A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme

The security for Telecare Medicine Information Systems (TMIS) has been crucial for reliable dispensing of the medical services to patients at distant locations. Security and privacy element needs to be there for any physician or caregiver to make certain an appropriate diagnosis, medical treatment or any other exchange of critical information. In this connection, many relevant TMIS-based authentication schemes have been presented, however various forms of attacks and inefficiencies render these schemes inapplicable for a practical scenario. Lately, Amin et al. proposed a scheme based on a multi-server authentication for TMIS. However, the Amin et al., scheme has been found vulnerable to user and server impersonation attacks. We have proposed an improved model with higher performance and efficiency, as evident from the forthcoming sections. Besides, the scheme has been backed up by formal security analysis using BAN logic to ensure the resilience of the proposed scheme.

[1]  Zhihua Xia,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[2]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[3]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[4]  Sourav Mukhopadhyay,et al.  A Secure and Efficient Chaotic Map-Based Authenticated Key Agreement Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[5]  Muhammad Khurram Khan,et al.  An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[6]  Fan Wu,et al.  Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care , 2015, Journal of Medical Systems.

[7]  Cheng-Chi Lee,et al.  A Secure Chaotic Maps and Smart Cards Based Password Authentication and Key Agreement Scheme with User Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[8]  Muhammad Khurram Khan,et al.  An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[9]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[10]  Ping Wang,et al.  Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks , 2014, Ad Hoc Networks.

[11]  Huilong Duan,et al.  Online Treatment Compliance Checking for Clinical Pathways , 2014, Journal of Medical Systems.

[12]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[13]  Athanasios V. Vasilakos,et al.  An Enhanced Mobile-Healthcare Emergency System Based on Extended Chaotic Maps , 2013, Journal of Medical Systems.

[14]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[15]  Jianfeng Ma,et al.  Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[16]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[17]  Xin Liao,et al.  Reversible data hiding in encrypted images based on absolute mean difference of multiple neighboring pixels , 2015, J. Vis. Commun. Image Represent..

[18]  Vanga Odelu,et al.  Cryptanalysis on 'Robust Biometrics-Based Authentication Scheme for Multi-server Environment' , 2014, IACR Cryptol. ePrint Arch..

[19]  Ali Idri,et al.  Empirical Studies on Usability of mHealth Apps: A Systematic Literature Review , 2015, Journal of Medical Systems.

[20]  Muhammad Khurram Khan,et al.  An enhanced privacy preserving remote user authentication scheme with provable security , 2015, Secur. Commun. Networks.

[21]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[22]  Tsung-Hung Lin,et al.  A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System , 2013, Journal of Medical Systems.

[23]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[24]  Tugrul Yanik,et al.  A Survey of SIP Authentication and Key Agreement Schemes , 2014, IEEE Communications Surveys & Tutorials.

[25]  Han-Yu Lin,et al.  On the Security of A Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[26]  Zhiheng Wang,et al.  A Dynamic Identity Based Authentication Scheme Using Chaotic Maps for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[27]  Tanmoy Maitra,et al.  An Efficient and Robust RSA-Based Remote User Authentication for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[28]  Xiong Li,et al.  An enhanced smart card based remote user password authentication scheme , 2013, J. Netw. Comput. Appl..

[29]  Sheetal Kalra,et al.  Advanced remote user authentication protocol for multi-server architecture based on ECC , 2013, J. Inf. Secur. Appl..

[30]  Chin-Chen Chang,et al.  A robust and efficient dynamic identity-based multi-server authentication scheme using smart cards , 2016, Int. J. Commun. Syst..

[31]  Ting Wu,et al.  Improvement of a Uniqueness-and-Anonymity-Preserving User Authentication Scheme for Connected Health Care , 2014, Journal of Medical Systems.

[32]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[33]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[34]  Dheerendra Mishra Design of a password-based authenticated key exchange protocol for SIP , 2015, Multimedia Tools and Applications.

[35]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[36]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[37]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[38]  Cheng-Chi Lee,et al.  A two-factor authentication scheme with anonymity for multi-server environments , 2015, Secur. Commun. Networks.

[39]  Tianjie Cao,et al.  Improved Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[40]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[41]  Muhammad Sher,et al.  An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre , 2016, The Journal of Supercomputing.

[42]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[43]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[44]  Debiao He,et al.  New biometrics-based authentication scheme for multi-server environment in critical systems , 2015, J. Ambient Intell. Humaniz. Comput..

[45]  Zhian Zhu,et al.  An Efficient Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[46]  Chien-Lung Hsu,et al.  A Novel Remote User Authentication Scheme from Bilinear Pairings Via Internet , 2015, Wireless Personal Communications.

[47]  Shehzad Ashraf Chaudhry,et al.  A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme , 2014, Secur. Commun. Networks.

[48]  Jin Wang,et al.  Mutual Verifiable Provable Data Auditing in Public Cloud Storage , 2015 .

[49]  Dongho Won,et al.  Cryptanalysis and Improvement of a Biometrics-Based Multi-server Authentication with Key Agreement Scheme , 2012, ICCSA.

[50]  Peng Gong,et al.  A Secure Biometrics-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[51]  Han-Yu Lin,et al.  Chaotic Map Based Mobile Dynamic ID Authenticated Key Agreement Scheme , 2014, Wirel. Pers. Commun..

[52]  Zuowen Tan,et al.  An efficient biometrics-based authentication scheme for telecare medicine information systems , 2013 .

[53]  Eun-Jun Yoon,et al.  Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem , 2010, The Journal of Supercomputing.

[54]  Muhammad Khurram Khan,et al.  A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security , 2017, Int. J. Commun. Syst..

[55]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[56]  Jun Zhang,et al.  Robust Anonymous Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[57]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[58]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[59]  Muhammad Sher,et al.  A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card , 2013, Multimedia Tools and Applications.

[60]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[61]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets , 2006, CRYPTO.