Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems

Nowadays, with comprehensive employment of the internet, healthcare delivery services is provided remotely by telecare medicine information systems (TMISs). A secure mechanism for authentication and key agreement is one of the most important security requirements for TMISs. Recently, Tan proposed a user anonymity preserving three-factor authentication scheme for TMIS. The present paper shows that Tan’s scheme is vulnerable to replay attacks and Denial-of-Service attacks. In order to overcome these security flaws, a new and efficient three-factor anonymous authentication and key agreement scheme for TMIS is proposed. Security and performance analysis shows superiority of the proposed scheme in comparison with previously proposed schemes that are related to security of TMISs.

[1]  Alfred Menezes,et al.  The State of Elliptic Curve Cryptography , 2000, Des. Codes Cryptogr..

[2]  Siddharth Agarwal,et al.  An Improved Fast and Secure Hash Algorithm , 2012, J. Inf. Process. Syst..

[3]  Ting Wu,et al.  Improvement of a Uniqueness-and-Anonymity-Preserving User Authentication Scheme for Connected Health Care , 2014, Journal of Medical Systems.

[4]  Fahad Bin Muhaya,et al.  Cryptanalysis and security enhancement of Zhu's authentication scheme for Telecare medicine information system , 2015, Secur. Commun. Networks.

[5]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[6]  Muhammad Khurram Khan,et al.  Security Enhancement of a Biometric based Authentication Scheme for Telecare Medicine Information Systems with Nonce , 2014, Journal of Medical Systems.

[7]  Jianfeng Ma,et al.  A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[8]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[9]  Jianfeng Ma,et al.  Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[10]  Fengtong Wen,et al.  An Improved Anonymous Authentication Scheme for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[11]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[12]  Tianjie Cao,et al.  Improved Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[13]  Jianhua Chen,et al.  An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security , 2012, Inf. Fusion.

[14]  Chuan-Ming Liu,et al.  A Secure Smart-Card Based Authentication and Key Agreement Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[15]  N. Radha,et al.  A STUDY ON BIOMETRIC TEMPLATE SECURITY , 2010, SOCO 2010.

[16]  Yu-Fang Chung,et al.  A Password-Based User Authentication Scheme for the Integrated EPR Information System , 2012, Journal of Medical Systems.

[17]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[18]  Zhian Zhu,et al.  An Efficient Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[19]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[20]  Jun Zhang,et al.  Robust Anonymous Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[21]  Hideki Imai,et al.  Theoretical framework for constructing matching algorithms in biometric authentication systems , 2009, ICB.

[22]  Gwoboa Horng,et al.  An Authentication Scheme to Healthcare Security under Wireless Sensor Networks , 2012, Journal of Medical Systems.

[23]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[24]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[25]  Xin Xu,et al.  A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[26]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[27]  Qinghai Yang,et al.  A Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[28]  Ashok Kumar Das,et al.  A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[29]  Cheng-Chi Lee,et al.  A Secure Chaotic Maps and Smart Cards Based Password Authentication and Key Agreement Scheme with User Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[30]  Peng Gong,et al.  A Secure Biometrics-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[31]  Ashok Kumar Das,et al.  An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function , 2014, Journal of Medical Systems.

[32]  Muhammad Khurram Khan,et al.  An Authentication Scheme for Secure Access to Healthcare Services , 2012, Journal of Medical Systems.

[33]  Han-Yu Lin,et al.  On the Security of A Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[34]  Fan Wu,et al.  Security analysis and Improvement of a Privacy Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[35]  Raphael C.-W. Phan,et al.  Security Analysis of a Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[36]  Raj Nanavati,et al.  Biometrics: Identity Verification in a Networked World , 2002 .

[37]  Morteza Nikooghadam,et al.  Efficient utilization of elliptic curve cryptosystem for hierarchical access control , 2010, J. Syst. Softw..

[38]  Scott A. Vanstone,et al.  Elliptic curve cryptosystem - The answer to strong, fast public-key cryptography for securing constrained environments , 1997, Inf. Secur. Tech. Rep..

[39]  Amit K. Awasthi,et al.  A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce , 2013, Journal of Medical Systems.

[40]  Morteza Nikooghadam,et al.  Secure Transmission of Mobile Agent in Dynamic Distributed Environments , 2013, Wirel. Pers. Commun..

[41]  Fengtong Wen A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System , 2014, Journal of Medical Systems.

[42]  Ashok Kumar Das,et al.  An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System , 2013, Journal of Medical Systems.

[43]  Fengtong Wen,et al.  A Robust Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[44]  Hu Jin,et al.  An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security , 2012 .

[45]  Ya-Fen Chang,et al.  A Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[46]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[47]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[48]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[49]  Morteza Nikooghadam,et al.  Secure Communication of Medical Information Using Mobile Agents , 2012, Journal of Medical Systems.

[50]  Kee-Won Kim,et al.  On the Security of Two Remote User Authentication Schemes for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[51]  Zuowen Tan,et al.  A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[52]  Morteza Nikooghadam,et al.  An efficient blind signature scheme based on the elliptic curve discrete logarithm problem , 2009, ISC Int. J. Inf. Secur..

[53]  Zhenguo Zhao,et al.  An Efficient Anonymous Authentication Scheme for Wireless Body Area Networks Using Elliptic Curve Cryptosystem , 2014, Journal of Medical Systems.