Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps

The Telecare Medicine Information Systems (TMISs) provide an efficient communicating platform supporting the patients access health-care delivery services via internet or mobile networks. Authentication becomes an essential need when a remote patient logins into the telecare server. Recently, many extended chaotic maps based authentication schemes using smart cards for TMISs have been proposed. Li et al. proposed a secure smart cards based authentication scheme for TMISs using extended chaotic maps based on Lee’s and Jiang et al.’s scheme. In this study, we show that Li et al.’s scheme has still some weaknesses such as violation the session key security, vulnerability to user impersonation attack and lack of local verification. To conquer these flaws, we propose a chaotic maps and smart cards based password authentication scheme by applying biometrics technique and hash function operations. Through the informal and formal security analyses, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Li et al.’s scheme. As compared with the previous authentication schemes, the proposed scheme is more secure and efficient and hence more practical for telemedical environments.

[1]  Ashok Kumar Das,et al.  An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function , 2014, Journal of Medical Systems.

[2]  Yanfeng Shi,et al.  STP-LWE: A Variant of Learning with Error for a Flexible Encryption , 2014 .

[3]  S. Gritzalis,et al.  Managing Medical and Insurance Information Through a Smart-Card-Based Information System , 2000, Journal of Medical Systems.

[4]  Tariq Shah,et al.  An efficient approach for the construction of LFT S-boxes using chaotic logistic map , 2012, Nonlinear Dynamics.

[5]  Lixiang Li,et al.  An Enhanced Biometric-Based Authentication Scheme for Telecare Medicine Information Systems Using Elliptic Curve Cryptosystem , 2015, Journal of Medical Systems.

[6]  Jianfeng Ma,et al.  Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[7]  Wuu Yang,et al.  A Chaotic Maps-Based Key Agreement Protocol that Preserves User Anonymity , 2009, 2009 IEEE International Conference on Communications.

[8]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[9]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[10]  Majid Khan,et al.  An efficient method for the construction of block cipher with multi-chaotic systems , 2013 .

[11]  Dawei Zhao,et al.  A secret sharing scheme with a short share realizing the (t, n) threshold and the adversary structure , 2012, Comput. Math. Appl..

[12]  Tian-Fu Lee,et al.  An Efficient Chaotic Maps-Based Authentication and Key Agreement Scheme Using Smartcards for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[13]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[14]  Cheng-Chi Lee,et al.  A Secure Chaotic Maps and Smart Cards Based Password Authentication and Key Agreement Scheme with User Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[15]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[16]  Athanasios V. Vasilakos,et al.  An Enhanced Mobile-Healthcare Emergency System Based on Extended Chaotic Maps , 2013, Journal of Medical Systems.

[17]  Tang Ming . Wei Lian. Si Tuo Lin Si,et al.  Cryptography and Network Security - Principles and Practice , 2015 .

[18]  Cheng-Chi Lee,et al.  An extended chaotic-maps-based protocol with key agreement for multiserver environments , 2013, Nonlinear Dynamics.

[19]  Marko Hölbl,et al.  An improved two-party identity-based authenticated key agreement protocol using pairings , 2012, J. Comput. Syst. Sci..

[20]  Zhian Zhu,et al.  An Efficient Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[21]  Cheng-Chi Lee,et al.  A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps , 2013 .

[22]  Qinghai Yang,et al.  A Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[23]  Chin-Chen Chang,et al.  Chaotic maps-based password-authenticated key agreement using smart cards , 2013, Commun. Nonlinear Sci. Numer. Simul..

[24]  Tanmoy Maitra,et al.  An Efficient Biometric and Password-Based Remote User Authentication using Smart Card for Telecare Medical Information Systems in Multi-Server Environment , 2014, Journal of Medical Systems.

[25]  Vanga Odelu,et al.  A secure effective key management scheme for dynamic access control in a large leaf class hierarchy , 2014, Inf. Sci..

[26]  Cheng-Chi Lee,et al.  An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments , 2013 .

[27]  Chien-Lung Hsu,et al.  The Role of Privacy Protection in Healthcare Information Systems Adoption , 2013, Journal of Medical Systems.

[28]  Alfredo De Santis,et al.  Security of public-key cryptosystems based on Chebyshev polynomials , 2004, IEEE Transactions on Circuits and Systems I: Regular Papers.

[29]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[30]  Haipeng Peng,et al.  Principle for performing attractor transits with single control in Boolean networks. , 2013, Physical review. E, Statistical, nonlinear, and soft matter physics.

[31]  Loris Nanni,et al.  An improved BioHashing for human authentication , 2007, Pattern Recognit..

[32]  Lixiang Li,et al.  A Lightweight ID Based Authentication and Key Agreement Protocol for Multiserver Architecture , 2015, Int. J. Distributed Sens. Networks.

[33]  Sirma Yavuz,et al.  Designing chaotic S-boxes based on time-delay chaotic system , 2013 .

[34]  Setti Yerukamma,et al.  Efficient Authentication for Mobile and Pervasive Computing , 2017 .

[35]  Kee-Won Kim,et al.  On the Security of Two Remote User Authentication Schemes for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[36]  Feng Li,et al.  Design and Analysis of a Highly User-Friendly, Secure, Privacy-Preserving, and Revocable Authentication Method , 2014, IEEE Transactions on Computers.

[37]  Lixiang Li,et al.  Robust and Efficient Authentication Scheme for Session Initiation Protocol , 2015 .

[38]  Kwok-Wo Wong,et al.  An efficient entire chaos-based scheme for deniable authentication , 2005 .

[39]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[40]  Xingyuan Wang,et al.  An anonymous key agreement protocol based on chaotic maps , 2011 .

[41]  Dawei Zhao,et al.  A Secure and Effective Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2013, Wireless Personal Communications.

[42]  Han-Yu Lin,et al.  Improved chaotic maps-based password-authenticated key agreement using smart cards , 2015, Commun. Nonlinear Sci. Numer. Simul..

[43]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[44]  Ashok Kumar Das,et al.  An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System , 2013, Journal of Medical Systems.

[45]  Jesse M. Ehrenfeld,et al.  Variability of Subspecialty-Specific Anesthesia-Controlled Times at Two Academic Institutions , 2014, Journal of Medical Systems.

[46]  Peilin Hong,et al.  Security improvement on an anonymous key agreement protocol based on chaotic maps , 2012 .

[47]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.