Skip to main content
Springer Nature Link
Log in

A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

The security for Telecare Medicine Information Systems (TMIS) has been crucial for reliable dispensing of the medical services to patients at distant locations. Security and privacy element needs to be there for any physician or caregiver to make certain an appropriate diagnosis, medical treatment or any other exchange of critical information. In this connection, many relevant TMIS-based authentication schemes have been presented, however various forms of attacks and inefficiencies render these schemes inapplicable for a practical scenario. Lately, Amin et al. proposed a scheme based on a multi-server authentication for TMIS. However, the Amin et al., scheme has been found vulnerable to user and server impersonation attacks. We have proposed an improved model with higher performance and efficiency, as evident from the forthcoming sections. Besides, the scheme has been backed up by formal security analysis using BAN logic to ensure the resilience of the proposed scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Amin R, Islam SH, Biswas GP, Khan MK, Kumar N (2015) An efficient and practical smart card based anonymity preserving user authentication scheme for TMIS using elliptic curve cryptography. J Med Syst 39(11):1–18

    Google Scholar 

  2. Cao T, Zhai J (2013) Improved dynamic id-based authentication scheme for telecare medical information systems. J Med Syst 37(2):1–7

    Article  Google Scholar 

  3. Certicom Research Standard for efficient cryptography, SEC 1 (2000) EC cryptography. ver. 1.0

  4. Chang C-C, Cheng T-F, Hsueh W-Y (2014) A robust and efficient dynamic identity-based multi-server authentication scheme using smart cards. Inter J Comm Sys

  5. Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Sec Commun Networks. doi:10.1002/sec.1299

    Google Scholar 

  6. Chaudhry SA, Mahmood K, Naqvi H, Khan MK (2015) An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. J Med Syst 39(11):1–12

    Article  Google Scholar 

  7. Chaudhry SA, Naqvi H, Shon T, Sher M, Farash MS (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst 39(6):1–11

    Article  Google Scholar 

  8. Chen C-T, Lee C-C (2015) A two-factor authentication scheme with anonymity for multi-server environments. Sec Comm Networks 8(8):1608–1625

    Article  Google Scholar 

  9. Chen HM, Lo JW, Yeh CK (2012) An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J Med Syst 36(6):3907–3915

    Article  Google Scholar 

  10. Dodis Y, Kanukurthi B, Katz J, Reyzin L, Smith A (2012) Robust fuzzy extractors and authenticated key agreement from close secrets. IEEE Trans Inf Theory 58(9):6207–6222. doi:10.1109/TIT.2012.2200290

    Article  MathSciNet  MATH  Google Scholar 

  11. Dodis Y, Reyzin L (2004) Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. Adv Cryptol—EUROCRYPT 2004 3027:523–540. doi:10.1007/978-3-540-24676-3_31

    Article  MATH  Google Scholar 

  12. Farash MS, Chaudhry SA, Heydari M, Sajad Sadough SM, Kumari S, Khan MK (2015) A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int J Commun Syst. doi:10.1002/dac.3019

    Google Scholar 

  13. Giri D, Maitra T, Amin R, Srivastava P (2014) An efficient and robust RSA-based remote user authentication for telecare medical information systems. J Med Syst 39(1):145. doi:10.1007/s10916-014-0145-7

    Article  Google Scholar 

  14. He D, Jianhua C, Rui Z (2012) A more secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1989–1995

    Article  Google Scholar 

  15. He D, Kumar N, Chen J, Lee CC, Chilamkurti N, Yeo SS (2015) Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems 21(1):49–60. doi:10.1007/s00530-013-0346-9

    Article  Google Scholar 

  16. He D, Kumar N, Chilamkurti N (2015) A secure temporal credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf Sci 321:263–277. doi:10.1016/j.ins.2015.02.010

    Article  Google Scholar 

  17. He D, Wang D (2015) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823. doi:10.1109/JSYST.2014.2301517

    Article  Google Scholar 

  18. Hsu CL, Chuang YH, Kuo Cl (2015) A novel remote user authentication scheme from bilinear pairings via internet. Wirel Pers Commun: 1–12

  19. Irshad A, Sher M, Chaudhary SA, Naqvi H, Farash MS (2016) An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre. J Supercomput 72(4):1623–1644

    Article  Google Scholar 

  20. Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ashraf Ch S (2014) A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Sec Comm Networks 7(8):1210–1218

    Article  Google Scholar 

  21. Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2015) A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl 74(11):3967–3984

    Article  Google Scholar 

  22. Jiang Q, Ma J, Lu X, Tian Y (2014) Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J Med Syst 38(2):1–8

    Article  Google Scholar 

  23. Kalra S, Sood S (2013) Advanced remote user authentication protocol for multi-server architecture based on ECC. J Inform Sec Appl 18(2):98–107

    Google Scholar 

  24. Kilinc HH, Yanik T (2014) A survey of SIP authentication and key agreement schemes. Commun Surv Tutor, IEEE 16(2):1005–1023

    Article  Google Scholar 

  25. Kim H, Jeon W, Lee K, Lee Y, Won D (2012) Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme. Comput Sci Its Appl–ICCSA 2012, 391–406: Springer

  26. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:203–209

    Article  MathSciNet  MATH  Google Scholar 

  27. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Adv Cryptol CRYPTO 99, Lect Notes Comput Sci 1666:388–397

    Article  MATH  Google Scholar 

  28. Lee TF, Chang IP, Lin TH, Wang CC (2013) A secure and efficient password-based user authentication scheme using smart cards for the integrated epr information system. J Med Syst 37(3):1–7

    Google Scholar 

  29. Lee CC, Hsu CW, Lai YM, Vasilakos A (2013) An enhanced mobile-healthcare emergency system based on extended chaotic maps. J Med Syst 37(5):1–12

    Article  Google Scholar 

  30. Li CT, Lee CC, Weng CY (2014) A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J Med Syst 38(9):1–11

    Article  Google Scholar 

  31. Li X, Ma J, Wang W, Xiong Y, Zhang J (2013) A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Math Comput Model 58(1):85–95

    Article  Google Scholar 

  32. Li X, Niu J, Khan MK, Liao J (2013) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36(5):1365–1371

    Article  Google Scholar 

  33. Li X, Niu JW, Ma J, Wang WD, Liu CL (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 34(1):73–79

    Article  Google Scholar 

  34. Li X, Xiong Y, Ma J, Wang W (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769

    Article  Google Scholar 

  35. Liao X, Shu C (2015) Reversible data hiding in encrypted images based on absolute mean difference of multiple neighboring pixels. J Vis Commun Image Represent 28(4):21–27

    Article  Google Scholar 

  36. Lin HY (2013) On the security of a dynamic id-based authentication scheme for telecare medical information systems. J Med Syst 37(2):9929. doi:10.1007/s10916-013-9929-4

    Article  Google Scholar 

  37. Lin HY (2014) Chaotic map based mobile dynamic id authenticated key agreement scheme. Wirel Pers Commun 78(2):1487–1494

    Article  Google Scholar 

  38. Lin I, Hwang M, Li L (2003) A new remote user authentication scheme for multi-server architecture. Futur Gener Comput Syst 19(1):13–22

    Article  MATH  Google Scholar 

  39. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  40. Miller V (1986) Uses of elliptic curves in cryptography. Adv Cryptol CRYPTO’85 Lecture Notes Comput Sci 218:417–426, Springer-Verlag

    Article  MathSciNet  Google Scholar 

  41. Mishra D (2015) Design of a password-based authenticated key exchange protocol for SIP. Multimed Tools Appl: 1–22

  42. Mishra D, Mukhopadhyay S, Chaturvedi A, Kumari S, Khan MK (2014) Cryptanalysis and improvement of Yan et al’.s biometric-based authentication scheme for telecare medicine information systems. J Med Syst 38(6):1–12

    Article  Google Scholar 

  43. Mishra D, Srinivas J, Mukhopadhyay S (2014) A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J Med Syst 38(10):1–10

    Article  Google Scholar 

  44. Odelu V, Das AK, Goswami A (2014) Cryptanalysis on robust biometrics-based authentication scheme for multiserver environment. Tech. rep., Cryptology ePrint Archive, eprint. iacr.org/2014/715.pdf

  45. Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. Inform Forensics Sec, IEEE Trans 10(9):1953–1966

    Article  Google Scholar 

  46. Ren Y, Shen J, Wang J, Han J, Lee S (2015) Mutual verifiable provable data auditing in public cloud storage. J Internet Technol 16(2):317–323

    Google Scholar 

  47. Shen H, Gao C, He D, Wu L (2015) New biometrics-based authentication scheme for multi-server environment in critical systems. J Ambient Intell Humaniz Comput 6(6):825–834

    Article  Google Scholar 

  48. Tan Z (2013) An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3):200–204

    Google Scholar 

  49. Wang Z, Huo Z, Shi W (2015) A dynamic identity based authentication scheme using chaotic maps for telecare medicine information systems. J Med Syst 39(1):1–8

    Google Scholar 

  50. Wang D, Ping W (2014) Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw 20:1–15

    Article  Google Scholar 

  51. Wei J, Hu X, Liu W (2012) An improved authentication scheme for telecare medicine information systems. J Med Syst 36(6):3597–3604

    Article  Google Scholar 

  52. Wu ZY, Lee YC, Lai F, Lee HC, Chung Y (2012) A secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1529–1535

    Article  Google Scholar 

  53. Xia Z, Wang X, Sun X, Wang Q (2015) A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data. IEEE Trans Parallel Distrib Syst 27(2):340–352

    Article  Google Scholar 

  54. Xie Q, Liu W, Wang S, Han L, Hu B, Wu T (2014) Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care. J Med Syst 38(9):1–10

    Article  Google Scholar 

  55. Xie Q, Zhang J, Dong N (2013) Robust anonymous authentication scheme for telecare medical information systems. J Med Syst 37(2):1–8

    Article  Google Scholar 

  56. Xu L, Wu F (2015) Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J Med Syst 39(2):1–9

    Article  Google Scholar 

  57. Yan X, Li W, Li P, Wang J, Hao X, Gong P (2013) A secure biometrics-based authentication scheme for telecare medicine information systems. J Med Syst 37(5):9972. doi:10.1007/s10916-013-9972-1

    Article  Google Scholar 

  58. Yoon EJ, Yoo KY (2013) Robust biometrics-based multiserver authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J Supercomput 63(1):235–255

    Article  Google Scholar 

  59. Zhu Z (2012) An efficient authentication scheme for telecare medicine information systems. J Med Syst 36(6):3833–3838. doi:10.1007/s10916-012-9856-9

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan

    Azeem Irshad, Muhammad Sher, Shehzad Ashraf Chaudhry & Imran Khan

  2. Blekinge Institute of Technology Sweden, Valhallavägen, Sweden

    Omer Nawaz

  3. Chaudhary Charan Singh University, Meerut, 250004, Uttar Pradesh, India

    Saru Kumari

Authors
  1. Azeem Irshad
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Muhammad Sher
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Omer Nawaz
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Imran Khan
    View author publications

    You can also search for this author inPubMed Google Scholar

  6. Saru Kumari
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Azeem Irshad.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Irshad, A., Sher, M., Nawaz, O. et al. A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme. Multimed Tools Appl 76, 16463–16489 (2017). https://doi.org/10.1007/s11042-016-3921-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-016-3921-1

Keywords