Skip to main content

An Efficient Biometric and Password-Based Remote User Authentication using Smart Card for Telecare Medical Information Systems in Multi-Server Environment

Journal of Medical Systems volume 38, Article number: 142 (2014) Cite this article

Abstract

The medical organizations have introduced Telecare Medical Information System (TMIS) to provide a reliable facility by which a patient who is unable to go to a doctor in critical or urgent period, can communicate to a doctor through a medical server via internet from home. An authentication mechanism is needed in TMIS to hide the secret information of both parties, namely a server and a patient. Recent research includes patient’s biometric information as well as password to design a remote user authentication scheme that enhances the security level. In a single server environment, one server is responsible for providing services to all the authorized remote patients. However, the problem arises if a patient wishes to access several branch servers, he/she needs to register to the branch servers individually. In 2014, Chuang and Chen proposed an remote user authentication scheme for multi-server environment. In this paper, we have shown that in their scheme, an non-register adversary can successfully logged-in into the system as a valid patient. To resist the weaknesses, we have proposed an authentication scheme for TMIS in multi-server environment where the patients can register to a root telecare server called registration center (RC) in one time to get services from all the telecare branch servers through their registered smart card. Security analysis and comparison shows that our proposed scheme provides better security with low computational and communication cost.

This is a preview of subscription content, access via your institution.

Access options

Buy single article

Instant access to the full article PDF.

43,34 €

Price includes VAT (Finland)
Tax calculation will be finalised during checkout.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

References

  1. Lamport, L., Password authentication with insecure communication. Commun. ACM 24(11):770–772, 1981.

    Article  MathSciNet  Google Scholar 

  2. Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  Google Scholar 

  3. Debiao, H., Jianhua, C., Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  4. Pu, Q., Wang, J., Zhao, R., Strong authentication scheme for telecare medicine information systems. J. Med. Syst. 36(4):2609–2619, 2012.

    Article  Google Scholar 

  5. Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  Google Scholar 

  6. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012.

    Article  Google Scholar 

  7. Muhammad, K.K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):1–12, 2013.

    Google Scholar 

  8. Lee, T.-F., and Liu, C.-M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3):1–8, 2013.

    Google Scholar 

  9. Das, A., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.

    Article  Google Scholar 

  10. Chen, H.-M., Lo, J.-W., Yeh, C.-K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  Google Scholar 

  11. Qi, J., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):1–8, 2013.

    Google Scholar 

  12. Qi, X., Zhang, J., Na, D., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–8, 2013.

    Google Scholar 

  13. Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–7, 2013.

    Article  MathSciNet  Google Scholar 

  14. Chang, Y.-F., Yu, S.-H., Shiao, D.-R., A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(2):1–9, 2013.

    MATH  Google Scholar 

  15. Das, A.K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.

    Article  Google Scholar 

  16. Awasthi, A., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):1–4, 2013.

    Article  Google Scholar 

  17. Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3):1–9, 2014.

    Article  Google Scholar 

  18. Yang, D., and Yang, B. A biometric password-based multi-server authentication scheme with smart card.InComputer Design and Applications (ICCDA), 2010 International Conference on. Vol. 5, pp. 554–559, 2010.

  19. Sood, S.K., Sarje, A.K., Singh, K., A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2):609–618, 2011.

    Article  Google Scholar 

  20. Wang, B., and Ma, M., A smart card based efficient and secured multi-server authentication scheme. Wirel. Pers. Commun. 68(2):361–378, 2013.

    Article  Google Scholar 

  21. He, D., and Wu, S., Security flaws in a smart card based authentication scheme for multi-server environment. Wirel. Pers. Commun. 70(1):323–329, 2013.

    Article  Google Scholar 

  22. He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. Syst J. IEEE PP(99):1–8, 2014.

    Article  Google Scholar 

  23. Chuang, M.-C., and Chen, M.C., An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst. Appl. 41(4, Part 1):1411–1418, 2014.

    Article  Google Scholar 

  24. Jain, A.K., Flynn, P., Arun, A.R. Handbook of Biometrics. New York: Springer-Verlag, 2007. Inc., Secaucus, NJ,USA.

    Google Scholar 

  25. Alfred, C., Weaver. Biometric authentication. Computer 39 (2):96–97, 2006.

    Article  MathSciNet  Google Scholar 

  26. Kocher, P., Jaffe, J., Jun, B. Differential power analysis.In Advances in Cryptology CRYPTO 99, volume 1666 of lecture notes in computer science, pp. 388–397, 1999.

    Google Scholar 

  27. Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  MathSciNet  Google Scholar 

  28. Behrouz, A. Forouzan and Debdeep Mukhopadhyay. Cryptography and Network Security 2/e. Tata-McGraw Hill, TMH: 2nd edition, 2010.

  29. Das, A.K., Sharma, P., Chatterjee, S., Sing, J.K., A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. J. Netw. Comput. Appl. 35(5):1646–1656, 2012.

    Article  Google Scholar 

  30. Palash Sarkar, A simple and generic construction of authenticated encryption with associated data. ACM Trans. Inf. Syst. Secur. 13(4:article no.33):1–16, 2010.

    Article  Google Scholar 

  31. Potlapally, N.R., Ravi, S., Raghunathan, A, Jha, N.K., A study of the energy consumption characteristics of cryptographic algorithms and security protocols. Mob. Comput. IEEE Trans. 5(2):128–143, 2006.

    Article  Google Scholar 

  32. Menezes, A.J., Vanstone, S.A., Paul, C. Van Oorschot. Handbook of Applied Cryptography: 1st edition, 1996. Boca Raton, FL, USA.

Download references

Author information

Affiliations

  1. Department of Computer Science and Engineering, Jadavpur University, Kolkata, 700032, India

    Tanmoy Maitra

  2. Department of Computer Science and Engineering, Haldia Institute of Technology, Haldia, 721657, India

    Debasis Giri

Authors
  1. Tanmoy Maitra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Debasis Giri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tanmoy Maitra.

Additional information

This article is part of the Topical Collection on Patient Facing Systems

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Maitra, T., Giri, D. An Efficient Biometric and Password-Based Remote User Authentication using Smart Card for Telecare Medical Information Systems in Multi-Server Environment. J Med Syst 38, 142 (2014). https://doi.org/10.1007/s10916-014-0142-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0142-x

Keywords

  • Authentication
  • Biometrics
  • Multi-server
  • Password
  • TMIS