On the Design of Fine Grained Access Control With User Authentication Scheme for Telecare Medicine Information Systems

A telecare medicine information system (TMIS) for health-care delivery service requires information exchange among multiple IT systems, where different types of users with different access privileges are involved. In TMIS, users generally communicate via public channels. Hence, authentication is essential to provide access to the genuine users. However, access rights for the correct information and resources for different services to the genuine users can be provided with the help of efficient user access control mechanism. The existing user authentication protocols designed for TMIS only provide authentication, but for this kind of application, it is required that the authorized users should also have unique access privilege to access specific data. This paper puts forwards a new fine grained access control with user authentication scheme for TMIS. We present the formal security analysis using both the widely accepted real-or-random model and Burrows-Abadi–Needham logic. The proposed scheme supports user anonymity, forward secrecy, and efficient password change without contacting the remote server. In addition, the proposed scheme is comparable with respect to communication and computation costs as compared with other related schemes proposed in TMIS. Moreover, better tradeoff among security and functionality features, and communication and computation costs makes the proposed scheme suitable and practical for telecare medicine environments as compared with other existing related schemes.

[1]  Sandip Roy,et al.  Cryptanalysis and enhancement of a distributed fine-grained access control in wireless sensor networks , 2014, 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[2]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[3]  Athanasios V. Vasilakos,et al.  Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment , 2018, IEEE Transactions on Dependable and Secure Computing.

[4]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[5]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[6]  Ding Wang,et al.  Robust Smart Card based Password Authentication Scheme against Smart Card Security Breach ⋆ , 2012 .

[7]  Tang Ming . Wei Lian. Si Tuo Lin Si,et al.  Cryptography and Network Security - Principles and Practice , 2015 .

[8]  Ashok Kumar Das,et al.  An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks , 2015, Secur. Commun. Networks.

[9]  Tanja Lange,et al.  The new SHA-3 software shootout , 2012, IACR Cryptol. ePrint Arch..

[10]  Ding Wang,et al.  Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards , 2012 .

[11]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[12]  Wenjing Lou,et al.  FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks , 2011 .

[13]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[14]  Ashok Kumar Das,et al.  An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System , 2013, Journal of Medical Systems.

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[17]  David Pointcheval,et al.  Multi-factor Authenticated Key Exchange , 2008, ACNS.

[18]  Vanga Odelu,et al.  An efficient biometric-based privacy-preserving three-party authentication with key agreement protocol using smart cards , 2015, Secur. Commun. Networks.

[19]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[20]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[21]  Robert Simon Sherratt,et al.  Enhanced three-factor security protocol for consumer USB mass storage devices , 2014, IEEE Transactions on Consumer Electronics.

[22]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[23]  Begnaud Francis Hildebrand,et al.  Introduction to numerical analysis: 2nd edition , 1987 .

[24]  Paul F. Syverson,et al.  The Logic of Authentication Protocols , 2000, FOSAD.

[25]  Santanu Chatterjee,et al.  An efficient dynamic fine grained access control scheme for secure data access in cloud networks , 2015, 2015 IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT).

[26]  Santanu Chatterjee,et al.  An efficient fine grained access control scheme based on attributes for enterprise class applications , 2014, 2014 International Conference on Signal Propagation and Computer Technology (ICSPCT 2014).

[27]  Bhiksha Raj,et al.  Privacy-preserving speech processing: cryptographic and string-matching frameworks show promise , 2013, IEEE Signal Processing Magazine.

[28]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[29]  Linhua Zhang Cryptanalysis of the public key encryption based on multiple chaotic systems , 2008 .

[30]  Chin-Chen Chang,et al.  Chaotic maps-based password-authenticated key agreement using smart cards , 2013, Commun. Nonlinear Sci. Numer. Simul..

[31]  Qing Zhang,et al.  A Novel Serial Multimodal Biometrics Framework Based on Semisupervised Learning Techniques , 2014, IEEE Transactions on Information Forensics and Security.

[32]  Anil K. Jain,et al.  Soft Biometric Traits for Continuous User Authentication , 2010, IEEE Transactions on Information Forensics and Security.

[33]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[34]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[35]  Jianfeng Ma,et al.  Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[36]  Ya-Fen Chang,et al.  A Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[37]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[38]  Alfredo De Santis,et al.  Security of public-key cryptosystems based on Chebyshev polynomials , 2004, IEEE Transactions on Circuits and Systems I: Regular Papers.

[39]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[40]  Julien Bringer,et al.  A Framework for Analyzing Template Security and Privacy in Biometric Authentication Systems , 2012, IEEE Transactions on Information Forensics and Security.

[41]  Amit K. Awasthi,et al.  A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce , 2013, Journal of Medical Systems.

[42]  Ljupco Kocarev,et al.  Chaos-Based Cryptography - Theory, Algorithms and Applications , 2011, Chaos-Based Cryptography.

[43]  Ashok Kumar Das,et al.  An anonymous and secure biometric-based enterprise digital rights management system for mobile environment , 2015, Secur. Commun. Networks.

[44]  Sourav Mukhopadhyay,et al.  A Secure and Efficient Chaotic Map-Based Authenticated Key Agreement Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[45]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[46]  Ashok Kumar Das,et al.  A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[47]  Ivan Stojmenovic,et al.  Distributed Fine-Grained Access Control in Wireless Sensor Networks , 2011, 2011 IEEE International Parallel & Distributed Processing Symposium.

[48]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[49]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[50]  Sourav Mukhopadhyay,et al.  A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card , 2014, Peer-to-Peer Networking and Applications.

[51]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.