Abstract
Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient’s medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.
Similar content being viewed by others
References
Hsu, C. L., Lee, M. R., and Su, C. H., The role of privacy protection in healthcare information systems adoption. J. Med. Syst. 37(5):1–12, 2013.
Touati, F., and Tabish, R., U-Healthcare System: State-of-the-Art Review and Challenges. J. Med. Syst. 37(3):1–20, 2013.
Anderson, K. B., Durbin, E., and Salinger, M. A., Identity theft. J. Econom. Perspect. 22(2):171–192, 2008.
Jain, A. K., and Nandakumar, K., Biometric authentication: system security and user privacy. IEEE Comput. 45(11):87–92, 2012.
Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electr. 46(1):28–30, 2000.
Chien, H. Y., Jan, J. K., and Tseng, Y. M., An efficient and practical solution to remote authentication: smart card. Comput. Secur. 21(4):372–375, 2002.
Awasthi, A. K., Srivastava, K., and Mittal, R. C., An improved timestamp-based remote user authentication scheme. Comput. Electr. Eng. 37(6):869–874, 2011.
Li, X., Niu, J., Khurram Khan, M., and Liao, J., An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5):1365–1371, 2013.
Wen, F., Susilo, W., and Yang, G., A robust smart card-based anonymous user authentication protocol for wireless communications. Secur. Commun. Netw. 2013. DOI: 10.1002/sec.816.
Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electr. 50(2):629–631, 2004.
Awasthi, A.K., Comment on a dynamic ID-based remote user authentication scheme. arXiv preprint cs/0410011, 2004. Available on: http://arxiv.org/ftp/cs/papers/0410/0410011.pdf.
Li, X., Ma, J., Wang, W., Xiong, Y., and Zhang, J., A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. Mathematical and Computer Modelling 58(1–2):85–95, 2013.
Wen, F., and Li, X., An improved dynamic ID-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2):381–387, 2012.
Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3):1–8, 2013.
Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. Advances in Cryptology-CRYPTO 99:388–397, 1999.
Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., and Shalmani, M. T. M., On the power of power analysis in the real world: A complete break of the KeeLoq code hopping scheme. Advances in Cryptology-CRYPTO 08:203–220, 2008.
Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.
Cao, T., and Zhai, J., Improved dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–7, 2013.
Xie, Q., Zhang, J., and Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–8, 2013.
Fan, C. I., and Lin, Y. H., Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE Trans. Inf. Foren. Sec. 4(4):933–945, 2009.
Li, C. T., and Hwang, M. S., An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.
Li, X., Niu, J., Ma, J., Wang, W., and Liu, C., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications 34(1):73–79, 2011.
Li, X., Niu, J., Wang, Z., Chen, C., Applying biometrics to design three-factor remote user authentication scheme with key agreement. Security and Communication Networks, 2013, in press, DOI: 10.1002/sec.767.
Li, X., Niu, J., Khan, M., Liao, J., Zhao, X., Robust three-factor remote user authentication scheme with key agreement for multimedia systems. Security and Communication Networks, 2013, in press, DOI: 10.1002/sec.961.
Huang, X., Xiang, Y., Chonka, A., Zhou, J., and Deng, R. H., A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans. Parallel Distrib. Syst. 22(8):1390–1397, 2011.
Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.
He, D., Chen, J., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.
Awasthi, A. K., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):1–4, 2013.
Mishra, D., and Mukhopadhyay, S., Security enhancement of biometric authentication scheme for telecare medicine information systems with nonce. arXiv preprint arXiv:1309.4690, 2013. Available on: http://arxiv.org/pdf/1309.4690v2.pdf.
Dodis, Y., Ostrovsky, R., Reyzin, L., and Smith, A., Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1):97–139, 2008.
Burrows, M., Abadi, M., and Needham, R., A logic of authentication. Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences 426(1871):233–271, 1989.
Halevi, S., and Krawczyk, H., Public-key cryptography and password protocols. ACM Transactions on Information and System Security (TISSEC) 2(3):230–268, 1999.
Li, X., Wen, Q., Zhang, H., and Jin, Z., An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks. International Journal of Network Management 23(5):311–324, 2013.
Acknowledgments
This work is supported by NSFC (Grant Nos. 61300181, 61272057, 61202434, 61170270, 61100203, 61121061), the Fundamental Research Funds for the Central Universities (Grant No. 2012RC0612, 2011YB01).
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Systems-Level Quality Improvement
Rights and permissions
About this article
Cite this article
Li, X., Wen, Q., Li, W. et al. Secure Privacy-Preserving Biometric Authentication Scheme for Telecare Medicine Information Systems. J Med Syst 38, 139 (2014). https://doi.org/10.1007/s10916-014-0139-5
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-014-0139-5