Skip to main content
SpringerLink
Log in

An improved biometrics based authentication scheme using extended chaotic maps for multimedia medicine information systems

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

With the increase of security requirements, numerous biometrics based authentication schemes that apply the smart card technology are proposed for multimedia medicine information systems in the last several years. Recently, Lu et al. presented a biometrics based authentication and key agreement scheme using extended Chebyshev chaotic maps. Unfortunately, we find that their scheme is still insecure with respect to issues such as flaws in the both login phase and password change phase. And we show that their scheme is vulnerable to the Denial-of-Service attack, user impersonation attack and server masquerade attack, which also fails to achieve the user anonymity. In order to remedy these weaknesses, we retain the useful properties of Lu et al.’s scheme to propose a robust biometrics based authentication and key agreement scheme for multimedia medicine information systems. The informal and formal security analysis of our scheme are given respectively, which demonstrate that our scheme satisfies the desirable security requirements. Furthermore, the proposed scheme provides some significant features which are not considered in most of the related schemes, such as, biometric information protection and user re-registration or revocation. Thus, our scheme resists the known attacks and is efficient for practical applications in the multimedia medicine information systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Amin R, Islam SKH, Biswas GP, Khan MK, Obaidat MS (2015) Design and analysis of an enhanced patient-server mutual authentication protocol for telecare medical information system. J Med Syst 39(11):1–20

    Google Scholar 

  2. Arshad H, Teymoori V, Nikooghadam M, Abbassi H (2015) On the security of a two-factor authentication and key agreement scheme for telecare medicine information systems. J Med Syst 39(8):1–10

    Article  Google Scholar 

  3. Benhammadi F, Bey KB (2014) Password hardened fuzzy vault for fingerprint authentication system. Image Vision Comput 32(8):487–496

    Article  Google Scholar 

  4. Bergamo P, D’Arco P, De Santis A, Kocarev L (2005) Security of public-key cryptosystems based on Chebyshev polynomials. IEEE Trans Circuits Syst Regul Pap 52(7):1382–1393

    Article  MathSciNet  MATH  Google Scholar 

  5. Chaudhry SA (2015) A secure biometric based multi-server authentication scheme for social multimedia networks. Multimedia Tools and Applications:1–21

  6. Chen TH, Hsiang HC, Shih WK (2011) Security enhancement on an improvement on two remote user authentication schemes using smart cards. Futur Gener Comput Syst 27(4):377–380

    Article  Google Scholar 

  7. Dang Q (2013) Changes in federal information processing standard (FIPS) 180-4, secure hash standard. Cryptologia 37(1):69–73

    Article  Google Scholar 

  8. Das AK (2011) Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf Secur 5(3):145–151

    Article  Google Scholar 

  9. Das AK, Bruhadeshwar B (2013) An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J Med Syst 37(5):1–17

    Article  Google Scholar 

  10. Das AK, Goswami A (2014) An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function. J Med Syst 38(6):1–19

    Article  Google Scholar 

  11. David DB (2016) Mutual authentication scheme for multimedia medical information systems. Multimedia Tools and Applications:1–19

  12. Dodis Y, Kanukurthi B, Katz J, Reyzin L, Smith A (2012) Robust fuzzy extractors and authenticated key agreement from close secrets. IEEE Trans Inf Theory 58(9):6207–6222

    Article  MATH  MathSciNet  Google Scholar 

  13. Dodis Y, Ostrovsky R, Reyzin L, Smith A (2008) Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J Comput 38(1):97–139

    Article  MATH  MathSciNet  Google Scholar 

  14. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MATH  MathSciNet  Google Scholar 

  15. Guo C, Chang CC (2013) Chaotic maps-based password-authenticated key agreement using smart cards. Commun Nonlinear Sci Numer Simul 18(6):1433–1440

    Article  MATH  MathSciNet  Google Scholar 

  16. Hao XH, Wang JT, Yang QH, Yan XP, Li P (2013) A chaotic map-based authentication scheme for telecare medicine information systems. J Med Syst 37(2):1–7

    Article  Google Scholar 

  17. He DB, Chen JH, Zhang R (2012) A more secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1989–1995

    Article  Google Scholar 

  18. He DB, Khan MK, Kumar N (2015) A new handover authentication protocol based on bilinear pairing functions for wireless networks. Int J Ad Hoc Ubiquitous Comput 18(1-2):67–74

    Article  Google Scholar 

  19. He DB, Kumar N, Chilamkurti N, Lee JH (2014) Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J Med Syst 38 (10):1–6

    Article  Google Scholar 

  20. He DB, Kumar N, Shen H (2015) One-to-many authentication for access control in mobile pay-TV systems. SCIENCE CHINA Inf Sci 59(5):1–14

    Article  MathSciNet  Google Scholar 

  21. He DB, Kumar N, Wang HQ, Wang LN, Choo KKR, Vinel A (2016) A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Trans Dependable Secure Comput PP(99):1–13

    Article  Google Scholar 

  22. He DB, Zeadally S, Kumar N, Lee JH (2016) Anonymous authentication for wireless body area networks with provable security. IEEE Syst J PP(99):1–12

    Google Scholar 

  23. He DB, Zeadally S, Wu LB (2015) Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst J PP(99):1–10

    Article  Google Scholar 

  24. Huang H, Cao ZF (2011) IDOAKE: strongly secure ID-based one-pass authenticated key exchange protocol. Security and Communication Networks 4(10):1153–1161

    Article  Google Scholar 

  25. Islam SKH (2014) Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps. Nonlinear Dyn 78(3):2261–2276

    Article  Google Scholar 

  26. Islam SKH, Biswas GP (2012) A pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks. Annals of Telecommunications-Annales des Té,lécommunications 67(11-12):547–558

    Article  Google Scholar 

  27. Islam SKH, Biswas GP (2013) Provably secure and pairing-free certificateless digital signature scheme using elliptic curve cryptography. Int J Comput Math 90(11):2244–2258

    Article  MATH  Google Scholar 

  28. Islam SKH, Khan MK (2014) Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J Med Syst 38(10):1–16

    Article  Google Scholar 

  29. Jiang Q, Ma JF, Lu X, Tian YL (2014) Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J Med Syst 38(2):1–8

    Article  Google Scholar 

  30. Kim JS, Kwak J (2015) Design of USIM-based secure user authentication scheme in a mobile office environment. Multimedia Tools and Applications:1–16

  31. Kocher P, Jaffe J, Jun B, Rohatgi P (2011) Introduction to differential power analysis. J Cryptogr Eng 1(1):5–27

    Article  Google Scholar 

  32. Kounga G, Mitchell CJ, Walter T (2012) Generating certification authority authenticated public keys in ad hoc networks. Security and Communication Networks 5(1):87–106

    Article  Google Scholar 

  33. Kumari S, Khan MK, Kumar R (2013) Cryptanalysis and improvement of ’a privacy enhanced scheme for telecare medical information systems’. J Med Syst 37(4):1–11

    Article  Google Scholar 

  34. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772

    Article  MathSciNet  Google Scholar 

  35. Lee TF (2014) Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems. Comput Methods Prog Biomed 117(3):464–472

    Article  Google Scholar 

  36. Li CT, Lee CC, Weng CY, Fan CI (2015) A secure dynamic identity based authentication protocol with smart cards for multi-server architecture. J Inf Sci Eng 31(6):1975–1992

    Google Scholar 

  37. Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5

    Article  Google Scholar 

  38. Li X, Niu JW, Kumari S, Khan MK, Liao JG, Liang W (2015) Design and analysis of a chaotic maps-based three-party authenticated key agreement protocol. Nonlinear Dyn 80(3):1209–1220

    Article  MATH  MathSciNet  Google Scholar 

  39. Li X, Niu JW, Ma J, Wang WD, Liu CL (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 34(1):73–79

    Article  Google Scholar 

  40. Lin HY (2015) Improved chaotic maps-based password-authenticated key agreement using smart cards. Commun Nonlinear Sci Numer Simul 20(2):482–488

    Article  MATH  Google Scholar 

  41. Lou DC, Lee TF, Lin TH (2015) Efficient biometric authenticated key agreements based on extended chaotic maps for telecare medicine information systems. J Med Syst 39(5):1–10

    Article  Google Scholar 

  42. Lu YR, Li LX, Peng HP, Xie D, Yang YX (2015) Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 39(6):1–10

    Article  Google Scholar 

  43. Lu YR, Li LX, Peng HP, Yang YX (2015) An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J Med Syst 39(3):1–8

    Article  Google Scholar 

  44. Lu YR, Li LX, Yang X, Yang YX (2015) Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS One 10(5):e0126323

    Article  Google Scholar 

  45. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  46. Mishra D, Das AK, Mukhopadhyay S (2016) A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Networking and Applications 9(1):171–192

    Article  Google Scholar 

  47. Mishra D, Srinivas J, Mukhopadhyay S (2014) A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J Med Syst 38(10):1–10

    Article  Google Scholar 

  48. Moon J, Choi Y, Kim J, Won D (2016) An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 40(3):1–11

    Article  Google Scholar 

  49. Siddiqui Z, Abdullah AH, Khan MK, Alghamdi AS (2014) Smart environment as a service: Three factor cloud based user authentication for telecare medical information system. J Med Syst 38(1):1–14

    Article  Google Scholar 

  50. Ustaoǧlu B (2011) Integrating identity-based and certificate-based authenticated key exchange protocols. Int J Inf Secur 10(4):201–212

    Article  Google Scholar 

  51. Wei JH, Hu XX, Liu WF (2012) An improved authentication scheme for telecare medicine information systems. J Med Syst 36(6):3597–3604

    Article  Google Scholar 

  52. Wen FT (2014) Guo, DL. An improved anonymous authentication scheme for telecare medical information systems. J Med Syst 38(5):1–11

    Google Scholar 

  53. Wu ZY, Lee YC, Lai FP, Lee HC, Chung YF (2012) A secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1529–1535

    Article  Google Scholar 

  54. Xu J, Zhu WT, Feng DG (2011) An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks. Comput Commun 34(3):319–325

    Article  Google Scholar 

  55. Xu X, Zhu P, Wen QY, Jin ZP, Zhang H, He L (2014) A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. J Med Syst 38(1):1– 7

    Article  Google Scholar 

  56. Xue KP, Hong PL (2012) Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Numer Simul 17(7):2969–2977

    Article  MATH  MathSciNet  Google Scholar 

  57. Yang TC, Lo NW, Liaw HT, Wu WC (2016) A secure smart card authentication and authorization framework using in multimedia cloud. Multimedia Tools and Applications:1–23

  58. Yau WC, Phan RCW (2013) Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems. J Med Syst 37(6):1–9

    Article  Google Scholar 

  59. Zhang LH (2008) Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons Fractals 37(3):669–674

    Article  MATH  MathSciNet  Google Scholar 

  60. Zhang LP, Zhu SH (2015) Robust ECC-based authenticated key agreement scheme with privacy protection for telecare medicine information systems. J Med Syst 39(5):1–11

    Article  Google Scholar 

  61. Zhang M, Zhang JS, Zhang Y (2015) Remote three-factor authentication scheme based on Fuzzy extractors. Security and Communication Networks 8(4):682–693

    Article  Google Scholar 

Download references

Acknowledgments

Authors thank the editor and reviewers a lot for their valuable suggestions. This research is supported by the Major Program of National Natural Science Foundation of China (No.: 11290141), the National Natural Science Foundation of China (No.: 61402030), and the Fundamental Research of Civil Aircraft (No.: MJ-F-2012-04).

Author information

Authors and Affiliations

  1. Key Laboratory of Mathematics, Informatics and Behavioral Semantics, Ministry of Education, and School of Mathematics and Systems Science, Beihang University, New Main Building Block F Room 427, No.37 XueYuan Road, Haidian district, Beijing, 100191, China

    Chengqi Wang, Xiao Zhang & Zhiming Zheng

Authors
  1. Chengqi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhiming Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiao Zhang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, C., Zhang, X. & Zheng, Z. An improved biometrics based authentication scheme using extended chaotic maps for multimedia medicine information systems. Multimed Tools Appl 76, 24315–24341 (2017). https://doi.org/10.1007/s11042-016-4198-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-016-4198-0

Keywords

Search

Navigation