A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS

Telecare Medical Information System (TMIS) makes an efficient and convenient connection between patient(s)/user(s) at home and doctor(s) at a clinical center. To ensure secure connection between the two entities (patient(s)/user(s), doctor(s)), user authentication is enormously important for the medical server. In this regard, many authentication protocols have been proposed in the literature only for accessing single medical server. In order to fix the drawbacks of the single medical server, we have primarily developed a novel architecture for accessing several medical services of the multi-medical server, where a user can directly communicate with the doctor of the medical server securely. Thereafter, we have developed a smart card based user authentication and key agreement security protocol usable for TMIS system using cryptographic one-way hash function. We have analyzed the security of our proposed authentication scheme through both formal and informal security analysis. Furthermore, we have simulated the proposed scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and showed that the scheme is secure against the replay and man-in-the-middle attacks. The informal security analysis is also presented which confirms that the protocol has well security protection on the relevant security attacks. The security and performance comparison analysis confirm that the proposed protocol not only provides security protection on the above mentioned attacks, but it also achieves better complexities along with efficient login and password change phase.

[1]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[2]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[3]  Han-Yu Lin,et al.  On the Security of A Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[4]  Loris Nanni,et al.  An improved BioHashing for human authentication , 2007, Pattern Recognit..

[5]  Zuowen Tan,et al.  An efficient biometrics-based authentication scheme for telecare medicine information systems , 2013 .

[6]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[7]  Rui Zhang,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[8]  Tanmoy Maitra,et al.  An Improved Efficient Remote User Authentication Scheme in Multi-server Environment using Smart Card , 2013 .

[9]  Jianfeng Ma,et al.  Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[10]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[11]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’ , 2012, Journal of Medical Systems.

[12]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[13]  Bin Wang,et al.  A Smart Card Based Efficient and Secured Multi-Server Authentication Scheme , 2012, Wireless Personal Communications.

[14]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[15]  G. P. Biswas,et al.  A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2011, J. Syst. Softw..

[16]  Zhian Zhu,et al.  An Efficient Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[17]  Fengtong Wen,et al.  A Robust Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[18]  Xiong Li,et al.  An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement , 2014, Secur. Commun. Networks.

[19]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..

[20]  Sourav Mukhopadhyay,et al.  A Secure and Efficient Chaotic Map-Based Authenticated Key Agreement Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[21]  Ruhul Amin Cryptanalysis and an Efficient Secure ID-based Remote User Authentication using Smart Card , 2013 .

[22]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.

[23]  Jianfeng Ma,et al.  A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[24]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[25]  Peng Gong,et al.  A Secure Biometrics-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[26]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[27]  Manoj Kumar,et al.  An Improved Efficient Remote Password Authentication Scheme with Smart Card over Insecure Networks , 2011, Int. J. Netw. Secur..

[28]  BertinoElisa,et al.  Privacy preserving multi-factor authentication with biometrics , 2007 .

[29]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[30]  Tianjie Cao,et al.  Improved Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[31]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[32]  Qinghai Yang,et al.  A Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[33]  Ashok Kumar Das,et al.  A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[34]  Bo Yang,et al.  A biometric password-based multi-server authentication scheme with smart card , 2010, 2010 International Conference On Computer Design and Applications.

[35]  Tsung-Hung Lin,et al.  A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System , 2013, Journal of Medical Systems.

[36]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[37]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[38]  Cheng-Chi Lee,et al.  A Secure Chaotic Maps and Smart Cards Based Password Authentication and Key Agreement Scheme with User Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[39]  Tanmoy Maitra,et al.  An Improvement of Wang. et. al.'s Remote User Authentication Scheme Against Smart Card Security Breach , 2013 .

[40]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[41]  Xiong Li,et al.  Design of a user anonymous password authentication scheme without smart card , 2016, Int. J. Commun. Syst..

[42]  Jun Zhang,et al.  Robust Anonymous Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[43]  Robert B. Ash,et al.  Information Theory , 2020, The SAGE International Encyclopedia of Mass Media and Society.

[44]  Chin-Chen Chang,et al.  Chaotic maps-based password-authenticated key agreement using smart cards , 2013, Commun. Nonlinear Sci. Numer. Simul..

[45]  Tanmoy Maitra,et al.  An Efficient Biometric and Password-Based Remote User Authentication using Smart Card for Telecare Medical Information Systems in Multi-Server Environment , 2014, Journal of Medical Systems.

[46]  Ya-Fen Chang,et al.  A Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[47]  Muhammad Khurram Khan,et al.  More secure smart card-based remote user password authentication scheme with user anonymity , 2014, Secur. Commun. Networks.

[48]  Muhammad Khurram Khan,et al.  More efficient key-hash based fingerprint remote authentication scheme using mobile device , 2014, Computing.

[49]  Bo Yang,et al.  A Provable Security Biometric Password Multi-server Authentication Scheme with Smart Card , 2010, 2010 Second International Symposium on Data, Privacy, and E-Commerce.

[50]  Chun-I Fan,et al.  Provably Secure Remote Truly Three-Factor Authentication Scheme With Privacy Protection on Biometrics , 2009, IEEE Transactions on Information Forensics and Security.

[51]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[52]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[53]  Muhammad Khurram Khan,et al.  Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’ , 2014, Int. J. Commun. Syst..

[54]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[55]  Tian-Fu Lee,et al.  An Efficient Chaotic Maps-Based Authentication and Key Agreement Scheme Using Smartcards for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[56]  Athanasios V. Vasilakos,et al.  An Enhanced Mobile-Healthcare Emergency System Based on Extended Chaotic Maps , 2013, Journal of Medical Systems.