Skip to main content
Springer Nature Link
Log in

Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Nowadays, with comprehensive employment of the internet, healthcare delivery services is provided remotely by telecare medicine information systems (TMISs). A secure mechanism for authentication and key agreement is one of the most important security requirements for TMISs. Recently, Tan proposed a user anonymity preserving three-factor authentication scheme for TMIS. The present paper shows that Tan’s scheme is vulnerable to replay attacks and Denial-of-Service attacks. In order to overcome these security flaws, a new and efficient three-factor anonymous authentication and key agreement scheme for TMIS is proposed. Security and performance analysis shows superiority of the proposed scheme in comparison with previously proposed schemes that are related to security of TMISs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Wen, F., Guo D., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(5):1–11, 2014. doi:10.1007/s10916-014-0026-0.

    MathSciNet  Google Scholar 

  2. Chen, H. M., Lo, J. W., Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  Google Scholar 

  3. Nikooghadam, M., Zakerolhosseini, A., Secure communication of medical information using mobile agents. J. Med. Syst. 36(6):3839–3850, 2012.

    Article  Google Scholar 

  4. Kim, K.-W., Lee, J.-D., On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014-0017-1.

    Google Scholar 

  5. Wang, Y.-Y., Liu, J.-Y., Xiao, F.-X., Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009.

    Article  Google Scholar 

  6. Khan, M. K., Kim, S.-K., Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic ID-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2011.

    Article  Google Scholar 

  7. Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-012-9911-6.

    Google Scholar 

  8. Jiang, Q., Ma, J.F., Ma, Z., Li, G.S., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-012-9897-0.

    Google Scholar 

  9. Wu, F., Xu, L.L., Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-013-9958-z.

    Google Scholar 

  10. Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  Google Scholar 

  11. He, D., Chen, J., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  12. Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  Google Scholar 

  13. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.

    Article  Google Scholar 

  14. Khan, M.K., Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 2013. doi:10.1007/s10916-013-9954-3.

    Google Scholar 

  15. Lee, T.-F., Liu, C.-M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 2013. doi:10.1007/s10916-013-9933-8.

    Google Scholar 

  16. Muhaya, F. T. B., Cryptanalysis and security enhancement of Zhu’s authentication scheme for telecare medicine information system. Secur. Commun. Netw. 2014. doi:10.1002/sec.967.

    Google Scholar 

  17. Radha, N., Karthikeyan, S., A study on biometric template security. ICTACT J Soft Comput 1(1):37–41, 2010.

    Google Scholar 

  18. Awasthi, A. K., Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 2013. doi:10.1007/s10916-013-9964-1.

    Google Scholar 

  19. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M.K., Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 2014. doi:10.1007/s10916-014-0041-1.

    Google Scholar 

  20. Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014-0016-2.

    Google Scholar 

  21. Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., He, L., A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. J. Med. Syst. 2014. doi:10.1007/s10916-013-9994-8.

    Google Scholar 

  22. Das, A. K., Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37, 2013. doi:10.1007/s10916-013-9969-9.

  23. Wu, Z.-Y., Chung, Y., Lai, F., Chen, T.-S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012. doi:10.1007/s10916-010-9527-7.

    Article  Google Scholar 

  24. Hsiao, T.-C., Liao, Y.-T., Huang, J.-Y., Chen, T.-Z., Horng, G.-B., An Authentication Scheme to Healthcare Security under Wireless Sensor Networks. J. Med. Syst. 36(2):3649–3664, 2012. doi:10.1007/s10916-012-9839-x.

    Article  Google Scholar 

  25. Yan, X., Li, W., Li, P., Wang, J., Hao, X., Gong, P., A Secure Biometrics-based Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 37, 2013. doi:10.1007/s10916-013-9972-1.

  26. Cao, T., Zhai, J., Improved Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems .J. Med. Syst. 37, 2013. doi:10.1007/s10916-012-9912-5.

  27. Lin, H.-Y., On the Security of A Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems. J. Med. Syst. 37, 2013. doi:10.1007/s10916-013-9929-4.

  28. Hao, X., Wang, J., Yang, Q., Yan, X., and Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37:9919, 2013. doi:10.1007/s10916-012-9919-y.

    Article  Google Scholar 

  29. Yau, W.-C., Phan, R. C.-W., Security Analysis of a Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 37:9993, 2013. doi:10.1007/s10916-013-9993-9.

    Article  Google Scholar 

  30. Chang, Y.-F., Yu, S.-H., Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013. doi:10.1007/s10916-012-9902-7.

  31. Das, A. K., Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9948, 2013. doi:10.1007/s10916-013-9948-1.

    Article  Google Scholar 

  32. Wen, F., A robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9980, 2013. doi:10.1007/s10916-013-9980-1.

  33. Zhao, Z., An Efficient Anonymous Authentication Scheme for Wireless Body Area Networks Using Elliptic Curve Cryptosystem. J. Med. Syst. 38, 2014. doi:10.1007/s10916-014-0013-5.

  34. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M. K., Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 38, 2014. doi:10.1007/s10916-014-0024-2.

  35. Das, A. K., Goswami, A., An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function. J. Med. Syst. 38, 2014. doi:10.1007/s10916-014-0027-z.

  36. Xie, Q., Liu, W., Wang, S., Han, L., Hu, B., Wu, T., Improvement of a Uniqueness-and-Anonymity-Preserving User Authentication Scheme for Connected Health Care. J. Med. Syst. 38, 2014. doi:10.1007/s10916-014-0091-4.

  37. Jiang, Q., Ma, J., Lu, X., Tian, Y., Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems. J. Med. Syst. 38, 2014. doi:10.1007/s10916-014-0012-6.

  38. Li, C.-T., Lee, C.-C., Weng, C.-Y., A Secure Chaotic Maps and Smart Cards Based Password Authentication and Key Agreement Scheme with User Anonymity for Telecare Medicine Information Systems. J. Med. Syst. 38, 2014. doi:10.1007/s10916-014-0077-2.

  39. Wen, F., A more secure anonymous user authentication scheme for the integrated EPR information system. J. Med. Syst. 2014. doi:10.1007/s10916-014-0042-0.

    Google Scholar 

  40. Hankerson, D., Menezes, A., Vanstone, S., Guide to elliptic curve cryptography. Springer, New York, USA, 2004.

    MATH  Google Scholar 

  41. Vanstone, S. A., Elliptic curve cryptosystem-the answer to strong, fast public-key cryptography for securing constrained environments. Inf. Secur. Tech. Rep. 12:78–87, 1997.

    Article  Google Scholar 

  42. Nikooghadam, M., Zakerolhosseini, A., An efficient blind signature scheme based on the elliptic curve discrete logarithm problem. The ISC International Journal of Information Security. 8(10):125–131, 2009.

    Google Scholar 

  43. Stallings, W., Cryptography and Network Security: Principles and Practice, 4th edition. Prentice Hall, Upper Saddle River, NJ, 2005.

    Google Scholar 

  44. Zakerolhosseini, A., Nikooghadam, M., Secure Transmission of Mobile Agent in Dynamic Distributed Environments. Wireless Personal Communications, 70(2):641–656, 2013. doi:10.1007/s11277-012-0712-5.

    Article  Google Scholar 

  45. Nikooghadam, M., Zakerolhosseini, A., Moghaddam, M.E., Efficient utilization of elliptic curve cryptosystem for hierarchical access control. J. Syst. Softw. 83(10):1917–1929, 2010.

    Article  Google Scholar 

  46. Agarwal, S., Rungta, A., Padmavathy, R., Shankar, M., Rajan, N., An Improved Fast and Secure Hash Algorithm. Journal of Information Processing Systems. 8(1):119–132, 2012.

    Article  Google Scholar 

  47. Linnartz, J.-P., Tuyls, P., New shielding functions to enhance privacy and prevent misuse of biometric templates. In: Proceedings of the Audio- and Video-Based Person Authentication. 2688:393–402, 2003. Guildford, UK. doi:10.1007/3-540-44887-X_47.

  48. Nanavati, S., Thieme, M., Nanavati, R., Biometrics: Identity Verification in a Networked World. John Wiley & Sons, Inc., New York, NY, USA. 2002.

    Google Scholar 

  49. Koblitz, N., Menezes, A., Vanstone, S., The state of elliptic curve cryptography. Des. Code. Crypt. 19:173–193, 2000.

    Article  MATH  MathSciNet  Google Scholar 

  50. Johnson, D., Menezes, A., Vanstone, S., The elliptic curve digital signature algorithm (ECDSA). Inter. J. Inf. Secur. 1(1):36–63, 2001. doi:10.1007/s102070100002.

    Article  Google Scholar 

  51. Inuma, M., Otsuka, A., Imai, H., Theoretical framework for constructing matching algorithms in biometric authentication systems. In: Proc of ICB’09. Lecture notes in computer science. 5558:806–815, 2009. Springer Berlin Heidelberg. doi:10.1007/978-3-642-01793-3_82.

  52. He D., Chen J., Hu J., An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inf. Fusion 13(3):223–230, 2012.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering and Information Technology, Imam Reza International University, Mashhad, Iran

    Hamed Arshad & Morteza Nikooghadam

Authors
  1. Hamed Arshad
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Morteza Nikooghadam
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Morteza Nikooghadam.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Arshad, H., Nikooghadam, M. Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems. J Med Syst 38, 136 (2014). https://doi.org/10.1007/s10916-014-0136-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0136-8

Keywords