Skip to main content

Advertisement

Springer Nature Link
Log in

A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Telecare Medical Information System (TMIS) supports a standard platform to the patient for getting necessary medical treatment from the doctor(s) via Internet communication. Security protection is important for medical records (data) of the patients because of very sensitive information. Besides, patient anonymity is another most important property, which must be protected. Most recently, Chiou et al. suggested an authentication protocol for TMIS by utilizing the concept of cloud environment. They claimed that their protocol is patient anonymous and well security protected. We reviewed their protocol and found that it is completely insecure against patient anonymity. Further, the same protocol is not protected against mobile device stolen attack. In order to improve security level and complexity, we design a light weight authentication protocol for the same environment. Our security analysis ensures resilience of all possible security attacks. The performance of our protocol is relatively standard in comparison with the related previous research.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Amin, R., Cryptanalysis and efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. IJ Netw. Secur. 18(1):172–181, 2016.

    Google Scholar 

  2. Amin, R., and Biswas, G. P, Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arab. J. Sci. Eng. 40(11):3135–3149, 2015.

    Article  Google Scholar 

  3. Amin, R., and Biswas, G. P., A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8):1–19, 2015.

    Google Scholar 

  4. Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., Kumar, N.: A robust and anonymous patient monitoring system using wireless medical sensor networks. Future Generation Computer Systems. doi:10.1016/j.future.2016.05.032 (2016)

  5. Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., Li, X., Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J. Med. Syst. 39(11):140 , 2015.

    Article  PubMed  Google Scholar 

  6. Chaudhry, S. A., Khan, M. T., Khan, M. K., Shon, T., A multiserver biometric authentication scheme for tmis using elliptic curve cryptography. J. Med. Syst. 40(11):230, 2016.

    Article  PubMed  Google Scholar 

  7. Chaudhry, S. A., Naqvi, H., Shon, T., Sher, M., Farash, M. S., Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6):65–75, 2015.

    Article  Google Scholar 

  8. Chen, C. L., Yang, T. T., Chiang, M. L., Shih, T. F., A privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 38(11):1–16, 2014.

    CAS  Google Scholar 

  9. Chen, C. L., Yang, T. T., Shih, T. F., A secure medical data exchange protocol based on cloud environment. J. Med. Syst. 38(9):1–12, 2014.

    CAS  Google Scholar 

  10. Chiou, S. Y., Ying, Z., Liu, J., Improvement of a privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 40(4):1–15, 2016.

    Article  Google Scholar 

  11. Debiao, H., Jianhua, C., Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  PubMed  Google Scholar 

  12. Giri, D., Sherratt, R. S., Maitra, T., Amin, R., Efficient biometric and password based mutual authentication for consumer usb mass storage devices. IEEE Trans. Consum. Electron. 61(4):491–499, 2015.

    Article  Google Scholar 

  13. Gope, P., and Amin, R., A novel reference security model with the situation based access policy for accessing ephr data. J. Med. Syst. 40(11):41–53, 2016.

    Article  Google Scholar 

  14. Gope, P., and Hwang, T., A realistic lightweight anonymous authentication protocol for securing real-time application data access in wireless sensor networks. IEEE Trans. Ind. Electron. 63(11):7124–7132, 2016.

    Article  Google Scholar 

  15. He, D., Kumar, N., Shen, H., Lee, J. H., One-to-many authentication for access control in mobile pay-tv systems. Sci. China Inf. Sci. 59(5):1–14, 2015.

    Article  Google Scholar 

  16. He, D., Kumar, N., Wang, H., Wang, L., Choo, K. K. R., Vinel, A.: A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Transactions on Dependable and Secure Computing (99), 1–1. doi:10.1109/TDSC.2016.2596286 (2016)

  17. He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 9(3):816–823, 2015.

    Article  Google Scholar 

  18. He, D., Zeadally, S., Kumar, N., Lee, J. H.: Anonymous authentication for wireless body area networks with provable security (99) 1–12. doi:10.1109/JSYST.2016.2544805 (2016)

  19. Islam, S., Obaidat, M. S., Amin, R.: An anonymous and provably secure authentication scheme for mobile user. International Journal of Communication Systems. doi:10.1002/dac.3126 (2016)

  20. Islam, S. H., Amin, R., Biswas, G. P., Farash, M. S., Li, X., Kumari, S.: An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments Journal of King Saud University-Computer and Information Sciences. doi:10.1016/j.jksuci.2015.08.002 (2015)

  21. Jiang, Q., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):1–8, 2013.

    Article  Google Scholar 

  22. Karati, A., Amin, R., Biswas, G. P., Provably secure threshold-based abe scheme without bilinear map. Arab. J. Sci. Eng. 41(8):3201–3213, 2016.

    Article  Google Scholar 

  23. Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):1–12, 2013.

    Article  Google Scholar 

  24. Kumar, R., Amin, R., Karati, A., Biswas, G. P.: Secure remote login scheme with password and smart card update facilities. In: Proceedings of the 4th international conference on frontiers in intelligent computing: Theory and applications (FICTA) 2015, pp. 495–505. Springer (2016)

  25. Kumari, S., Khan, M. K., Kumar, R., Cryptanalysis and improvement of ’a privacy enhanced scheme for telecare medical information systems’. J. Med. Syst. 37(4):1–11, 2013.

    Article  Google Scholar 

  26. Lee, C. C., Hsu, C. W., Lai, Y. M., Vasilakos, A., An enhanced mobile-healthcare emergency system based on extended chaotic maps. J. Med. Syst. 37(5):1–12, 2013.

    Article  Google Scholar 

  27. Li, C. T., Lee, C. C., Weng, C. Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):1–11, 2014.

    Article  CAS  Google Scholar 

  28. Li, X., Kumari, S., Shen, J., Wu, F., Chen, C., Islam, S. H.: Secure data access and sharing scheme for cloud storage. Wireless Personal Communications pp.1–20. doi:10.1007/s11277-016-3742-6 (2016)

  29. Li, X., Niu, J., Karuppiah, M., Kumari, S., Wu, F., Secure and efficient two-factor user authentication scheme with user anonymity for network based e-health care applications. J. Med. Syst. 40(12):267–277, 2016.

    Article  Google Scholar 

  30. Li, X., Niu, J., Khan, M. K., Liao, J., An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5):1365–1371, 2013.

    Article  Google Scholar 

  31. Maitra, T., Obaidat, M. S., Amin, R., Islam, S., Chaudhry, S. A., Giri, D.: A robust elgamal-based password-authentication protocol using smart card for client-server communication International Journal of Communication Systems. doi:10.1002/dac.3242 (2016)

  32. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M. K., Cryptanalysis and improvement of yan others.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):1–12, 2014.

    Article  Google Scholar 

  33. Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10): 1–10, 2014.

    Article  Google Scholar 

  34. Shao, J., Lin, X., Lu, R., Zuo, C., A threshold anonymous authentication protocol for vanets. IEEE Trans. Veh. Technol. 65(3):1711–1720, 2016.

    Article  Google Scholar 

  35. Sureshkumar, V., Anitha, R., Rajamanickam, N., Amin, R.: A lightweight two-gateway based payment protocol ensuring accountability and unlinkable anonymity with dynamic identity Computers & Electrical Engineering. doi:10.1016/j.compeleceng.2016.07.014 (2016)

  36. Sutrala, A. K., Das, A. K., Odelu, V., Wazid, M., Kumari, S., Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Comput. Methods Prog. Biomed. 135:167–185, 2016.

    Article  Google Scholar 

  37. Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3):200–204, 2013.

    Google Scholar 

  38. Wazid, M., Das, A. K., Kumari, S., Li, X., Wu, F., Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for tmis. Secur. Commun. Netw. 9(13):1983–2001, 2016.

    Google Scholar 

  39. Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  PubMed  Google Scholar 

  40. Wu, Z. Y., Chung, Y., Lai, F., Chen, T. S., A password-based user authentication scheme for the integrated epr information system. J. Med. Syst. 36(2):631–638, 2012.

    Article  PubMed  Google Scholar 

  41. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  PubMed  Google Scholar 

  42. Wu, Z. Y., Tseng, Y. J., Chung, Y., Chen, Y. C., Lai, F., A reliable user authentication and key agreement scheme for web-based hospital-acquired infection surveillance information system. J. Med. Syst. 36(4): 2547–2555, 2012.

    Article  PubMed  Google Scholar 

  43. Yan, X., Li, W., Li, P., Wang, J., Hao, X., Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 35(5):1–6, 2013.

    CAS  Google Scholar 

  44. Yang, H., Kim, H., Mtonga, K., An efficient privacy-preserving authentication scheme with adaptive key evolution in remote health monitoring system. Peer-to-Peer Netw. Appl. 8(6):1059–1069, 2015.

    Article  Google Scholar 

  45. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838 , 2012.

    Article  PubMed  Google Scholar 

Download references

Acknowledgments

The authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16).

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology (ISM), Dhanbad, 826004, Jharkhand, India

    Prerna Mohit, Arijit Karati & G. P. Biswas

  2. Department of Computer Science and Engineering, Thapar University, Patiala, 147004, Punjab, India

    Ruhul Amin

  3. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

Authors
  1. Prerna Mohit
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Ruhul Amin
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Arijit Karati
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. G. P. Biswas
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Muhammad Khurram Khan
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Ruhul Amin.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mohit, P., Amin, R., Karati, A. et al. A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System. J Med Syst 41, 50 (2017). https://doi.org/10.1007/s10916-017-0699-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-017-0699-2

Keywords