Design of a Secure Three-Factor Authentication Scheme for Smart Healthcare

  • Km. Renuka
  • Saru Kumari
  • Xiong LiEmail author
Systems-Level Quality Improvement
Part of the following topical collections:
  1. Security and Privacy in Smart Connected Health Systems


Now-a-days, the society is witnessing a keen urge to enhance the quality of healthcare services with the intervention of technology in the health sector. The main focus in transforming traditional healthcare to smart healthcare is on facilitating the patients as well as medical professionals. However, this changover is not easy due to various issues of security and integrity associated with it. Security of patients’s personal health record and privacy can be handled well by permitting only authorized access to the confidential health-data via suitably designed authentication scheme. In pursuit to contribute in this direction, we came across the role of Universal Serial Bus (USB), the most widely accepted interface, in enabling communication between peripheral devices and a host controller like laptop, personal computer, smart phone, tablet etc. In the process, we analysed a recently proposed a three-factor authentication scheme for consumer USB Mass Storage Devices (MSD) by He et al. In this paper, we demonstrate that He et al.’s scheme is vulnerable to leakage of temporary but session specific information attacks, late detection of message replay, forward secrecy attacks, and backward secrecy attacks. Then motivated with the benefits of USB, we propose a secure three-factor authentication scheme for smart healthcare.


Universal serial bus Three-factor authentication Mass storage device Message replay Forward/ backward secrecy 


Compliance with ethical standards

Conflict of interest

All the authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.


  1. 1.
    Al-Zarouni, M., The reality of risks from consented use of USB devices. in Proc. 4th in Proc. 4th Australian Information Security Management Conference, pp. 312–317, 2006.Google Scholar
  2. 2.
    Yang, F. Y., Wu, T. D., and Chiu, S. H., A secure control protocol for USB mass storage devices. IEEE Transactions on Consumer Electronics. 56(4):2239–2243, 2010.CrossRefGoogle Scholar
  3. 3.
    Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., and Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. Journal of medical systems. 38(5):41, 2014.CrossRefGoogle Scholar
  4. 4.
    Moon, J., Choi, Y., Kim, J., and Won, D., An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. Journal of medical systems. 40(3):70, 2016.CrossRefGoogle Scholar
  5. 5.
    Khan, M. K., and Kumari, S., Cryptanalysis and improvement of “an efficient and secure dynamic ID-based authentication scheme for telecare medical information systems”. Security and Communication Networks. 7(2):399–408, 2014.CrossRefGoogle Scholar
  6. 6.
    Hou, J. L., and Yeh, K. H., Novel authentication schemes for IoT based healthcare systems. International Journal of Distributed Sensor Networks. 11(11):183659, 2015.CrossRefGoogle Scholar
  7. 7.
    Lu, Y., Li, L., Peng, H., and Yang, Y., An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. Journal of medical systems. 39(3):32, 2015.CrossRefGoogle Scholar
  8. 8.
    He, D., Kumar, N., Chen, J., Lee, C. C., Chilamkurti, N., and Yeo, S. S., Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems. 21(1):49–60, 2015.CrossRefGoogle Scholar
  9. 9.
    Wu, F., Xu, L., Kumari, S., and Li, X., An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks. Multimedia Systems. 23(2):195–205, 2017.CrossRefGoogle Scholar
  10. 10.
    Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., and Li, X., Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. Journal of medical systems. 39(11):140, 2015.CrossRefGoogle Scholar
  11. 11.
    Li, X., Niu, J., Karuppiah, M., Kumari, S., and Wu, F., Secure and efficient two-factor user authentication scheme with user anonymity for network based e-health care applications. Journal of medical systems. 40(12):268, 2016.CrossRefGoogle Scholar
  12. 12.
    Li, C. T., Lee, C. C., Weng, C. Y., and Chen, S. J., A secure dynamic identity and chaotic maps based user authentication and key agreement scheme for e-healthcare systems. Journal of medical systems. 40(11):233, 2016.CrossRefGoogle Scholar
  13. 13.
    Irshad, A., Sher, M., Nawaz, O., Chaudhry, S. A., Khan, I., and Kumari, S., A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme. Multimedia Tools and Applications. 76(15):16463–16489, 2017.CrossRefGoogle Scholar
  14. 14.
    Li, X., Wu, F., Khan, M. K., Xu, L., Shen, J., and Jo, M., A secure chaotic map-based remote authentication scheme for telecare medicine information systems. Future Generation Computer Systems. 84:149–159, 2018.CrossRefGoogle Scholar
  15. 15.
    Li, X., Ibrahim, M. H., Kumari, S., Sangaiah, A. K., Gupta, V., and Choo, K. K., Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Computer Networks. 129:429–443, 2017.CrossRefGoogle Scholar
  16. 16.
    Wu, F., Li, X., Sangaiah, A. K., Xu, L., Kumari, S., Wu, L., and Shen, J., A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Future Generation Computer Systems. 82:727–737, 2018.CrossRefGoogle Scholar
  17. 17.
    Wu, F., Li, X., Xu, L., Kumari, S., and Sangaiah, A. K., A novel mutual authentication scheme with formal proof for smart healthcare systems under global mobility networks notion. Computers & Electrical Engineering. 68:107–118, 2018.CrossRefGoogle Scholar
  18. 18.
    Chen, B., QIN, C., YU, L., and JIANG, P., A secure access authentication scheme for removable storage media. Journal of information & Computational Science. 9(15):4353–4363, 2012.Google Scholar
  19. 19.
    Lee, C. C., Chen, C. T., Wu, P. H., and Chen, T. Y., Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices. IET Computers & Digital Techniques. 7(1):48–55, 2013.CrossRefGoogle Scholar
  20. 20.
    He, D., Kumar, N., Lee, J. H., and Sherratt, R. S., Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Transactions on Consumer Electronics. 60(1):30–37, 2014.CrossRefGoogle Scholar
  21. 21.
    Li, C. T., and Hwang, M. S., An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and computer applications. 33(1):1–5, 2010.CrossRefGoogle Scholar
  22. 22.
    Li, X., Peng, J., Niu, J., Wu, F., Liao, J., and Choo, K. R., A robust and energy efficient authentication protocol for industrial internet of things. IEEE Internet of Things Journal. 5(3):1606–1615, 2018.CrossRefGoogle Scholar
  23. 23.
    Amin, R., Islam, S. H., Gope, P., Choo, K.-K. R., and Tapas, N., Anonymity preserving and lightweight multi-medical server authentication protocol for telecare medical information system. IEEE Journal of Biomedical and Health Informatics In press, 2018.
  24. 24.
    J. Holdsworth, W.B. Glisson and K-K R. Choo, Medical device vulnerability mitigation effort gap analysis taxonomy. Smart Health, In press,, 2017.
  25. 25.
    Chen, L., Lee, W. K., Chang, C. C., Choo, K.-K. R., and Zhang, N., Blockchain based searchable encryption for electronic health record sharing. Future Generation Computer Systems 95:420–429, 2019.CrossRefGoogle Scholar
  26. 26.
    Challa, S., Das, A. K., Odelu, V., Kumar, N., Kumari, S., Khan, M. K., and Vasilakos, A. V., An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Computers and Electrical Engineering 69:534–554, 2018.CrossRefGoogle Scholar
  27. 27.
    S. F. Aghili, H. Mala, M. Shojafar, P. Peris-Lopez, LACO: Lightweight three-factor authentication, access control and ownership transfer scheme for e-health systems in IoT, Future Generation Computer Systems, Elsevier, In press, doi:, 2019.CrossRefGoogle Scholar
  28. 28.
    Masdari, M., and Ahmadzadeh, S., A survey and taxonomy of the authentication schemes in telecare medicine information systems. Journal of Network and Computer Applications. 87:1–9, 2017.CrossRefGoogle Scholar
  29. 29.
    Aslam, M. U., Derhab, A., Saleem, K., Abbas, H., Orgun, M., Iqbal, W., and Aslam, B., A survey of authentication schemes in telecare medicine information systems. Journal of medical systems. 41(1):14, 2017.CrossRefGoogle Scholar
  30. 30.
    Chen, T. L., Chung, Y. F., and Lin, F. Y., A study on agent-based secure scheme for electronic medical record system. Journal of medical systems. 36(3):1345–1357, 2012.CrossRefGoogle Scholar
  31. 31.
    Dodis, Y., Reyzin, L., and Smith, A., Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: InInternational conference on the theory and applications of cryptographic techniques 2004 may 2. Berlin, Heidelberg: Springer, 523–540.CrossRefGoogle Scholar
  32. 32.
    Zhang, S., Li, X., Tan, Z., Peng, T., and Wang, G., A caching and spatial K-anonymity driven privacy enhancement scheme in continuous location-based services. Future Generation Computer Systems. 94:40–50, 2019.CrossRefGoogle Scholar
  33. 33.
    Zhang, S., Choo, K. R., Liu, Q., and Wang, G., Enhancing privacy through uniform grid and caching in location-based services. Future Generation Computer Systems. 86:881–892, 2018.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of MathematicsChaudhary Charan Singh UniversityMeerutIndia
  2. 2.School of Computer Science and EngineeringHunan University of Science and TechnologyXiangtanChina

Personalised recommendations