An efficient and secure remote user mutual authentication scheme using smart cards for Telecare medical information systems

Abstract Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks. Several smart card based password authentication schemes for Telecare Medical Information Systems (TMIS) have been proposed in the literature. Recently, Lee et al. proposed an authentication scheme for TMIS and then they claimed that their scheme is able to resist various attacks. However, in this paper we demonstrate that Lee et al. scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of Lee et al. scheme, we present a secure authentication scheme for TMIS. Moreover, the proposed scheme can also resist all known attacks. We prove the security of the proposed scheme with the help of widely-accepted random Oracle model. Finally, we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[3]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[4]  Ashok Kumar Das,et al.  Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem , 2012, Inf. Sci..

[5]  R. Saravanan,et al.  A secure remote user mutual authentication scheme using smart cards , 2014, J. Inf. Secur. Appl..

[6]  Vanga Odelu,et al.  An Effective and Secure Key-Management Scheme for Hierarchical Access Control in E-Medicine System , 2012, Journal of Medical Systems.

[7]  Tsung-Hung Lin,et al.  A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System , 2013, Journal of Medical Systems.

[8]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[9]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[10]  Chunguang Ma,et al.  Cryptanalysis of Two Dynamic ID-Based Remote User Authentication Schemes for Multi-server Architecture , 2012, NSS.

[11]  Peng Wu,et al.  Secure password-based remote user authentication scheme with non-tamper resistant smart cards , 2012, IACR Cryptol. ePrint Arch..

[12]  Ding Wang,et al.  Robust Smart Card based Password Authentication Scheme against Smart Card Security Breach ⋆ , 2012 .

[13]  Zhian Zhu,et al.  An Efficient Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[14]  Tianjie Cao,et al.  Improved Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[15]  C Lovis,et al.  Internet integrated in the daily medical practice within an electronic patient record. , 1998, Computers in biology and medicine.

[16]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[17]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[18]  Tian-Fu Lee,et al.  An Efficient Chaotic Maps-Based Authentication and Key Agreement Scheme Using Smartcards for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[19]  Rui Zhang,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[20]  Guoai Xu,et al.  A Robust Mutual Authentication Scheme Based on Elliptic Curve Cryptography for Telecare Medical Information Systems , 2018, IEEE Access.

[21]  Vanga Odelu,et al.  A secure effective key management scheme for dynamic access control in a large leaf class hierarchy , 2014, Inf. Sci..

[22]  Marc Berg,et al.  Meeting patients' needs with patient information systems: potential benefits of qualitative research methods , 2001, Int. J. Medical Informatics.

[23]  Pietro Michiardi,et al.  Password Strength: An Empirical Analysis , 2010, 2010 Proceedings IEEE INFOCOM.

[24]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[25]  Marimuthu Karuppiah,et al.  Remote user authentication scheme using smart card: a review , 2016, Int. J. Internet Protoc. Technol..

[26]  Yu-Fang Chung,et al.  A Password-Based User Authentication Scheme for the Integrated EPR Information System , 2012, Journal of Medical Systems.

[27]  Hermann Seuschek,et al.  Fast Arithmetic on ATmega128 for Elliptic Curve Cryptography , 2008, IACR Cryptol. ePrint Arch..

[28]  Sandeep K. Sood,et al.  Secure Dynamic Identity-Based Authentication Scheme Using Smart Cards , 2011, Inf. Secur. J. A Glob. Perspect..

[29]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[30]  Jun Zhang,et al.  Robust Anonymous Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[31]  Kyung-Ah Shim,et al.  Security Flaws in Three Password-Based Remote User Authentication Schemes with Smart Cards , 2012, Cryptologia.

[32]  Pia Britt Elberg,et al.  Electronic patient records and innovation in health care services , 2001, Int. J. Medical Informatics.

[33]  Eike Kiltz,et al.  Practical Chosen Ciphertext Secure Encryption from Factoring , 2009, Journal of Cryptology.

[34]  Ashok Kumar Das,et al.  A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[35]  L. Dunlop [3ShidlerJLComTech016] Electronic Health Records: Interoperability Challenges Patients’ Right to Privacy , 2007 .

[36]  Ping Wang,et al.  On the Challenges in Designing Identity-Based Privacy-Preserving Authentication Schemes for Mobile Devices , 2018, IEEE Systems Journal.

[37]  Ashok Kumar Das,et al.  An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System , 2013, Journal of Medical Systems.

[38]  Mohammad Masdari,et al.  A survey and taxonomy of the authentication schemes in Telecare Medicine Information Systems , 2017, J. Netw. Comput. Appl..

[39]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[40]  Vanga Odelu,et al.  An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card , 2015, J. Inf. Secur. Appl..

[41]  Chun-Ta Li,et al.  A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks , 2008, Comput. Commun..

[42]  Sourav Mukhopadhyay,et al.  An enhanced dynamic ID-based authentication scheme for telecare medical information systems , 2017, J. King Saud Univ. Comput. Inf. Sci..

[43]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[44]  Xiong Li,et al.  A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks , 2016, Secur. Commun. Networks.

[45]  Yuefei Zhu,et al.  Robust smart-cards-based user authentication scheme with user anonymity , 2012, Secur. Commun. Networks.

[46]  Sourav Mukhopadhyay,et al.  A secure password-based authentication and key agreement scheme using smart cards , 2015, J. Inf. Secur. Appl..

[47]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[48]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[49]  Xiaotie Deng,et al.  Two-factor mutual authentication based on smart cards and passwords , 2008, J. Comput. Syst. Sci..

[50]  Jing Liu,et al.  Improved privacy-preserving authentication scheme for roaming service in mobile networks , 2014, 2014 IEEE Wireless Communications and Networking Conference (WCNC).

[51]  Ping Wang,et al.  Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards , 2013, ISC.

[52]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[53]  R. C. Mittal,et al.  Dynamic ID-based remote user password authentication schemes using smart cards: A review , 2012, J. Netw. Comput. Appl..

[54]  Debiao He,et al.  Security Flaws in a Smart Card Based Authentication Scheme for Multi-server Environment , 2012, Wireless Personal Communications.

[55]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[56]  Ping Wang,et al.  The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes , 2016, AsiaCCS.

[57]  Jianfeng Ma,et al.  A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[58]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[59]  S. Gritzalis,et al.  Managing Medical and Insurance Information Through a Smart-Card-Based Information System , 2000, Journal of Medical Systems.

[60]  Ashok Kumar Das,et al.  A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications , 2013 .