Advertisement

Cryptanalysis and Biometric-Based Enhancement of a Remote User Authentication Scheme for E-Healthcare System

  • Rifaqat Ali
  • Arup Kumar Pal
Research Article - Computer Engineering and Computer Science

Abstract

In recent years, E-healthcare system is quite popular and the easiest medium to avail high-quality healthcare services from the specialized medical professions. In this system, the security is one of the major concern issues since during diagnosis process the patient’s medical-related documents are sensitive and it is always desirable that the authorized users can avail this facility in a secure way. Several remote user authentication schemes are reported to make E-healthcare system secure. Recently, Li et al. proposed a user authentication scheme for E-healthcare system and claimed that their scheme is able to withstand most of the common security attacks. However, we have reviewed their scheme and pointed out some vulnerabilities like identity and password guessing attacks; privileged insider attack; user impersonation attack; and smartcard theft attack. In order to overcome these security vulnerabilities, a biometric-based remote user authentication scheme is proposed for improving the security in E-healthcare system. The proposed scheme is validated using well-accepted Burrows–Abadi–Needham (BAN) logic and random oracle model. The informal security analysis ensures that the proposed scheme is able to resist several types of malicious cryptography attacks. Further, the proposed scheme is simulated using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and the simulation results reveal that the scheme is secure against active and passive attacks. The proposed scheme is also compared with the existing schemes in terms of evaluation parameters like smartcard storage cost, communication cost, computation cost, and estimated time.

Keywords

Authentication AVISPA BAN logic Random oracle model E-healthcare system 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Supplementary material

13369_2018_3220_MOESM1_ESM.rar (2 mb)
Supplementary material 1 (rar 2072 KB)

References

  1. 1.
    Kocher, P.; Jaffe, J.; Jun, B.: Differential power analysis. In: Annual International Cryptology Conference, pp. 388–397, Springer, New York (1999)Google Scholar
  2. 2.
    Messerges, T.S.; Dabbish, E.A.; Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Wei, J.; Hu, X.; Liu, W.: An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6), 3597–3604 (2012)CrossRefGoogle Scholar
  4. 4.
    Zhu, Z.: An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6), 3833–3838 (2012)CrossRefGoogle Scholar
  5. 5.
    Bin Muhaya, F.T.: Cryptanalysis and security enhancement of zhu’s authentication scheme for telecare medicine information system. Secur. Commun. Netw. 8(2), 149–158 (2015)CrossRefGoogle Scholar
  6. 6.
    Arshad, H.; Teymoori, V.; Nikooghadam, M.; Abbassi, H.: On the security of a two-factor authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 39(8), 76 (2015)CrossRefGoogle Scholar
  7. 7.
    Khan, M.K.; Kumari, S.: An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4), 9954 (2013)CrossRefGoogle Scholar
  8. 8.
    Tan, Z.; et al.: An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3), 200–204 (2013)Google Scholar
  9. 9.
    Yan, X.; Li, W.; et al.: A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 5(37), 1–6 (2013)Google Scholar
  10. 10.
    Mishra, D.; Mukhopadhyay, S.; Chaturvedi, A.; Kumari, S.; Khan, M.K.: Cryptanalysis and improvement of yan et al’.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6), 24 (2014)CrossRefGoogle Scholar
  11. 11.
    Zhang, L.; Zhu, S.; Tang, S.: Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE J. Biomed. Health Inf. 21(2), 465–475 (2017)CrossRefGoogle Scholar
  12. 12.
    Amin, R.; Biswas, G.: A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8), 78 (2015)CrossRefGoogle Scholar
  13. 13.
    Ravanbakhsh, N.; Nazari, M.: An efficient improvement remote user mutual authentication and session key agreement scheme for e-health care systems. Multimed. Tools Appl. pp. 1–34, (2016)Google Scholar
  14. 14.
    Xu, X.; Zhu, P.; Wen, Q.; Jin, Z.; Zhang, H.; He, L.: A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. J. Med. Syst. 38, 9994 (2014)CrossRefGoogle Scholar
  15. 15.
    Islam, S.H.; Khan, M.K.: Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10), 135 (2014)CrossRefGoogle Scholar
  16. 16.
    Zhang, L.; Zhu, S.: Robust ECC-based authenticated key agreement scheme with privacy protection for telecare medicine information systems. J. Med. Syst. 39(5), 49 (2015)CrossRefGoogle Scholar
  17. 17.
    Liu, W.; Xie, Q.; Wang, S.; Hu, B.: An improved authenticated key agreement protocol for telecare medicine information system. SpringerPlus 5(1), 555 (2016)CrossRefGoogle Scholar
  18. 18.
    Jung, J.; Moon, J.; Won, D.: Robust biometric-based anonymous user authenticated key agreement scheme for telecare medicine information systems. KSII Trans. Int. Inf. Syst. 11(7), 3720 (2017)Google Scholar
  19. 19.
    Chang, Y.-F.; Yu, S.-H.; Shiao, D.-R.: An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3), 9902 (2013)CrossRefGoogle Scholar
  20. 20.
    Das, A.K.; Goswami, A.: A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3), 9948 (2013)CrossRefGoogle Scholar
  21. 21.
    Amin, R.; Islam, S.H.; Biswas, G.; Khan, M.K.; Li, X.: Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J. Med. Syst. 39(11), 140 (2015)CrossRefGoogle Scholar
  22. 22.
    Li, X.; Niu, J.; Karuppiah, M.; Kumari, S.; Wu, F.: Secure and efficient two-factor user authentication scheme with user anonymity for network based e-health care applications. J. Med. Syst. 40(12), 268 (2016)CrossRefGoogle Scholar
  23. 23.
    Das, A.K.: A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer Peer Netw. Appl. 9(1), 223–244 (2016)CrossRefGoogle Scholar
  24. 24.
    Wazid, M.; Das, A.K.; Kumari, S.; Li, X.; Wu, F.: Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for tmis. Secur. Commun. Netw. 9(13), 1983–2001 (2016)Google Scholar
  25. 25.
    Wei, J.; Liu, W.; Hu, X.: Cryptanalysis and improvement of a robust smart card authentication scheme for multi-server architecture. Wirel. Pers. Commun. 77(3), 2255–2269 (2014)CrossRefGoogle Scholar
  26. 26.
    Burrows, M.; Abadi, M.; Needham, R.M.: A logic of authentication. Proc. R. Soc. Lond. A Math. Phys. Eng. Sci. 426, 233–271 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Chandrakar, P.; Om, H.: Cryptanalysis and extended three-factor remote user authentication scheme in multi-server environment. Arab. J. Sci. Eng. 42(2), 765–786 (2017)CrossRefGoogle Scholar
  28. 28.
    Chandrakar, P.; Om, H.: A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC. Comput. Commun. 110, 26–34 (2017)CrossRefGoogle Scholar
  29. 29.
    Ali, R.; Pal, A.K.; Kumari, S.; Karuppiah, M.; Conti, M.: A secure user authentication and key-agreement scheme using wireless sensor networks for agriculture monitoring. Future Gener. Comput. Syst. (2017). https://doi.org/10.1016/j.future.2017.06.018
  30. 30.
    Ali, R.; Pal, A.K.: Three-factor-based confidentiality-preserving remote user authentication scheme in multi-server environment. Arab. J. Sci. Eng. 42(8), 3655–3672 (2017)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Ali, R.; Pal, A.K.: A secure and robust three-factor based authentication scheme using RSA cryptosystem. Int. J. Bus. Data Commun. Netw. 13(1), 74–84 (2017)CrossRefGoogle Scholar
  32. 32.
    Chandrakar, P.; Om, H.: An efficient two-factor remote user authentication and session key agreement scheme using rabin cryptosystem. Arab. J. Sci. Eng. pp. 1–13, 2017. https://doi.org/10.1007/s13369-017-2709-6.
  33. 33.
    Chandrakar, P.; Om, H.: Cryptanalysis and improvement of a biometric-based remote user authentication protocol usable in a multiserver environment. Trans. Emerg. Telecommun. Technol. https://doi.org/10.1002/ett.3200
  34. 34.
    Chandrakar, P.; Om, H.: A secure two-factor remote user authentication and session key agreement scheme. Int. J. Bus. Data Commun. Netw. 12(2), 62–79 (2016)CrossRefGoogle Scholar
  35. 35.
    Chandrakar, P.; Om, H.: Cryptanalysis and security enhancement of three-factor remote user authentication scheme for multi-server environment. Int. J. Bus. Data Commun. Netw. 13(1), 85–101 (2017)CrossRefGoogle Scholar
  36. 36.
    Islam, S.: Design and analysis of an improved smartcard-based remote user password authentication scheme. Int. J. Commun. Syst. 29(11), 1708–1719 (2016)CrossRefGoogle Scholar
  37. 37.
    Byun, J.W.: Privacy preserving smartcard-based authentication system with provable security. Secur. Commun. Netw. 8(17), 3028–3044 (2015)CrossRefGoogle Scholar
  38. 38.
    Awasthi, A.K.; Srivastava, K.; Mittal, R.: An improved timestamp-based remote user authentication scheme. Comput. Electr. Eng. 37(6), 869–874 (2011)CrossRefGoogle Scholar
  39. 39.
    Mishra, R.; Barnwal, A.K.: A privacy preserving secure and efficient authentication scheme for telecare medical information systems. J. Med. Syst. 39(5), 1–10 (2015)CrossRefGoogle Scholar
  40. 40.
    Giri, D.; Maitra, T.; Amin, R.; Srivastava, P.: An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1), 1–9 (2015)CrossRefGoogle Scholar
  41. 41.
    Shi, W.; Chen, Y.: An efficient RSA-based remote user authentication scheme. Roman J. Inf. Sci. Technol. 15(3), 266–276 (2012)Google Scholar
  42. 42.
    Kumari, S.; Gupta, M.K.; Khan, M.K.; Li, X.: An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Secur. Commun. Netw. 7(11), 1921–1932 (2014)CrossRefGoogle Scholar
  43. 43.
    Hsieh, W.-B.; Leu, J.-S.: Anonymous authentication protocol based on elliptic curve Diffie-Hellman for wireless access networks. Wirel. Commun. Mob. Comput. 14(10), 995–1006 (2014)CrossRefGoogle Scholar

Copyright information

© King Fahd University of Petroleum & Minerals 2018

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringIndian Institute of Technology (Indian School of Mines)DhanbadIndia

Personalised recommendations