  14. 14.
    Hannan TJ (1996) Electronic medical records. Health Inf an Overview, vol 133Google Scholar
  15. 15.
    He D, Bu J, Chan S, Chen C, Yin M (2011) Privacy-preserving universal authentication protocol for wireless communications. IEEE Trans Wirel Commun 10(2):431–436CrossRefGoogle Scholar
  16. 16.
    Jiang Q, Ma J, Ma Z, Li G (2013) A privacy enhanced authentication scheme for telecare medical information systems. J Med Syst 37(1):9897CrossRefGoogle Scholar
  17. 17.
    Jiang Q, Wei F, Fu S, Ma J, Li G, Alelaiwi A (2016) Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dynamics 83(4):2085–2101MathSciNetCrossRefGoogle Scholar
  18. 18.
    Kocarev L, Lian S (2011) Chaos-based cryptography: theory, algorithms and applications (Vol. 354). Springer Science & Business Media.Google Scholar
  19. 19.
    Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in cryptology—CRYPTO’99, pp 789–789 SpringerGoogle Scholar
  20. 20.
    Lee TF (2013) An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J Med Syst 37 (6):9985CrossRefGoogle Scholar
  21. 21.
    Lee TF, Chang IP, Lin TH, Wang CC (2013) A secure and efficient password-based user authentication scheme using smart cards for the integrated epr information system. J Med Syst 37(3):9941CrossRefGoogle Scholar
  22. 22.
    Li CT, Lee CC, Weng CY, Chen SJ (2016) A secure dynamic identity and chaotic maps based user authentication and key agreement scheme for e-healthcare systems. J Med Syst 40(11):233CrossRefGoogle Scholar
  23. 23.
    Lovis C, Baud RH, Scherrer J-R (1998) Internet integrated in the daily medical practice within an electronic patient record. Comput Biol Med 28(5):567–579CrossRefGoogle Scholar
  24. 24.
    Lu Y, Li L, Peng H, Xie D, Yang Y (2015) Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 39(6):65CrossRefGoogle Scholar
  25. 25.
    Madhusudhan R, Mittal R (2012) Dynamic id-based remote user password authentication schemes using smart cards: a review. J Netw Comput Appl 35 (4):1235–1248CrossRefGoogle Scholar
  26. 26.
    Masuda N, Aihara K (2002) Cryptosystems with discretized chaotic maps. IEEE Trans Circ Syst I Fundam Theory Appl 49(1):28–40MathSciNetCrossRefGoogle Scholar
  27. 27.
    Meingast M, Roosta T, Sastry S (2006) Security and privacy issues with health care information technology. In: 28th annual international conference of the IEEE Engineering in Medicine and Biology Society, 2006. EMBS’06, IEEE, pp 5453–5458Google Scholar
  28. 28.
    Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552MathSciNetCrossRefGoogle Scholar
  29. 29.
    Mir O, van der Weide T, Lee CC (2015) A secure user anonymity and authentication scheme using avispa for telecare medical information systems. J Med Syst 39(9):89CrossRefGoogle Scholar
  30. 30.
    Mishra D (2015) On the security flaws in id-based password authentication schemes for telecare medical information systems. J Med Syst 39(1):154CrossRefGoogle Scholar
  31. 31.
    Mishra D, Mukhopadhyay S, Kumari S, Khan MK, Chaturvedi A (2014) Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J Med Syst 38(5):41CrossRefGoogle Scholar
  32. 32.
    Mishra D, Srinivas J, Mukhopadhyay S (2014) A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J Med Syst 38(10):120CrossRefGoogle Scholar
  33. 33.
    Moon J, Choi Y, Kim J, Won D (2016) An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 40(3):70CrossRefGoogle Scholar
  34. 34.
    Nikooghadam M, Zakerolhosseini A (2012) Secure communication of medical information using mobile agents. J Med Syst 36(6):3839–3850CrossRefGoogle Scholar
  35. 35.
    Rind DM, Safran C (1993) Real and imagined barriers to an electronic medical record. In: Proceedings of the annual symposium on computer application in medical care, p 74 American medical informatics associationGoogle Scholar
  36. 36.
    Safran C, Goldberg H (2000) Electronic patient records and the impact of the internet. Int J Med Inform 60(2):77–83CrossRefGoogle Scholar
  37. 37.
    Shen J, Gui Z, Ji S, Shen J, Tan H, Tang Y (2018) Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. J Netw Comput Appl 106:117–123CrossRefGoogle Scholar
  38. 38.
    Steward M (2005) Electronic medical records: privacy, confidentiality, liability. J Leg Med 26(4):491–506CrossRefGoogle Scholar
  39. 39.
    Tang PC, Ash JS, Bates DW, Overhage JM, Sands DZ (2006) Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption. J Am Med Inform Assoc 13(2):121–126CrossRefGoogle Scholar
  40. 40.
    Tsai CS, Lee CC, Hwang MS (2006) Password authentication schemes: Current status and key issues. IJ Netw Secur 3(2):101–115Google Scholar
  41. 41.
    Uslu AM, Stausberg J (2008) Value of the electronic patient record: an analysis of the literature. J Biomed Inf 41(4):675–682CrossRefGoogle Scholar
  42. 42.
    van Ginneken AM (2002) The computerized patient record: balancing effort and benefit. Int J Med Inf 65(2):97–119CrossRefGoogle Scholar
  43. 43.
    Wang J, Han K, Alexandridis A, Zilic Z, Pang Y, Lin J (2018) An asic implementation of security scheme for body area networks. In: 2018 IEEE International Symposium on Circuits and Systems (ISCAS), IEEE, pp 1–5Google Scholar
  44. 44.
    Wang J, Han K, Alexandridis A, Zilic Z, Pang Y, Wu W, Din S, Jeon G (2018) A novel security scheme for body area networks compatible with smart vehicles. Comput Netw 143:74–81CrossRefGoogle Scholar
  45. 45.
    Wazid M, Das AK, Kumar N, Conti M, Vasilakos AV (2018) A novel authentication and key agreement scheme for implantable medical devices deployment. IEEE J Biomed Health Inf 4:22Google Scholar
  46. 46.
    Wei J, Hu X, Liu W (2012) An improved authentication scheme for telecare medicine information systems. J Med Syst 36(6):3597–3604CrossRefGoogle Scholar
  47. 47.
    Wen F (2014) A more secure anonymous user authentication scheme for the integrated epr information system. J Med Syst 38(5):42CrossRefGoogle Scholar
  48. 48.
    Wen F, Guo D (2014) An improved anonymous authentication scheme for telecare medical information systems. J Med Syst 38(5):26CrossRefGoogle Scholar
  49. 49.
    William S (1999) Cryptography and network security: principles and practice. Prentice-Hall, Inc, 23-50Google Scholar
  50. 50.
    Wu F, Xu L (2013) Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J Med Syst 37(4):9958CrossRefGoogle Scholar
  51. 51.
    Wu ZY, Chung Y, Lai F, Chen TS (2012) A password-based user authentication scheme for the integrated epr information system. J Med Syst 36(2):631–638CrossRefGoogle Scholar
  52. 52.
    Wu ZY, Lee YC, Lai F, Lee HC, Chung Y (2012) A secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1529–1535CrossRefGoogle Scholar
  53. 53.
    Xie Q, Zhang J, Dong N (2013) Robust anonymous authentication scheme for telecare medical information systems. J Med Syst 37(2):9911CrossRefGoogle Scholar
  54. 54.
    Zhang L (2008) Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons & Fractals 37(3):669–674MathSciNetCrossRefGoogle Scholar
  55. 55.
    Zhu Z (2012) An efficient authentication scheme for telecare medicine information systems. J Med Syst 36(6):3833–3838CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Mathematical and Computational SciencesNational Institute of Technology KarnatakaSurathkalIndia

Personalised recommendations