A Survey of Authentication Schemes in Telecare Medicine Information Systems

E-Healthcare is an emerging field that provides mobility to its users. The protected health information of the users are stored at a remote server (Telecare Medical Information System) and can be accessed by the users at anytime. Many authentication protocols have been proposed to ensure the secure authenticated access to the Telecare Medical Information System. These protocols are designed to provide certain properties such as: anonymity, untraceability, unlinkability, privacy, confidentiality, availability and integrity. They also aim to build a key exchange mechanism, which provides security against some attacks such as: identity theft, password guessing, denial of service, impersonation and insider attacks. This paper reviews these proposed authentication protocols and discusses their strengths and weaknesses in terms of ensured security and privacy properties, and computation cost. The schemes are divided in three broad categories of one-factor, two-factor and three-factor authentication schemes. Inter-category and intra-category comparison has been performed for these schemes and based on the derived results we propose future directions and recommendations that can be very helpful to the researchers who work on the design and implementation of authentication protocols.

[1]  Huilong Duan,et al.  Online Treatment Compliance Checking for Clinical Pathways , 2014, Journal of Medical Systems.

[2]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[3]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[4]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[5]  Jianfeng Ma,et al.  A new authentication scheme with anonymity for wireless environments , 2004, IEEE Trans. Consumer Electron..

[6]  Thomas S. Messerges,et al.  Investigations of Power Analysis Attacks on Smartcards , 1999, Smartcard.

[7]  Andrew Beng Jin Teoh,et al.  Alignment-free row-co-occurrence cancelable palmprint Fuzzy Vault , 2015, Pattern Recognit..

[8]  Ruhul Amin,et al.  A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS , 2015, Journal of Medical Systems.

[9]  Zurina Mohd Hanapi,et al.  Comparison of ECC and RSA Algorithm in Resource Constrained Devices , 2013, 2013 International Conference on IT Convergence and Security (ICITCS).

[10]  Tian-Fu Lee,et al.  An Efficient Chaotic Maps-Based Authentication and Key Agreement Scheme Using Smartcards for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[11]  Amit K. Awasthi,et al.  A remote user authentication scheme using smart cards with forward secrecy , 2003, IEEE Trans. Consumer Electron..

[12]  Jianfeng Ma,et al.  Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[13]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[14]  Soufiene Djahel,et al.  Toward energy-efficient and trustworthy eHealth monitoring system , 2015, China Communications.

[15]  Ming Li,et al.  A remote cancelable palmprint authentication protocol based on multi-directional two-dimensional PalmPhasor-fusion , 2014, Secur. Commun. Networks.

[16]  Fengtong Wen,et al.  An Improved Anonymous Authentication Scheme for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[17]  Bo Zhang,et al.  Improving Usability of Complex Authentication Schemes Via Queue Management and Load Shedding , 2014 .

[18]  Eng-Thiam Yeoh,et al.  Comparison of ECC and RSA algorithm in multipurpose smart card application , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[19]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[20]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[21]  George Kesidis,et al.  Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.

[22]  Athanasios V. Vasilakos,et al.  An Enhanced Mobile-Healthcare Emergency System Based on Extended Chaotic Maps , 2013, Journal of Medical Systems.

[23]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[24]  遠藤 利生,et al.  Biological information processing apparatus, a biological information processing method, and biometric information processing program , 2011 .

[25]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’ , 2012, Journal of Medical Systems.

[26]  Muhammad Sher,et al.  An improved and provably secure privacy preserving authentication protocol for SIP , 2017, Peer-to-Peer Netw. Appl..

[27]  Amit K. Awasthi,et al.  A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce , 2013, Journal of Medical Systems.

[28]  Xiong Li,et al.  An improved smart card based authentication scheme for session initiation protocol , 2017, Peer-to-Peer Netw. Appl..

[29]  Peng Gong,et al.  A Secure Biometrics-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[30]  Naveen K. Chilamkurti,et al.  An improved authentication protocol for session initiation protocol using smart card , 2015, Peer Peer Netw. Appl..

[31]  Çetin Kaya Koç,et al.  A high-speed ECC-based wireless authentication on an ARM microprocessor , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[32]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[33]  Kee-Won Kim,et al.  On the Security of Two Remote User Authentication Schemes for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[34]  Jianfeng Ma,et al.  Improvement of robust smart‐card‐based password authentication scheme , 2015, Int. J. Commun. Syst..

[35]  Wei-Kuan Shih,et al.  A Robust Mutual Authentication Protocol for Wireless Sensor Networks , 2010 .

[36]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[37]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[38]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[39]  Victor C. M. Leung,et al.  Mobility Support for Health Monitoring at Home Using Wearable Sensors , 2011, IEEE Transactions on Information Technology in Biomedicine.

[40]  Fengtong Wen A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System , 2014, Journal of Medical Systems.

[41]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[42]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[43]  Mingxuan Li,et al.  The authentication of the grid monitoring system for wireless sensor networks , 2013 .

[44]  Ashok Kumar Das,et al.  An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System , 2013, Journal of Medical Systems.

[45]  P. V. Oorschot,et al.  Revisiting Defenses against Large-Scale Online Password Guessing Attacks , 2012, IEEE Transactions on Dependable and Secure Computing.

[46]  Ajit Singh,et al.  A Literature Review of Security Attack in Mobile Ad-hoc Networks , 2010 .

[47]  Farrukh Aslam Khan,et al.  A Cloud-based Healthcare Framework for Security and Patients' Data Privacy Using Wireless Body Area Networks , 2014, FNC/MobiSPC.

[48]  Bertram Ludäscher,et al.  Insider Attack Identification and Prevention Using a Declarative Approach , 2014, 2014 IEEE Security and Privacy Workshops.

[49]  Daniel A. Menascé,et al.  A methodology for analyzing the performance of authentication protocols , 2002, TSEC.

[50]  Zuowen Tan,et al.  A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[51]  Wenbo Mao,et al.  Two Birds One Stone: Signcryption Using RSA , 2003, CT-RSA.

[52]  Cheng-Chi Lee,et al.  A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[53]  Muhammad Khurram Khan,et al.  An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[54]  Morteza Nikooghadam,et al.  An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC , 2014, Multimedia Tools and Applications.

[55]  Abraham O. Fapojuwo,et al.  A Survey of System Architecture Requirements for Health Care-Based Wireless Sensor Networks , 2011, Sensors.

[56]  Zhihua Cai,et al.  Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card , 2014, Int. J. Commun. Syst..

[57]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[58]  I. El Fray,et al.  Authentication protocol for software and hardware components in distributed electronic signature creation system , 2012 .

[59]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[60]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[61]  Sean W. Smith,et al.  Securing Web servers against insider attack , 2001, Seventeenth Annual Computer Security Applications Conference.

[62]  Ren-Junn Hwang,et al.  An efficient signcryption scheme with forward secrecy based on elliptic curve , 2005, Appl. Math. Comput..

[63]  Yin Zhang,et al.  GroRec: A Group-Centric Intelligent Recommender System Integrating Social, Mobile and Big Data Technologies , 2016, IEEE Transactions on Services Computing.

[64]  Junqiang Liu,et al.  Improvement of a Privacy Authentication Scheme Based on Cloud for Medical Environment , 2016, Journal of Medical Systems.

[65]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[66]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[67]  Sourav Mukhopadhyay,et al.  A Secure and Efficient Chaotic Map-Based Authenticated Key Agreement Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[68]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[69]  Mohammad Sabzinejad Farash Security analysis and enhancements of an improved authentication for session initiation protocol with provable security , 2016, Peer Peer Netw. Appl..

[70]  Paul F. Syverson,et al.  A taxonomy of replay attacks [cryptographic protocols] , 1994, Proceedings The Computer Security Foundations Workshop VII.

[71]  Chin-Chen Chang,et al.  A New Password Authentication Scheme , 1990, J. Inf. Sci. Eng..

[72]  Xiaoping Wu,et al.  Cryptanalysis of a Remote User Authentication Scheme Using Smart Cards , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[73]  Mervyn A. Jack,et al.  User perceptions of security, convenience and usability for ebanking authentication tokens , 2009, Comput. Secur..

[74]  Tatsuo Itoh,et al.  Coplanar waveguide fed quasi-Yagi antenna , 2000 .

[75]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[76]  Flemming Nielson,et al.  Where Can an Insider Attack? , 2006, Formal Aspects in Security and Trust.

[77]  Fengtong Wen,et al.  A Robust Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[78]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[79]  Haider Abbas,et al.  EVFDT: An Enhanced Very Fast Decision Tree Algorithm for Detecting Distributed Denial of Service Attack in Cloud-Assisted Wireless Body Area Network , 2015, Mob. Inf. Syst..

[80]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[81]  Akihiro Shimizu,et al.  A dynamic password authentication method using a one-way function , 1991, Systems and Computers in Japan.

[82]  Haider Abbas,et al.  Cloud-Assisted IoT-Based SCADA Systems Security: A Review of the State of the Art and Future Challenges , 2016, IEEE Access.

[83]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[84]  Simson L. Garfinkel,et al.  Secure Web Authentication with Mobile Phones , 2004 .

[85]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[86]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[87]  Matthew Green,et al.  Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice , 2015, CCS.

[88]  Hua Zhang,et al.  Offline Password Guessing Attacks on Smart-Card-Based Remote User Authentication Schemes , 2016 .

[89]  Fan Wu,et al.  Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care , 2015, Journal of Medical Systems.

[90]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[91]  Yuh-Min Tseng Weakness in simple authenticated key agreement protocol , 2000 .

[92]  Xiaomin Wang,et al.  Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices , 2008 .

[93]  Jianfeng Ma,et al.  A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[94]  Choong Seon Hong,et al.  Security in wireless sensor networks: issues and challenges , 2006, 2006 8th International Conference Advanced Communication Technology.

[95]  K. Thilagavathi,et al.  EFFICIENCY AND EFFECTIVENESS ANALYSIS OVER ECC-BASED DIRECT AND INDIRECT AUTHENTICATION PROTOCOLS: AN EXTENSIVE COMPARATIVE STUDY , 2012 .

[96]  Ruhul Amin,et al.  An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS , 2015, Journal of Medical Systems.

[97]  Meikang Qiu,et al.  Health-CPS: Healthcare Cyber-Physical System Assisted by Cloud and Big Data , 2017, IEEE Systems Journal.

[98]  Muhammad Khurram Khan,et al.  An Authentication Scheme for Secure Access to Healthcare Services , 2012, Journal of Medical Systems.

[99]  Diarmid Marshall,et al.  User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking , 2011, Comput. Secur..

[100]  M Gobi,et al.  PERFORMANCE ANALYSIS OF DISTINCT SECURED AUTHENTICATION PROTOCOLS USED IN THE RESOURCE CONSTRAINED PLATFORM , 2014 .

[101]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[102]  Adel M. Alimi,et al.  Mobile Cloud Computing in Healthcare System , 2015, ICCCI.

[103]  Wenye Wang,et al.  Measuring performance impact of security protocols in wireless local area networks , 2005, 2nd International Conference on Broadband Networks, 2005..

[104]  Yang Li,et al.  Introduction to side-channel attacks and fault attacks , 2016, 2016 Asia-Pacific International Symposium on Electromagnetic Compatibility (APEMC).

[105]  V. Sankaranarayanan,et al.  Prevention of Impersonation Attack in Wireless Mobile Ad hoc Networks , 2007 .

[106]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[107]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[108]  Simon S. Lam,et al.  A lesson on authentication protocol design , 1994, OPSR.

[109]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[110]  H. S. Ng,et al.  Security issues of wireless sensor networks in healthcare applications , 2006 .

[111]  Lixiang Li,et al.  An Enhanced Biometric-Based Authentication Scheme for Telecare Medicine Information Systems Using Elliptic Curve Cryptosystem , 2015, Journal of Medical Systems.

[112]  Gwoboa Horng Password Authentication Without Using a Password Table , 1995, Inf. Process. Lett..

[113]  Chin-Chen Chang,et al.  An ElGamal-Like Cryptosystem for Enciphering Large Messages , 2002, IEEE Trans. Knowl. Data Eng..

[114]  Limei Peng,et al.  CADRE: Cloud-Assisted Drug REcommendation Service for Online Pharmacies , 2014, Mobile Networks and Applications.

[115]  Ya-Fen Chang,et al.  A Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[116]  Loris Nanni,et al.  An improved BioHashing for human authentication , 2007, Pattern Recognit..

[117]  Akihiro Shimizu,et al.  An Impersonation Attack on One-Time Password Authentication Protocol OSPA , 2003 .

[118]  Robert H. Sloan,et al.  Power analysis attacks and countermeasures for cryptographic algorithms , 2000 .

[119]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.

[120]  Kamlesh Gupta,et al.  ECC over RSA for Asymmetric Encryption: A Review , 2011 .

[121]  Ali Idri,et al.  Empirical Studies on Usability of mHealth Apps: A Systematic Literature Review , 2015, Journal of Medical Systems.

[122]  Morteza Nikooghadam,et al.  Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[123]  Loris Nanni,et al.  Random subspace for an improved BioHashing for face authentication , 2008, Pattern Recognit. Lett..

[124]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[125]  Ruhul Amin,et al.  A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity , 2015, Journal of Medical Systems.

[126]  Omessaad Hamdi,et al.  eHealth: Survey on research projects, comparative study of telemonitoring architectures and main issues , 2014, Journal of Network and Computer Applications.

[127]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[128]  S. V. Raghavan,et al.  PassPattern System (PPS): A Pattern-Based User Authentication Scheme , 2008, Networking.

[129]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[130]  G. P. Biswas,et al.  Design of improved password authentication and update scheme based on elliptic curve cryptography , 2013, Math. Comput. Model..

[131]  Lein Harn A public-key based dynamic password scheme , 1991, [Proceedings] 1991 Symposium on Applied Computing.

[132]  Y. M. Huang,et al.  Pervasive, secure access to a hierarchical sensor-based healthcare monitoring architecture in wireless heterogeneous networks , 2009, IEEE Journal on Selected Areas in Communications.

[133]  Cheng-Chi Lee,et al.  A remote user authentication scheme using hash functions , 2002, OPSR.

[134]  P. Goyal,et al.  MANET: Vulnerabilities, Challenges, Attacks, Application , 2011 .

[135]  Ting Wu,et al.  Improvement of a Uniqueness-and-Anonymity-Preserving User Authentication Scheme for Connected Health Care , 2014, Journal of Medical Systems.

[136]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[137]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[138]  Zhian Zhu,et al.  An Efficient Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[139]  Tzonelih Hwang,et al.  Non-interactive password authentications without password tables , 1990, IEEE TENCON'90: 1990 IEEE Region 10 Conference on Computer and Communication Systems. Conference Proceedings.

[140]  Ashok Kumar Das,et al.  A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[141]  Xiaolei Dong,et al.  Securing m-healthcare social networks: challenges, countermeasures and future directions , 2013, IEEE Wireless Communications.

[142]  Xin Xu,et al.  A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[143]  Jean-Marc Robert,et al.  Security and usability: the case of the user authentication methods , 2006, IHM '06.

[144]  Mansi Gupta,et al.  Zero Knowledge Protocol with RSA Cryptography Algorithm for Authentication in Web Browser Login System (Z-RSA) , 2015, 2015 Fifth International Conference on Communication Systems and Network Technologies.

[145]  Min Chen,et al.  iDoctor: Personalized and professionalized medical recommendations based on hybrid matrix factorization , 2017, Future Gener. Comput. Syst..

[146]  Ruhul Amin,et al.  Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card , 2015 .

[147]  Tanmoy Maitra,et al.  An Efficient and Robust RSA-Based Remote User Authentication for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[148]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[149]  Yu Xiuyuan A Modified Remote User Authentication Scheme Using Smart Cards , 2008 .