Revisit of Password-Authenticated Key Exchange Protocol for Healthcare Support Wireless Communication

Wireless communication is essential for the infrastructure of a healthcare system. This bidirectional communication is used for data collection and to control message delivery. Wireless communication is applied in industries as well as in our daily lives, e.g., smart cities; however, highly reliable communication may be more difficult in environments with low power consumption, many interferences, or IoT wireless network issues due to resource limitations. In order to solve these problems, we investigated the existing three-party password-authenticated key exchange (3PAKE) and developed an enhanced protocol. Currently, Lu et al. presented a 3PAKE protocol to improve the security flaws found in Farash and Attari’s protocol. This work revisits the protocol proposed by Lu et al. and demonstrates that, in addition to other security weaknesses, the protocol does not provide user anonymity which is an important issue for healthcare environment, and is not secure against insider attacks that may cause impersonation attacks. We propose a secure biometric-based efficient password-authenticated key exchange (SBAKE) protocol in order to remove the incidences of these threats, and present an analysis regarding the security and efficiency of the SBAKE protocol for practical deployment.

[1]  Robert Simon Sherratt,et al.  Enhanced three-factor security protocol for consumer USB mass storage devices , 2014, IEEE Transactions on Consumer Electronics.

[2]  Shirisha Tallapally,et al.  Security enhancement on Simple Three Party PAKE Protocol , 2012, Inf. Technol. Control..

[3]  Ashok Kumar Das,et al.  A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications , 2013 .

[4]  Ji Zhang,et al.  RAMHU: A New Robust Lightweight Scheme for Mutual Users Authentication in Healthcare Applications , 2019, Secur. Commun. Networks.

[5]  Debiao He,et al.  Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol , 2012, Inf. Sci..

[6]  Mahmoud Ahmadian-Attari,et al.  An Enhanced and Secure Three-Party Password-based Authenticated Key Exchange Protocol without Using Server's Public-Keys and Symmetric Cryptosystems , 2014, Inf. Technol. Control..

[7]  Qi Xie,et al.  Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using server’s public key and smart card , 2014, Nonlinear Dynamics.

[8]  Wen-Chung Kuo,et al.  Simultaneous and Anonymous Mobile Network Authentication Scheme Based on Chaotic Maps , 2016, Inf. Technol. Control..

[9]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.

[10]  Linhua Zhang Cryptanalysis of the public key encryption based on multiple chaotic systems , 2008 .

[11]  Xiong Li,et al.  Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS , 2016, Secur. Commun. Networks.

[12]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Eun-Jun Yoon,et al.  Cryptanalysis of a simple three-party password-based key exchange protocol , 2011, Int. J. Commun. Syst..

[14]  Yong Zhao,et al.  ECC-Based Password-Authenticated Key Exchange in the Three-Party Setting , 2013 .

[15]  Chin-Chen Chang,et al.  Chaotic maps-based password-authenticated key agreement using smart cards , 2013, Commun. Nonlinear Sci. Numer. Simul..

[16]  Saru Kumari,et al.  Cryptanalysis and Improvement of a Privacy-Preserving Three-Factor Authentication Protocol for Wireless Sensor Networks , 2019, Sensors.

[17]  Jongho Moon,et al.  Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks , 2017, Sensors.

[18]  Cheng-Chi Lee,et al.  A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps , 2012, Nonlinear Dynamics.

[19]  Samiran Chattopadhyay,et al.  Chaotic Map-Based Anonymous User Authentication Scheme With User Biometrics and Fuzzy Extractor for Crowdsourcing Internet of Things , 2018, IEEE Internet of Things Journal.

[20]  Jongho Moon,et al.  Improving an Anonymous and Provably Secure Authentication Protocol for a Mobile User , 2017, Secur. Commun. Networks.

[21]  Jianfeng Ma,et al.  An Improved Password-Based Remote User Authentication Protocol without Smart Cards , 2013, Inf. Technol. Control..

[22]  Lixiang Li,et al.  A Three-Party Password-based Authenticated Key Exchange Protocol for Wireless Communications , 2015, Inf. Technol. Control..

[23]  Chien-Ming Chen,et al.  Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications , 2018, Journal of Ambient Intelligence and Humanized Computing.

[24]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement From Close Secrets , 2006, IEEE Transactions on Information Theory.

[25]  Wen Qiao-Yan,et al.  A Strongly Secure Pairing-free Certificateless Authenticated Key Agreement Protocol for Low-Power Devices , 2013 .

[26]  Athanasios V. Vasilakos,et al.  Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment , 2018, IEEE Transactions on Dependable and Secure Computing.

[27]  Raphael C.-W. Phan,et al.  Cryptanalysis of a chaotic map-based password-authenticated key agreement protocol using smart cards , 2015 .

[28]  Jian Shen,et al.  Cryptanalysis and Improvement of an Enhanced Two-Factor User Authentication Scheme in Wireless Sensor Networks , 2016, Inf. Technol. Control..

[29]  Wei-Pang Yang,et al.  A communication-efficient three-party password authenticated key exchange protocol , 2011, Inf. Sci..

[30]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[31]  Hung-Yu Chien,et al.  Provably Secure Password-Based Three-Party Key Exchange With Optimal Message Steps , 2009, Comput. J..

[32]  Ashok Kumar Das,et al.  Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem , 2012, Inf. Sci..

[33]  Jeng-Shyang Pan,et al.  Improvement on a Chaotic Map-based Mutual Anonymous Authentication Protocol , 2018, J. Inf. Sci. Eng..

[34]  Chia-Mei Chen,et al.  Communication-efficient three-party protocols for authentication and key agreement , 2009, Comput. Math. Appl..

[35]  Mahboubeh Nazari,et al.  An efficient improvement remote user mutual authentication and session key agreement scheme for E-health care systems , 2016, Multimedia Tools and Applications.

[36]  Liping Zhang,et al.  Privacy Protection for Telecare Medicine Information Systems Using a Chaotic Map-Based Three-Factor Authenticated Key Agreement Scheme , 2017, IEEE Journal of Biomedical and Health Informatics.

[37]  Jianfeng Ma,et al.  A Multi-Party Secret Handshake Scheme Based on Chaotic Maps , 2017, Inf. Technol. Control..

[38]  Dongho Won,et al.  An Enhanced Secure Authentication Scheme with Anonymity for Wireless Environments , 2012, IEICE Trans. Commun..

[39]  Tian-Fu Lee,et al.  Efficient and Secure Temporal Credential-Based Authenticated Key Agreement Using Extended Chaotic Maps for Wireless Sensor Networks , 2015, Sensors.

[40]  Yuh-Min Tseng,et al.  Towards scalable key management for secure multicast communication , 2012, Inf. Technol. Control..