Skip to main content
SpringerLink
Log in

A Secure Biometrics Based Authentication with Key Agreement Scheme in Telemedicine Networks for E-Health Services

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Lately, many of developed countries that have healthcares services use telecare medicine information systems (TMIS). In TMIS, a patient can obtain sorts of healthcare delivery services. Furthermore, physicians and also caregivers can check vital signs of patients remotely. Patient’s privacy is protected by employing a proper authentication and encryption mechanism. Recently, many user authentication schemes have been proposed that are applicable to TMIS. However, security of most proposed schemes is vulnerable. Recently, Yan et al. proposed an efficient biometrics-based authentication scheme for TMIS. In this paper, by an explanation of some active attacks, it is shown that Yan et al.’s scheme has still some security flaws. Later, an improved biometrics-based authentication and key agreement scheme is proposed. The Security of the proposed authentication and key agreement scheme is proved in the random oracle model. Furthermore, we use the BAN logic to prove the correctness of the proposed scheme. In addition, we simulate our scheme for the formal security analysis using the Automated Validation of Internet Security Protocols and Applications tool. It is shown that due to better security and also efficiency in computational time, the proposed scheme is more suitable for employment in TMIS.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Lee, W.-B., & Lee, C.-D. (2008). A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Transactions on Information Technology in Biomedicine, 12(1), 34–41.

    Article  Google Scholar 

  2. Liu, J.-Y., Zhou, A.-M., & Gao, M.-X. (2008). A new mutual authentication scheme based on nonce and smart cards. Computer Communications, 31(10), 2205–2209.

    Article  Google Scholar 

  3. Witteman, M. (2002). Advances in smartcard security. Information Security Bulletin, 7(2002), 11–22.

    Google Scholar 

  4. Lee, T. F., Chang, J. B., Chan, C. W., & Liu, H. C. (2010). Password-based mutual authentication scheme using smart cards. In The E-learning and information technology symposium 2010 (EITS2010).

  5. Guo, D., Wen, Q., Li, W., Zhang, H., & Jin, Z. (2015). An improved biometrics-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 39(3), 1–10.

    Article  Google Scholar 

  6. Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., & Chung, Y. (2012). A secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1529–1535.

    Article  Google Scholar 

  7. Debiao, H., Jianhua, C., & Rui, Z. (2012). A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1989–1995.

    Article  Google Scholar 

  8. Wei, J., Xuexian, H., & Liu, W. (2012). An improved authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(6), 3597–3604.

    Article  Google Scholar 

  9. Zhu, Z. (2012). An efficient authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(6), 3833–3838.

    Article  Google Scholar 

  10. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., & Khan, M. K. (2014). Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems. Journal of Medical Systems, 38(6), 1–12.

    Article  Google Scholar 

  11. Tan, Z. (2013). An efficient biometrics-based authentication scheme for telecare medicine information systems. Network, 2(3), 200–204.

    Google Scholar 

  12. Yan, X., Li, Weiheng, Li, Ping, Wang, J., Hao, X., & Gong, P. (2013). A secure biometrics-based authentication scheme for telecare medicine information systems. Journal of Medical Systems. doi:10.1007/s10916-013-9972-1.

    Google Scholar 

  13. Das, A. K., & Bruhadeshwar, B. (2013). An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. Journal of Medical Systems. doi:10.1007/s10916-013-9969-9.

    Google Scholar 

  14. Li, C. T., Lee, C. C., Weng, C. Y., & Fan, C. I. (2013). An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Transactions on Internet and Information Systems (TIIS), 7, 119–131.

    Article  Google Scholar 

  15. Li, C. T. (2013). A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Information Security, 7, 3–10.

    Article  Google Scholar 

  16. Wu, F., & Xu, L. (2013). Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. Journal of Medical Systems. doi:10.1007/s10916-013-9958-z.

    Google Scholar 

  17. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smartcard security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  18. Wang, B., & Li, Z. Q. (2006). A forward-secure user authentication scheme with smart cards. International Journal of Network Security, 3(2), 116–119.

    Google Scholar 

  19. Das, M. L., Saxena, A., & Gulati, V. P. (2004). A dynamic id-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 629–631.

    Article  Google Scholar 

  20. Hwang, M. S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30. doi:10.1109/30.826377.

    Article  Google Scholar 

  21. Sandirigama, M., Shimizu, A., & Noda, M. T. (2000). Simple and secure password authentication protocol(sas). IEICE Transactions on Communications, E83(B6), 1363–1365.

    Google Scholar 

  22. Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33, 1–5.

    Article  Google Scholar 

  23. Awasthi, A. K., & Srivastava, K. (2013). A biometric authentication scheme for telecare medicine information systems with nonce. Journal of Medical Systems. doi:10.1007/s10916-013-9964-1.

    Google Scholar 

  24. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.

    Article  Google Scholar 

  25. Sarkar, P. (2010). A simple and generic construction of authenticated encryption with associated data. ACM Transactions on Information and System Security, 13(4), 33.

    Article  Google Scholar 

  26. AVISPA. Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed January, 2013.

  27. Das, A. K., Odelu, V., & Goswami, A. (2014). A robust and effective smart card-based remote user authentication mechanism using hash function. The Scientific World Journal. doi:10.1155/2014/719470.

    Google Scholar 

  28. Mishraa, D., Das, A. K., & Mukhopadhyaya, (2014). S A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications. doi:10.1016/j.eswa.2014.07.004.

    Google Scholar 

  29. The AVISPA Team. The HLPSL tutorial: A beginner’s guide to Modeling and Analyzing Internet security protocols, Vol. 20.

  30. Arshad, H., & Nikooghadam, M. (2014). Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. Journal of Medical Systems. doi:10.1007/s10916-014-0136-8.

    Google Scholar 

  31. Arshad, H., & Nikooghadam, M. (2014). An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimedia Tools and Applications. doi:10.1007/s11042-014-2282-x.

    Google Scholar 

  32. Srivastava, K., Awasthi, A. K., Kaul, S. D., & Mittal, R. C. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems. doi:10.1007/s10916-014-0153-7.

    Google Scholar 

  33. Xu, L., & Wu, F. (2015). Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health car. Journal of Medical Systems. doi:10.1007/s10916-014-0179-x.

    Google Scholar 

  34. Mishraa, D., Das, A. K., & Mukhopadhyaya, S. (2014). Secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. In Peer-to-peer networking and applications. doi:10.1007/s12083-014-0321-z

  35. Chang, Y. F., Yu, S. H., & Shiao, D. R. (2013). An uniqueness-and anonymity preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37, 9902.

    Article  Google Scholar 

  36. Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., & He, L. (2014). A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. Journal of Medical Systems, 38(1), 1–7.

    Article  Google Scholar 

Download references

Acknowledgments

The authors would like to acknowledge the many helpful suggestions of the anonymous reviewers and the Editor, which have improved significantly the content and the presentation of this paper.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Imam Reza International University, Mashhad, Iran

    Omid Mir & Morteza Nikooghadam

Authors
  1. Omid Mir
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Morteza Nikooghadam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Morteza Nikooghadam.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mir, O., Nikooghadam, M. A Secure Biometrics Based Authentication with Key Agreement Scheme in Telemedicine Networks for E-Health Services. Wireless Pers Commun 83, 2439–2461 (2015). https://doi.org/10.1007/s11277-015-2538-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-015-2538-4

Keywords

Search

Navigation