Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS

Several remote user authentication techniques for telecare medicine information system TMIS have been proposed in the literature. But most existing techniques have limitations such as vulnerable to various attacks, lack of functionalities, and inefficiency. Recently, Amin and Biswas proposed a three-factor authentication and key agreement technique for TMIS. But their scheme is inefficient and has several security drawbacks. The attacks such as privileged-insider, user impersonation, and strong reply attacks are possible on their scheme. It also has flaw in password update phase. In order to overcome drawbacks of their scheme, a new provably secure and efficient three-factor remote user authentication scheme for TMIS is proposed in this paper. The proposed scheme overcomes all drawbacks of their scheme and also provides additional features such as user unlinkability, user anonymity, efficient password, and biometric update. The rigorous informal and formal security analysis using random oracle models and the mostly acceptable Automated Validation of Internet Security Protocols and Applications tool is also performed. During the experimentation, it has been observed that the proposed scheme is secure against various known attacks that include replay and man-in-the-middle attacks. Furthermore, the analysis of computation and communication cost estimation of the proposed scheme depicts that our scheme is efficient as compared with other related exiting schemes. Copyright © 2016 John Wiley & Sons, Ltd.

[1]  Peilin Hong,et al.  A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks , 2013, J. Netw. Comput. Appl..

[2]  Ronald L. Rivest,et al.  Responses to NIST's proposal , 1992, CACM.

[3]  Zuowen Tan,et al.  A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[4]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[5]  Sourav Mukhopadhyay,et al.  An anonymous and secure biometric-based enterprise digital rights management system for mobile environment , 2015, Secur. Commun. Networks.

[6]  Sk Hafizul Islam,et al.  Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps , 2014 .

[7]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of "An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems" , 2014, Secur. Commun. Networks.

[8]  Sherali Zeadally,et al.  Authentication protocol for an ambient assisted living system , 2015, IEEE Communications Magazine.

[9]  Ruhul Amin,et al.  A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks , 2016, Ad Hoc Networks.

[10]  Xiong Li,et al.  Design of a user anonymous password authentication scheme without smart card , 2016, Int. J. Commun. Syst..

[11]  Sabrina De Capitani di Vimercati,et al.  Guest Editorial: Special Issue on Computer and Communications Security , 2008, TSEC.

[12]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[13]  Ashok Kumar Das,et al.  An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks , 2015, Secur. Commun. Networks.

[14]  Muhammad Khurram Khan,et al.  Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’ , 2014, Int. J. Commun. Syst..

[15]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[16]  Vanga Odelu,et al.  A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks , 2015, Secur. Commun. Networks.

[17]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[18]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[19]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[20]  Ruhul Amin,et al.  A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS , 2015, Journal of Medical Systems.

[21]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[22]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[23]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[24]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[25]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[26]  Ruhul Amin,et al.  A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity , 2015, Journal of Medical Systems.

[27]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[28]  Vanga Odelu,et al.  An efficient biometric-based privacy-preserving three-party authentication with key agreement protocol using smart cards , 2015, Secur. Commun. Networks.

[29]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[30]  Xiong Li,et al.  An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement , 2014, Secur. Commun. Networks.

[31]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..

[32]  Xin Xu,et al.  A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[33]  David von Oheimb The High-Level Protocol Specification Language HLPSL developed in the EU project AVISPA , 2005 .

[34]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[35]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[36]  Muhammad Khurram Khan,et al.  More secure smart card-based remote user password authentication scheme with user anonymity , 2014, Secur. Commun. Networks.

[37]  Qiaoyan Wen,et al.  An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network , 2012, Comput. Commun..

[38]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[39]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[40]  Tian-Fu Lee,et al.  Provably Secure Anonymous Single-Sign-On Authentication Mechanisms Using Extended Chebyshev Chaotic Maps for Distributed Computer Networks , 2018, IEEE Systems Journal.

[41]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[42]  Xiong Li,et al.  Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’ , 2015, PloS one.

[43]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[44]  Vanga Odelu,et al.  An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card , 2015, J. Inf. Secur. Appl..

[45]  Chun-Ta Li,et al.  A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks , 2008, Comput. Commun..

[46]  Peng Gong,et al.  A Secure Biometrics-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[47]  Dongho Won,et al.  Cryptanalysis of Enhanced Biometric-Based Authentication Scheme for Telecare Medicine Information Systems Using Elliptic Curve Cryptosystem , 2015, CSA/CUTE.

[48]  Ruhul Amin,et al.  Design and Analysis of Bilinear Pairing Based Mutual Authentication and Key Agreement Protocol Usable in Multi-server Environment , 2015, Wireless Personal Communications.

[49]  Douglas R. Stinson,et al.  Some Observations on the Theory of Cryptographic Hash Functions , 2006, Des. Codes Cryptogr..

[50]  Robert Simon Sherratt,et al.  Enhanced three-factor security protocol for consumer USB mass storage devices , 2014, IEEE Transactions on Consumer Electronics.

[51]  Muhammad Khurram Khan,et al.  An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[52]  Lixiang Li,et al.  An Enhanced Biometric-Based Authentication Scheme for Telecare Medicine Information Systems Using Elliptic Curve Cryptosystem , 2015, Journal of Medical Systems.

[53]  Ya-Fen Chang,et al.  Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update , 2014, Int. J. Commun. Syst..

[54]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[55]  J. Menchón,et al.  The Relationship between Non-Suicidal Self-Injury and the UPPS-P Impulsivity Facets in Eating Disorders and Healthy Controls , 2015, PloS one.

[56]  Ashok Kumar Das,et al.  A New Biometric-Based Remote User Authentication Scheme in Hierarchical Wireless Body Area Sensor Networks , 2015, Ad Hoc Sens. Wirel. Networks.

[57]  Saru Kumari,et al.  An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments , 2017, J. King Saud Univ. Comput. Inf. Sci..

[58]  Ashok Kumar Das,et al.  A Secure User Anonymity-Preserving Three-Factor Remote User Authentication Scheme for the Telecare Medicine Information Systems , 2015, Journal of Medical Systems.

[59]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[60]  Mohammad S. Obaidat,et al.  Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System , 2015, Journal of Medical Systems.

[61]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[62]  Xiong Li,et al.  Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems , 2015, Journal of Medical Systems.

[63]  Paul E. Baclace Competitive agents for information filtering , 1992, CACM.