Abstract
Lately, many of developed countries that have healthcares services use telecare medicine information systems (TMIS). In TMIS, a patient can obtain sorts of healthcare delivery services. Furthermore, physicians and also caregivers can check vital signs of patients remotely. Patient’s privacy is protected by employing a proper authentication and encryption mechanism. Recently, many user authentication schemes have been proposed that are applicable to TMIS. However, security of most proposed schemes is vulnerable. Recently, Yan et al. proposed an efficient biometrics-based authentication scheme for TMIS. In this paper, by an explanation of some active attacks, it is shown that Yan et al.’s scheme has still some security flaws. Later, an improved biometrics-based authentication and key agreement scheme is proposed. The Security of the proposed authentication and key agreement scheme is proved in the random oracle model. Furthermore, we use the BAN logic to prove the correctness of the proposed scheme. In addition, we simulate our scheme for the formal security analysis using the Automated Validation of Internet Security Protocols and Applications tool. It is shown that due to better security and also efficiency in computational time, the proposed scheme is more suitable for employment in TMIS.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-015-2538-4/MediaObjects/11277_2015_2538_Fig1_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-015-2538-4/MediaObjects/11277_2015_2538_Fig2_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-015-2538-4/MediaObjects/11277_2015_2538_Fig3a_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-015-2538-4/MediaObjects/11277_2015_2538_Fig3b_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-015-2538-4/MediaObjects/11277_2015_2538_Fig4a_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-015-2538-4/MediaObjects/11277_2015_2538_Fig4b_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-015-2538-4/MediaObjects/11277_2015_2538_Fig5_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-015-2538-4/MediaObjects/11277_2015_2538_Fig6_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-015-2538-4/MediaObjects/11277_2015_2538_Fig7_HTML.gif)
Similar content being viewed by others
References
Lee, W.-B., & Lee, C.-D. (2008). A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Transactions on Information Technology in Biomedicine, 12(1), 34–41.
Liu, J.-Y., Zhou, A.-M., & Gao, M.-X. (2008). A new mutual authentication scheme based on nonce and smart cards. Computer Communications, 31(10), 2205–2209.
Witteman, M. (2002). Advances in smartcard security. Information Security Bulletin, 7(2002), 11–22.
Lee, T. F., Chang, J. B., Chan, C. W., & Liu, H. C. (2010). Password-based mutual authentication scheme using smart cards. In The E-learning and information technology symposium 2010 (EITS2010).
Guo, D., Wen, Q., Li, W., Zhang, H., & Jin, Z. (2015). An improved biometrics-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 39(3), 1–10.
Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., & Chung, Y. (2012). A secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1529–1535.
Debiao, H., Jianhua, C., & Rui, Z. (2012). A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1989–1995.
Wei, J., Xuexian, H., & Liu, W. (2012). An improved authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(6), 3597–3604.
Zhu, Z. (2012). An efficient authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(6), 3833–3838.
Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., & Khan, M. K. (2014). Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems. Journal of Medical Systems, 38(6), 1–12.
Tan, Z. (2013). An efficient biometrics-based authentication scheme for telecare medicine information systems. Network, 2(3), 200–204.
Yan, X., Li, Weiheng, Li, Ping, Wang, J., Hao, X., & Gong, P. (2013). A secure biometrics-based authentication scheme for telecare medicine information systems. Journal of Medical Systems. doi:10.1007/s10916-013-9972-1.
Das, A. K., & Bruhadeshwar, B. (2013). An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. Journal of Medical Systems. doi:10.1007/s10916-013-9969-9.
Li, C. T., Lee, C. C., Weng, C. Y., & Fan, C. I. (2013). An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Transactions on Internet and Information Systems (TIIS), 7, 119–131.
Li, C. T. (2013). A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Information Security, 7, 3–10.
Wu, F., & Xu, L. (2013). Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. Journal of Medical Systems. doi:10.1007/s10916-013-9958-z.
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smartcard security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Wang, B., & Li, Z. Q. (2006). A forward-secure user authentication scheme with smart cards. International Journal of Network Security, 3(2), 116–119.
Das, M. L., Saxena, A., & Gulati, V. P. (2004). A dynamic id-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 629–631.
Hwang, M. S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30. doi:10.1109/30.826377.
Sandirigama, M., Shimizu, A., & Noda, M. T. (2000). Simple and secure password authentication protocol(sas). IEICE Transactions on Communications, E83(B6), 1363–1365.
Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33, 1–5.
Awasthi, A. K., & Srivastava, K. (2013). A biometric authentication scheme for telecare medicine information systems with nonce. Journal of Medical Systems. doi:10.1007/s10916-013-9964-1.
Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.
Sarkar, P. (2010). A simple and generic construction of authenticated encryption with associated data. ACM Transactions on Information and System Security, 13(4), 33.
AVISPA. Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed January, 2013.
Das, A. K., Odelu, V., & Goswami, A. (2014). A robust and effective smart card-based remote user authentication mechanism using hash function. The Scientific World Journal. doi:10.1155/2014/719470.
Mishraa, D., Das, A. K., & Mukhopadhyaya, (2014). S A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications. doi:10.1016/j.eswa.2014.07.004.
The AVISPA Team. The HLPSL tutorial: A beginner’s guide to Modeling and Analyzing Internet security protocols, Vol. 20.
Arshad, H., & Nikooghadam, M. (2014). Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. Journal of Medical Systems. doi:10.1007/s10916-014-0136-8.
Arshad, H., & Nikooghadam, M. (2014). An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimedia Tools and Applications. doi:10.1007/s11042-014-2282-x.
Srivastava, K., Awasthi, A. K., Kaul, S. D., & Mittal, R. C. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems. doi:10.1007/s10916-014-0153-7.
Xu, L., & Wu, F. (2015). Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health car. Journal of Medical Systems. doi:10.1007/s10916-014-0179-x.
Mishraa, D., Das, A. K., & Mukhopadhyaya, S. (2014). Secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. In Peer-to-peer networking and applications. doi:10.1007/s12083-014-0321-z
Chang, Y. F., Yu, S. H., & Shiao, D. R. (2013). An uniqueness-and anonymity preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37, 9902.
Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., & He, L. (2014). A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. Journal of Medical Systems, 38(1), 1–7.
Acknowledgments
The authors would like to acknowledge the many helpful suggestions of the anonymous reviewers and the Editor, which have improved significantly the content and the presentation of this paper.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mir, O., Nikooghadam, M. A Secure Biometrics Based Authentication with Key Agreement Scheme in Telemedicine Networks for E-Health Services. Wireless Pers Commun 83, 2439–2461 (2015). https://doi.org/10.1007/s11277-015-2538-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-015-2538-4