Cryptanalysis and improvement of ‘a secure authentication scheme for telecare medical information system’ with nonce verification

In 2009, Xu et al. presented an improved smartcard based authentication scheme while using a security model previously applied by Bellare et al. to prove the security of their authentication methods. Later on, in 2012, Wu et al. pointed out number of authentication attacks in Xu et al. scheme. To address these issues, Wu et al. presented a Smartcard based Two-Factor Authentication (2FA) scheme for Telecare Medical Information System (TMIS) facility. In this study, we prove that authentication scheme of Wu et al. is still vulnerable to impersonation attack, offline password guessing attack, forgery attack and many other attacks. Moreover, number of performance and verification issues are also outlined in the authentication scheme of Wu et al. To overcome these issues, an improved and enhanced 3FA Smartphone based authentication method is proposed on a Cloud Computing environment. The proposed scheme is further corroborated using Burrows-Abadi-Needham logic (BAN logic) nonce verification. The detailed BAN logic verification and further security analysis shows that the proposed authentication protocol is highly reliable and secure in terms of message verifications, message freshness and trustworthiness of its origin. Moreover, the comparative security, performance and feature analysis shows that the proposed work yields an even more improved and enhanced authentication framework as compared to Wu et al. authentication scheme.

[1]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[2]  Abdul Hanan Abdullah,et al.  Analysis of enterprise service buses based on information security, interoperability and high-availability using analytical hierarchy process (AHP) method , 2011 .

[3]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[4]  Peng Gong,et al.  A Secure Biometrics-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[5]  Abdul Hanan Abdullah,et al.  Qualified Analysis b/w ESB(s) Using Analytical Hierarchy Process (AHP) Method , 2011, 2011 Second International Conference on Intelligent Systems, Modelling and Simulation.

[6]  Qinghai Yang,et al.  A Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[7]  Abdullah Sharaf Alghamdi,et al.  Common Interoperability Framework for Defense Architectures, A Web Semantic approach , 2010, DMS.

[8]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[9]  Abdul Hanan Abdullah,et al.  Smart Environment as a Service: Three Factor Cloud Based User Authentication for Telecare Medical Information System , 2013, Journal of Medical Systems.

[10]  Hassan M. Elkamchouchi,et al.  Mobile one-time passwords: two-factor authentication using mobile phones , 2012, Secur. Commun. Networks.

[11]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[12]  Abdullah S. Alghamdi,et al.  A universal view SOA interoperability framework for multiple C4I applications , 2014 .

[13]  David C. Yen,et al.  Understanding the Mediating Effects of Relationship Quality on Technology Acceptance: An Empirical Study of E-Appointment System , 2013, Journal of Medical Systems.

[14]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[15]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[16]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[17]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[18]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[19]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[20]  Naixue Xiong,et al.  A Fingerprint Recognition Scheme Based on Assembling Invariant Moments for Cloud Computing Communications , 2011, IEEE Systems Journal.

[21]  Abdullah S. Alghamdi,et al.  SOA based C4I common-view interoperability model , 2014 .

[22]  Jianfeng Ma,et al.  A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[23]  Abdullah Sharaf Alghamdi,et al.  A Common Information Exchange Model for Multiple C4I Architectures , 2010, 2010 12th International Conference on Computer Modelling and Simulation.