ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments

A variety of three-factor smart-card based schemes, specifically designed for telecare medicine information systems (TMIS) are available for remote user authentication. Most of the existing schemes for TMIS are customarily proposed for the single server-based environments and in a single-server environment. Therefore, there is a need for patients to distinctly register and login with each server to employ distinct services, so it escalates the overhead of keeping the cards and memorizing the passwords for the users. Whereas, in a multi-server environment, users only need to register once to resort various services for exploiting the benefits of a multi-server environment. Recently, Barman et al. proposed an authentication scheme for e-healthcare by employing a fuzzy commitment and asserted that the scheme can endure many known attacks. Nevertheless, after careful analysis, this paper presents the shortcoming related to its design. Furthermore, it proves that the scheme of Barman et al. is prone to many attacks including: server impersonation, session-key leakage, user impersonation, secret temporary parameter leakage attacks as well as its lacks user anonymity. Moreover, their scheme has the scalability issue. In order to mitigate the aforementioned issues, this work proposes an amended three-factor symmetric-key based secure authentication and key agreement scheme for multi-server environments (ITSSAKA-MS). The security of ITSSAKA-MS is proved formally under automated tool AVISPA along with a security feature discussion. Although, the proposed scheme requisites additional communication and computation costs. In contrast, the informal and automated formal security analysis indicate that only proposed scheme withstands several known attacks as compared to recent benchmark schemes.

[1]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[2]  Muhammad Khurram Khan,et al.  A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography , 2016, Journal of Medical Systems.

[3]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[4]  Abdullah Al-Barakati,et al.  An Anonymous Device to Device Authentication Protocol Using ECC and Self Certified Public Keys Usable in Internet of Things Based Autonomous Devices , 2020, Electronics.

[5]  Yixian Yang,et al.  Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards , 2015, PloS one.

[6]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[7]  Biplab Sikdar,et al.  Mutual Authentication in IoT Systems Using Physical Unclonable Functions , 2017, IEEE Internet of Things Journal.

[8]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[9]  Morteza Nikooghadam,et al.  Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[10]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[11]  Costas Lambrinoudakis,et al.  Technical guidelines for enhancing privacy and data protection in modern electronic medical environments , 2005, IEEE Transactions on Information Technology in Biomedicine.

[12]  David C. Yen,et al.  Design and Implementation of a Telecare Information Platform , 2012, Journal of Medical Systems.

[13]  Rui Zhang,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[14]  Xiao Zhang,et al.  Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme , 2016, PloS one.

[15]  Matu-Tarow Noda,et al.  Simple and Secure Password Authentication Protocol (SAS) , 2000 .

[16]  Muhammad Khurram Khan,et al.  A Provably Secure RFID Authentication Protocol Based on Elliptic Curve for Healthcare Environments , 2016, Journal of Medical Systems.

[17]  Zhian Zhu,et al.  An Efficient Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[18]  Biplab Sikdar,et al.  ATT-Auth: A Hybrid Protocol for Industrial IoT Attestation With Authentication , 2018, IEEE Internet of Things Journal.

[19]  Sherali Zeadally,et al.  Efficient and Privacy-Preserving Data Aggregation Scheme for Smart Grid Against Internal Adversaries , 2017, IEEE Transactions on Smart Grid.

[20]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[21]  Samiran Chattopadhyay,et al.  A Secure Authentication Protocol for Multi-Server-Based E-Healthcare Using a Fuzzy Commitment Scheme , 2019, IEEE Access.

[22]  Saru Kumari,et al.  An enhanced anonymous identity‐based key agreement protocol for smart grid advanced metering infrastructure , 2019, Int. J. Commun. Syst..

[23]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[24]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[25]  Kim-Kwang Raymond Choo,et al.  Security and Privacy for the Internet of Drones: Challenges and Solutions , 2018, IEEE Communications Magazine.

[26]  Naveen K. Chilamkurti,et al.  A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography , 2014, Multimedia Tools and Applications.

[27]  Xin Xu,et al.  A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[28]  Zeeshan Ali,et al.  Securing Smart City Surveillance: A Lightweight Authentication Mechanism for Unmanned Vehicles , 2020, IEEE Access.

[29]  Jian Wang,et al.  Strong Authentication Scheme for Telecare Medicine Information Systems , 2011, Journal of Medical Systems.

[30]  Debasis Giri,et al.  A robust authentication and access control protocol for securing wireless healthcare sensor networks , 2020, J. Inf. Secur. Appl..

[31]  Arif Ur Rahman,et al.  Security and key management in IoT‐based wireless sensor networks: An authentication protocol using symmetric key , 2019, Int. J. Commun. Syst..

[32]  Fadi Al-Turjman,et al.  Correcting design flaws: An improved and cloud assisted key agreement scheme in cyber physical systems , 2020, Comput. Commun..

[33]  Jia-Yong Liu,et al.  A new mutual authentication scheme based on nonce and smart cards , 2008, Comput. Commun..

[34]  Shehzad Ashraf Chaudhry,et al.  Comments on “Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment” , 2019, IEEE Internet of Things Journal.

[35]  Jianfeng Ma,et al.  A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[36]  Chien-Ming Chen,et al.  Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications , 2018, Journal of Ambient Intelligence and Humanized Computing.

[37]  Debiao He,et al.  Privacy-preserving data aggregation scheme against internal attackers in smart grids , 2016, Wirel. Networks.

[38]  R. C. Mittal,et al.  A Hash Based Mutual RFID Tag Authentication Protocol in Telecare Medicine Information System , 2014, Journal of Medical Systems.

[39]  Muhammad Khurram Khan,et al.  An enhanced lightweight anonymous biometric based authentication scheme for TMIS , 2017, Multimedia Tools and Applications.

[40]  Tugrul Yanik,et al.  A Survey of SIP Authentication and Key Agreement Schemes , 2014, IEEE Communications Surveys & Tutorials.

[41]  Morteza Nikooghadam,et al.  An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC , 2014, Multimedia Tools and Applications.

[42]  Xiaojun Cao,et al.  Ubiquitous WSN for Healthcare: Recent Advances and Future Prospects , 2014, IEEE Internet of Things Journal.

[43]  Ely Salwana,et al.  Securing IoT-Based RFID Systems: A Robust Authentication Protocol Using Symmetric Cryptography , 2019, Sensors.

[44]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[45]  Hao Lin,et al.  An Improved Anonymous Multi-Server Authenticated Key Agreement Scheme Using Smart Cards and Biometrics , 2015, Wirel. Pers. Commun..

[46]  Athanasios V. Vasilakos,et al.  An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks , 2017, Comput. Electr. Eng..

[47]  Saru Kumari,et al.  An improved lightweight multiserver authentication scheme , 2017, Int. J. Commun. Syst..

[48]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’ , 2012, Journal of Medical Systems.

[49]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[50]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[51]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[52]  Jagdish Bakal,et al.  Refining Healthcare Monitoring System Using Wireless Sensor Networks Based on Key Design Parameters , 2018, Information and Communication Technology for Intelligent Systems.

[53]  Eun-Jun Yoon,et al.  Design of Mutually Authenticated Key Agreement Protocol Resistant to Impersonation Attacks for Multi-Server Environment , 2017, IEEE Access.