A Robust and Efficient ECC-based Mutual Authentication and Session Key Generation Scheme for Healthcare Applications

Telecare medicine information system (TMIS) has provided an efficient and convenient way for communications of patients at home and medical staffs at clinical centers. To make these communications secure, user authentication by medical servers is considered as a crucial requirement. For this purpose, many user authentication and key agreement protocols have been put forwrad in order to fulfil this vital necessity. Recently, Arshad and Rasoolzadegan have revealed that not only the authentication and key agreement protocols suggested by Amin and Biswas and Giri et al. are defenseless against the replay attack and do not support the perfect forward secrecy, but also Amin and Biswas’s protocol is susceptible to the offline password guessing attack. Nonetheless, in this paper, we demonstrate that Arshad and Rasoolzadegan’s and the other existing schemes still fail to resist a well-known attack. Therefore, to cover this security gap, a new user authentication and session key agreement protocol is recommended that can be employed effectively for offering secure communication channels in TMIS. Our comparative security and performance analyses reveal that the proposed scheme can both solve the existing security drawback and, same as Arshad and Rasoolzadegan’s scheme, has low communication and computational overheads.

[1]  Muhammad Khurram Khan,et al.  An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[2]  Fahad Bin Muhaya,et al.  Cryptanalysis and security enhancement of Zhu's authentication scheme for Telecare medicine information system , 2015, Secur. Commun. Networks.

[3]  Saru Kumari,et al.  Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems , 2016, Comput. Methods Programs Biomed..

[4]  Sherali Zeadally,et al.  Analysis of Security Protocols for Mobile Healthcare , 2016, Journal of Medical Systems.

[5]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[6]  Morteza Nikooghadam,et al.  On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems , 2015, Journal of Medical Systems.

[7]  Muhammad Sher,et al.  A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme , 2017, Multimedia Tools and Applications.

[8]  Jian Shen,et al.  A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications , 2018, J. Ambient Intell. Humaniz. Comput..

[9]  Jian Shen,et al.  Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems , 2018, J. Ambient Intell. Humaniz. Comput..

[10]  Joel J. P. C. Rodrigues,et al.  Cloud Centric Authentication for Wearable Healthcare Monitoring System , 2019, IEEE Transactions on Dependable and Secure Computing.

[11]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[12]  Ruhul Amin,et al.  A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS , 2015, Journal of Medical Systems.

[13]  Hamed Arshad,et al.  Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems , 2016, Journal of Medical Systems.

[14]  Ashok Kumar Das,et al.  A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications , 2013 .

[15]  Samiran Chattopadhyay,et al.  Provably Secure Fine-Grained Data Access Control Over Multiple Cloud Servers in Mobile Cloud Computing Based Healthcare Applications , 2019, IEEE Transactions on Industrial Informatics.

[16]  Lixiang Li,et al.  An Enhanced Biometric-Based Authentication Scheme for Telecare Medicine Information Systems Using Elliptic Curve Cryptosystem , 2015, Journal of Medical Systems.

[17]  Debiao He,et al.  Anonymous two-factor authentication for consumer roaming service in global mobility networks , 2013, IEEE Transactions on Consumer Electronics.

[18]  Muhammad Khurram Khan,et al.  An enhanced lightweight anonymous biometric based authentication scheme for TMIS , 2017, Multimedia Tools and Applications.

[19]  Chun-Ta Li,et al.  Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems. , 2018, Computer methods and programs in biomedicine.

[20]  Tanmoy Maitra,et al.  An Efficient and Robust RSA-Based Remote User Authentication for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[21]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[22]  Ping Zhu,et al.  A Dynamic ID-Based Authentication Scheme Based on ECC for Telecare Medicine Information Systems , 2013 .

[23]  Morteza Nikooghadam,et al.  Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[24]  Ruhul Amin,et al.  A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity , 2015, Journal of Medical Systems.

[25]  Ashok Kumar Das,et al.  LSCSH: Lattice-Based Secure Cryptosystem for Smart Healthcare in Smart Cities Environment , 2018, IEEE Communications Magazine.

[26]  Muhammad Khurram Khan,et al.  A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System , 2017, Journal of Medical Systems.

[27]  Guoai Xu,et al.  A Robust Mutual Authentication Scheme Based on Elliptic Curve Cryptography for Telecare Medical Information Systems , 2018, IEEE Access.

[28]  Ruhul Amin,et al.  An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS , 2015, Journal of Medical Systems.

[29]  Zuowen Tan,et al.  A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[30]  Muhammad Khurram Khan,et al.  A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography , 2016, Journal of Medical Systems.

[31]  Xiaohui Liang,et al.  Security and privacy for mobile healthcare networks: from a quality of protection perspective , 2015, IEEE Wireless Communications.

[32]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[33]  Woei-Jiunn Tsaur,et al.  Hierarchical and Dynamic Elliptic Curve Cryptosystem Based Self-Certified Public Key Scheme for Medical Data Protection , 2015, IEEE Transactions on Reliability.

[34]  Amit K. Awasthi,et al.  A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce , 2013, Journal of Medical Systems.

[35]  Muhammad Khurram Khan,et al.  An Authentication Scheme for Secure Access to Healthcare Services , 2012, Journal of Medical Systems.

[36]  Ashok Kumar Das,et al.  An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function , 2014, Journal of Medical Systems.

[37]  Liping Zhang,et al.  Privacy Protection for Telecare Medicine Information Systems Using a Chaotic Map-Based Three-Factor Authenticated Key Agreement Scheme , 2017, IEEE Journal of Biomedical and Health Informatics.

[38]  Xin Xu,et al.  A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[39]  Tian-Fu Lee,et al.  Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems , 2014, Comput. Methods Programs Biomed..

[40]  Zuowen Tan,et al.  An efficient biometrics-based authentication scheme for telecare medicine information systems , 2013 .

[41]  Raphael C.-W. Phan,et al.  Security Analysis of a Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[42]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[43]  Athanasios V. Vasilakos,et al.  Providing Healthcare-as-a-Service Using Fuzzy Rule Based Big Data Analytics in Cloud Computing , 2018, IEEE Journal of Biomedical and Health Informatics.

[44]  Sk Hafizul Islam,et al.  A provably secure identity-based strong designated verifier proxy signature scheme from bilinear pairings , 2014, J. King Saud Univ. Comput. Inf. Sci..

[45]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[46]  Muhammad Khurram Khan,et al.  An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography , 2015, Journal of Medical Systems.