Skip to main content

A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS

Journal of Medical Systems volume 39, Article number: 33 (2015) Cite this article

Abstract

Telecare Medical Information System (TMIS) makes an efficient and convenient connection between patient(s)/user(s) at home and doctor(s) at a clinical center. To ensure secure connection between the two entities (patient(s)/user(s), doctor(s)), user authentication is enormously important for the medical server. In this regard, many authentication protocols have been proposed in the literature only for accessing single medical server. In order to fix the drawbacks of the single medical server, we have primarily developed a novel architecture for accessing several medical services of the multi-medical server, where a user can directly communicate with the doctor of the medical server securely. Thereafter, we have developed a smart card based user authentication and key agreement security protocol usable for TMIS system using cryptographic one-way hash function. We have analyzed the security of our proposed authentication scheme through both formal and informal security analysis. Furthermore, we have simulated the proposed scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and showed that the scheme is secure against the replay and man-in-the-middle attacks. The informal security analysis is also presented which confirms that the protocol has well security protection on the relevant security attacks. The security and performance comparison analysis confirm that the proposed protocol not only provides security protection on the above mentioned attacks, but it also achieves better complexities along with efficient login and password change phase.

This is a preview of subscription content, access via your institution.

Access options

Buy single article

Instant access to the full article PDF.

43,34 €

Price includes VAT (Finland)
Tax calculation will be finalised during checkout.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

References

  1. Amin, R., Cryptanalysis and an efficient secure id-based remote user authentication using smart card. Int. J. Comput. Appl. 75(13):43–48, 2013.

    Google Scholar 

  2. Amin, R., Maitra, T., Giri, D., Article: An improved efficient remote user authentication scheme in multi-server environment using smart card. Int. J. Comput. Appl. 69(22):1–6, 2013.

    Google Scholar 

  3. Amin, R., Maitra, T., Rana, S.P., An improvement of wang. et. al.’s remote user authentication scheme against smart card security breach. Int. J. Comput. Appl. 75(13):37–42, 2013.

    Google Scholar 

  4. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P., Hem, P., Kouchnarenko, O., Mantovani, J., Mdersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Vigan, L., Vigneron, L.: The avispa tool for the automated validation of internet security protocols and applications. In: Computer Aided Verification, Vol. 3576, pp. 281–285. Lecture Notes in Computer Science (2005)

  5. Bhargav-Spantzel, A., Squicciarini, A.C., Modi, S., Young, M., Bertino, E., Elliott, S.J., Privacy preserving multi-factor authentication with biometric. J. Comput. Secur. 15(5):529–560, 2007.

    Google Scholar 

  6. Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9912, 2013. doi:10.1007/s10916-012-9912-5.

    Article  MathSciNet  Google Scholar 

  7. Chang, Y.F., Yu, S.H., Shiao, D.R., A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(2):9902, 2013. doi:10.1007/s10916-012-9902-7.

    Article  Google Scholar 

  8. Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  Google Scholar 

  9. Chuang, M.C., and Chen, M.C., An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst. Appl. 41(4, Part 1):1411–1418, 2014.

    Article  Google Scholar 

  10. Das, A., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):9948, 2013. doi:10.1007/s10916-013-9948-1.

    Article  Google Scholar 

  11. Das, A.K., Analysis and improvement on an effcient biometric based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.

    Article  Google Scholar 

  12. Debiao, H., Jianhua, C., Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  13. Dolev, D., and Yao, A.C., On the security of public key protocols. Information Theory. IEEE Trans. 29(2):198–208, 1983.

    MATH  MathSciNet  Google Scholar 

  14. Fan, C.I., and Lin, Y.H., Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. Information Forensics and Security. IEEE Trans. 4(4):933–945, 2009.

    Google Scholar 

  15. Guo, C., and Chang, C.C., Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6):1433–1440, 2013.

    Article  MATH  MathSciNet  Google Scholar 

  16. Hao, X., Wang, J., Yang, Q., Yan, X., Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):9919, 2013. doi:10.1007/s10916-012-9919-y.

    Article  Google Scholar 

  17. Islam, S.H., and Biswas, G.P., A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.

    Article  Google Scholar 

  18. Jiang, Q., Ma, J., Lu, X., Tian, Y., Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J. Med. Syst. 38(2):1–8, 2014. doi:10.1007/s10916-014-0012-6.

    Article  Google Scholar 

  19. Jiang, Q., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):9897, 2013. doi:10.1007/s10916-012-9897-0.

    Article  MathSciNet  Google Scholar 

  20. Jina, A.T.B., Ling, D.N.C., Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.

    Article  Google Scholar 

  21. Khan, M.K., Kumari, S., Gupta, M., More efficient key-hash based fingerprint remote authentication scheme using mobile device. Comput. 96(9):793–816, 2014. doi:10.1007/s00607-013-0308-2.

    Article  MathSciNet  Google Scholar 

  22. Khan, M.K., and Zhang, J., Improving the security of a flexible biometric remote user authentication scheme. Comput. Stand. Interfaces 29(1):82–85, 2007.

    Article  Google Scholar 

  23. Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology CRYPTO 99. Vol. 1666, pp. 388–397: Lecture Notes in Computer Science, 1999.

  24. Kumar, M., Gupta, M.K., Kumari, S., An improved efficient remote password authentication scheme with smart card over insecure networks. Int. J. Netw. Secur. 13(3):167–177, 2011.

    Google Scholar 

  25. Kumari, S., Gupta, M.K., Khan, M.K., Li, X., An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Secur. Commun. Netw. 7:1921–1932, 2014. doi:10.1002/sec.906.

    Article  Google Scholar 

  26. Kumari, S., Khan, M., Kumar, R., Cryptanalysis and improvement of a privacy enhanced scheme for telecare medical information systems. J. Med. Syst. 37(4):9952, 2013. doi:10.1007/s10916-013-9952-5.

    Article  Google Scholar 

  27. Kumari, S., and Khan, M.K., More secure smart card based remote user password authentication scheme with user anonymity. Secur. Commun. Netw. 7:2039–2053, 2013. doi:10.1002/sec.916.

    Article  Google Scholar 

  28. Kumari, S., and Khan, M.K., Cryptanalysis and improvement of ’a robust smart-card-based remote user password authentication scheme. Int. J. Commun. Syst. 27:3939–3955, 2014. doi:10.1002/dac.2590..

    Article  Google Scholar 

  29. Kumari, S., Khan, M.K., Li, X., An improved remote user authentication scheme with key agreement. Comput. & Electr. Eng. 40(6):1997–2012, 2014. doi:10.1016/j.compeleceng.2014.05.007.

    Article  Google Scholar 

  30. Kumari, S., Khan, M.K., Li, X., Wu, F., Design of a user anonymous password authentication scheme without smart card. Int. J. Commun. Syst. 27(10):609–618, 2014. doi:10.1002/dac.2853.

    Google Scholar 

  31. Lee, C.C., Hsu, C.W., Lai, Y.M., Vasilakos, A., An enhanced mobile-healthcare emergency system based on extended chaotic maps. J. Med. Syst. 37(5):9973, 2013. doi:10.1007/s10916-013-9973-0.

    Article  Google Scholar 

  32. Lee, T.F., An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 37(6):1–9, 2013. doi:10.1007/s10916-013-9985-9.

    Article  Google Scholar 

  33. Lee, T.F., Chang, I.P., Lin, T.H., Wang, C.C., A secure and efficient password- based user authentication scheme using smart cards for the integrated epr information system. J. Med. Syst. 37(3):3833–3838, 2013.

    Google Scholar 

  34. Li, C.T., and Hwang, M.S., An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.

    Article  Google Scholar 

  35. Li, C.T., Lee, C.C., Weng, C.Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):77, 2014. doi:10.1007/s10916-014-0077-2.

    Article  Google Scholar 

  36. Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.

    Article  MATH  Google Scholar 

  37. Li, X., Xiong, Y., Ma, J., Wang, W., An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2):763–769, 2012.

    Article  Google Scholar 

  38. Lin, H.Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–5, 2013.

    Article  Google Scholar 

  39. Lumini, A., and Nanni, L., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 40(3):1057–1065, 2007.

    Article  MATH  Google Scholar 

  40. Maitra, T., and Giri, D., An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment. J. Med. Syst. 38(12):142, 2014. doi:10.1007/s10916-014-0142-x.

    Article  Google Scholar 

  41. Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  MathSciNet  Google Scholar 

  42. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M., Cryptanalysis and improvement of yan et al.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6): 24, 2014. doi:10.1007/s10916-014-0024-2.

    Article  Google Scholar 

  43. Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10): 120, 2014. doi:10.1007/s10916-014-0120-3.

    Article  Google Scholar 

  44. Sood, S.K., Sarje, A.K., Singh, K., A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2):609–618, 2011.

    Article  Google Scholar 

  45. Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Netw. 2(3):200–204, 2013.

    Google Scholar 

  46. Tool, A.W.: http://www.avispa-project.org/web-interface/ (2014)

  47. Wang, B., and Ma, M., A smart card based efficient and secured multi-server authentication scheme. Wirel. Pers. Commun. 68(2):361–378, 2013.

    Article  Google Scholar 

  48. Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  Google Scholar 

  49. Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  Google Scholar 

  50. Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9911, 2013. doi:10.1007/s10916-012-9911-6.

    Article  Google Scholar 

  51. Xue, K., Hong, P., Ma, C., A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J. Comput. Syst. Sci. 80(1):195–206, 2014.

    Article  MATH  MathSciNet  Google Scholar 

  52. Yan, X., Li, W., Li, P., Wang, J., Hao, X., Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(5):1–6, 2013.

    Article  MATH  Google Scholar 

  53. Yang, D., and Yang, B.: A biometric password-based multi-server authentication scheme with smart card. In: 2010 International Conference on, Computer Design and Applications (ICCDA). Vol. 5, pp. 554–559 (2010)

  54. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012.

    Article  Google Scholar 

Download references

Author information

Affiliations

  1. Department of Computer Science and Engineering, Indian School of Mines, Dhanbad, 826004, India

    Ruhul Amin & G. P. Biswas

Authors
  1. Ruhul Amin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. G. P. Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ruhul Amin.

Additional information

This article is part of Topical Collection on Patient Facing Systems

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Amin, R., Biswas, G.P. A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS. J Med Syst 39, 33 (2015). https://doi.org/10.1007/s10916-015-0217-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0217-3

Keywords

  • Authentication
  • AVISPA simulator
  • Multi-Medical server
  • TMIS
  • Security attacks