Design of a Password Authentication and Key Agreement Scheme to Access e-Healthcare Services

The telecare medical information system (TMIS) offers remote healthcare services to the patients at their doorstep. Including this serenity, it is compulsory to preserve privacy and to give guaranty to the patients for secured TMIS communication. Authentication protocols are usually exploited to ensure privacy and protect communication between patients and remote assistance. Currently, we observe the inaccuracy of an authentication protocol for TMIS. The scheme is recently proposed by Qiu et al. to realize healthcare services. We find that their protocol is vulnerable to offline password guessing, replay, and anonymity violation attacks. To avoid these weaknesses, we have developed an improved biometric-based protocol. Our proposed protocol is capable to prevent the said attacks. We validate the security of our proposed protocol using Burrows–Abadi–Needham logic. We compare the performance of the proposed protocol with the preceding protocols and conclude that the proposed protocol is more secure and efficient as compared to its former counterparts.

[1]  Loris Nanni,et al.  Biohashing applied to orientation-based minutia descriptor for secure fingerprint authentication system , 2011 .

[2]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[3]  C Lovis,et al.  Internet integrated in the daily medical practice within an electronic patient record. , 1998, Computers in biology and medicine.

[4]  S. Gritzalis,et al.  Managing Medical and Insurance Information Through a Smart-Card-Based Information System , 2000, Journal of Medical Systems.

[5]  Xin Xu,et al.  A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[6]  Pia Britt Elberg,et al.  Electronic patient records and innovation in health care services , 2001, Int. J. Medical Informatics.

[7]  Hirohito Inagaki,et al.  A Password Authentication Method for Contents Communications on the Internet , 1998 .

[8]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[9]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[10]  Guoai Xu,et al.  A Robust Mutual Authentication Scheme Based on Elliptic Curve Cryptography for Telecare Medical Information Systems , 2018, IEEE Access.

[11]  Debiao He,et al.  An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings , 2012, Ad Hoc Networks.

[12]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[13]  Chien-Ming Chen,et al.  Questioning Key Compromise Attack on Ostad-Sharif et al.’s Authentication and Session key Generation Scheme for Healthcare Applications , 2019, IEEE Access.

[14]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[15]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[16]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[17]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[18]  Chris J. Mitchell,et al.  Comments on the S/KEY user authentication scheme , 1996, OPSR.

[19]  Jongho Moon,et al.  An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps , 2015, Journal of Medical Systems.

[20]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[21]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.