An Improved Biometrics-Based Authentication Scheme for Telecare Medical Information Systems

Telecare medical information system (TMIS) offers healthcare delivery services and patients can acquire their desired medical services conveniently through public networks. The protection of patients’ privacy and data confidentiality are significant. Very recently, Mishra et al. proposed a biometrics-based authentication scheme for telecare medical information system. Their scheme can protect user privacy and is believed to resist a range of network attacks. In this paper, we analyze Mishra et al.’s scheme and identify that their scheme is insecure to against known session key attack and impersonation attack. Thereby, we present a modified biometrics-based authentication scheme for TMIS to eliminate the aforementioned faults. Besides, we demonstrate the completeness of the proposed sche-me through BAN-logic. Compared to the related schemes, our protocol can provide stronger security and it is more practical.

[1]  Zhian Zhu,et al.  An Efficient Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[2]  Morteza Nikooghadam,et al.  Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[3]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[4]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[5]  Xiong Li,et al.  Robust three-factor remote user authentication scheme with key agreement for multimedia systems , 2016, Secur. Commun. Networks.

[6]  Xiong Li,et al.  Applying biometrics to design three-factor remote user authentication scheme with key agreement , 2014, Secur. Commun. Networks.

[7]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[8]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[9]  Jianfeng Ma,et al.  Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[10]  Fengtong Wen,et al.  An Improved Anonymous Authentication Scheme for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[11]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[12]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[13]  Dianli Guo,et al.  Analysis and Improvement of a Robust Smart Card Based-Authentication Scheme for Multi-Server Architecture , 2014, Wirel. Pers. Commun..

[14]  Peng Gong,et al.  A Secure Biometrics-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[15]  Ashok Kumar Das,et al.  An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function , 2014, Journal of Medical Systems.

[16]  Zuowen Tan,et al.  An efficient biometrics-based authentication scheme for telecare medicine information systems , 2013 .

[17]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[18]  MaitraTanmoy,et al.  An Efficient Biometric and Password-Based Remote User Authentication using Smart Card for Telecare Medical Information Systems in Multi-Server Environment , 2014 .

[19]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[20]  Fengtong Wen,et al.  A Robust Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[21]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[22]  Qiaoyan Wen,et al.  Secure Privacy-Preserving Biometric Authentication Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[23]  Ya-Fen Chang,et al.  A Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[24]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[25]  Xiong Li,et al.  An enhanced smart card based remote user password authentication scheme , 2013, J. Netw. Comput. Appl..

[26]  Tanmoy Maitra,et al.  An Efficient Biometric and Password-Based Remote User Authentication using Smart Card for Telecare Medical Information Systems in Multi-Server Environment , 2014, Journal of Medical Systems.

[27]  Wei Liang,et al.  Robust dynamic ID-based remote user authentication scheme using smart cards , 2014, Int. J. Ad Hoc Ubiquitous Comput..

[28]  Guomin Yang,et al.  A robust smart card-based anonymous user authentication protocol for wireless communications , 2014, Secur. Commun. Networks.

[29]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[30]  Zuowen Tan,et al.  A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.