Skip to main content
SpringerLink
Log in

A multi-server biometric authentication scheme based on extended chaotic map for telecare medical information system

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Telemedicine Information System (TMIS) is a platform for data communication and exchange between patients and medical servers via the Internet. Recently, Lee et al. proposed a ticket-based multi-server biometric authentication scheme using extended chaotic maps for TMIS, which enables legal participants to directly perform authentication and communication, and can effectively avoid the problem of third-party bandwidth overload. In this paper, we analyze this scheme and point out that it is vulnerable to offline password guessing attack and known session-specific temporary information attack. Besides, its scheme does not provide the user revocation function when the smart card is lost/stolen or the user’s identity authentication information is leaked, which also makes it insecure against other attacks such as impersonation attack. Meanwhile, this scheme does not provide the server to re-register with the same identity when the server’s private key is leaked. To this end, we pertinently propose a multi-server biometric authentication scheme based on extended chaotic mapping and fuzzy verification factor applied to TMIS, which further provides user revocation and re-registration functions. On the one hand, we employ the Burrows–Abadi–Needham logic to prove that the user and server can securely achieve mutual authentication by this proposed scheme. On the other hand, we employ informal analysis to prove that our scheme can also resist various known attacks. Overall, it has high security along with low computational cost, low communication cost, and a diversified of security features and thus more suitable for TMIS.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. A NMRL, A LZ, Chang XA, A KS, C XLB, A CZ (2019) Suaa: a secure user authentication scheme with anonymity for the single & multi-server environments. Inf Ences 477:369–385

    Google Scholar 

  2. Abdalla M, Fouque PA, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. Proc of Pkc 153(1):27–39

    MATH  Google Scholar 

  3. Abdulla, Anwer A (2015) Exploiting similarities between secret and cover images for improved embedding efficiency and security in digital steganography

  4. Abdulla AA, Sellahewa H, Jassim SA (2014) Stego quality enhancement by message size reduction and fibonacci bit-plane mapping. Int Conf Res Secur Standardisation:151–166

  5. Amin R (2016) Cryptanalysis and efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. Int J Netw Secur 18(1):172–181

    Google Scholar 

  6. An Y (2012) Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. J Biomed Biotechnol 2012(519):723

    Google Scholar 

  7. Bellare M, Canetti R, Krawczyk H (1998) A modular approach to the design and analysis of authentication and key exchange protocols. In: Proceedings of the thirtieth annual ACM symposium on the theory of computing, Dallas, Texas, USA, May 23-26, 1998

  8. BELLOVIN SM (1992) Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the IEEE symposium on security & privacy

  9. Brickell E, Li J (2012) Enhanced privacy id: a direct anonymous attestation scheme with enhanced revocation capabilities. IEEE Trans Dependable Secure Comput 9(3):345–360. https://doi.org/10.1109/TDSC.2011.63https://doi.org/10.1109/TDSC.2011.63

    Article  Google Scholar 

  10. Burrows M, Abadi M, Needham RM (1989) R.m.: a logic of authentication. Proc Royal Soc Math Phys Eng Sci 426(1871):1–13

    MathSciNet  MATH  Google Scholar 

  11. Byun JW, Jeong IR, Lee DH, Park CS (2002) Password-authenticated key exchange between clients with different passwords. In: International conference on information & communications security

  12. Chatterjee S, Roy S, Das AK, Chattopadhyay S, Vasilakos AV (2016) Secure biometric-based authentication scheme using chebyshev chaotic map for multi-server environment. IEEE Trans Dependable Secure Comput PP (99):1–1

    Google Scholar 

  13. Cheng T, Chang C, Lo Y (2017) Smart card–based password authenticated key agreement protocol using chaotic maps. Int J Commun Syst 30(12)

  14. Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. pp 523–540

  15. Dolev D, Yao CC (1981) On the security of public key protocols. In: Symposium on foundations of computer science

  16. Duchêne J, Le Guernic C, Alata E, Nicomette V, Kaaniche M (2017) State of the art of network protocol reverse engineering tools. J Comput Virology Hacking Techn 14:53–68

    Article  Google Scholar 

  17. FIPS (1995) Secure hash standard. National Institutes of Standards & Technology

  18. Halevi S, Krawczyk H (1999) Public-key cryptography and password protocols. ACM Trans Inform Syst Secur 2(3):230–268

    Article  Google Scholar 

  19. He D, Chen J, Zhang R (2012) A more secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1989–1995

    Article  Google Scholar 

  20. He D, Kumar N, Lee JH, Sherratt RS (2014) Enhanced three-factor security protocol for consumer usb mass storage devices. IEEE Trans Consum Electron 60(1):30–37

    Article  Google Scholar 

  21. Huang X, Xiang Y, Chonka A, Zhou J, Deng RH (2011) A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans Parallel & Distrib Syst 22(8):1390–1397

    Article  Google Scholar 

  22. Huh JH, Kim TJ (2018) A location-based mobile health care facility search system for senior citizens. J Supercomput 75:1831–1848

    Article  Google Scholar 

  23. Irshad A, Chaudhry SA, Xie Q, Li X, Farash MS, Kumari S, Wu F (2018) An enhanced and provably secure chaotic map-based authenticated key agreement in multi-server architecture. Arab J Sci Eng 43(2):811–828

    Article  Google Scholar 

  24. Irshad A, Sher M, Chaudhary SA, Naqvi H, Farash MS (2016) An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging registration centre. J Supercomput 72(4):1–22

    Article  Google Scholar 

  25. Jangirala S, Das AK, Wazid M, Vasilakos AV (2020) Designing secure user authentication protocol for big data collection in iot-based intelligent transportation system. IEEE Int Thing J PP(99):1–1

    Google Scholar 

  26. Katz J, Ostrovsky R, Yung M (2010) Efficient and secure authenticated key exchange using weak passwords, vol 57

  27. Khan MK, Kumari S (2013) An improved biometrics-based remote user authentication scheme with user anonymity. BioMed Res Int,2013,(2013-11-21) 2013(5) 491:289

    Google Scholar 

  28. Kocarev, Ljupco, Lian, Shiguo (2011) Chaos-based cryptography: theory, algorithms and applications. Springer, Berlin

    Book  MATH  Google Scholar 

  29. Lee T-F (2015) Enhancing the security of password authenticated key agreement protocols based on chaotic maps. Inf Sci 290:63–71

    Article  MATH  Google Scholar 

  30. Lee TF, Diao YY, Hsieh YP (2019) A ticket-based multi-server biometric authentication scheme using extended chaotic maps for telecare medical information systems. Multimed Tools Appl 78(22):31,649–31,672

    Article  Google Scholar 

  31. Li X, Niu J, Kumari S, Islam SH, Wu F, Khan MK, Das AK (2016) A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wirel Pers Commun 89 (2):569–597

    Article  Google Scholar 

  32. Li X, Wu F, Khan MK, Xu L, Shen J, Jo M (2017) A secure chaotic map-based remote authentication scheme for telecare medicine information systems. Futur Gener Comput Syst 84:149–159

    Article  Google Scholar 

  33. Lin C, He D, Kumar N, Huang X, Vijayakumar P, Choo K (2020) Homechain: a blockchain-based secure mutual authentication system for smart homes. IEEE Int Thing J

  34. Mandal S, Bera B, Sutrala AK, Das AK, Park Y (2020) Certificateless signcryption-based three-factor user access control scheme for iot environment. IEEE Int Thing J PP(99):1–1

    Google Scholar 

  35. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  MATH  Google Scholar 

  36. Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans on Inform Forensic Secur 10(9):1–1

    Article  Google Scholar 

  37. Pfitzmann (2001) Birgit: lecture notes in computer science advances in cryptology — eurocrypt 2001 volume 2045 —— analysis of key-exchange protocols and their use for building secure channels. https://doi.org/10.1007/3-540-44987-6 (chapter 28), 453–474

  38. Shin S, Kwon T (2019) A lightweight three-factor authentication and key agreement scheme in wireless sensor networks for smart homes. Sensors 19(9):2012–

  39. Shuming Q, Guoai X, Haseeb A, Licheng W (2017) A robust mutual authentication scheme based on elliptic curve cryptography for telecare medical information systems. IEEE Access 6:7452–7463. https://doi.org/10.1109/ACCESS.2017.2780124

    Google Scholar 

  40. Srinivas J, Das AK, Member IEEE, Kumar N 1 Cloud centric authentication for wearable 2 healthcare monitoring system

  41. Sutrala AK, Bagga P, Das AK, Kumar N, Lorenz P (2020) On the design of conditional privacy preserving batch verification-based authentication scheme for internet of vehicles deployment. IEEE Transactions on Vehicular Technology PP (99):1–1

    Google Scholar 

  42. Veyrat-Charvillon N, Standaert FX (2011) Generic side-channel distinguishers: improvements and limitations. In: Conference on advances in cryptology

  43. Wang D, He D, Wang P, Chu CH (2015) Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Trans Dependable Secure Comput 12(4):428–442

    Article  Google Scholar 

  44. Wang D, Wang P (2016) On the implications of zipf’s law in passwords. Springer, Berlin

    Book  Google Scholar 

  45. Wang D, Zhang Z, Wang P, Yan J, Huang X (2016) Targeted online password guessing: an underestimated threat. In: ACM CCS 2016

  46. Wang F, Xu G, Wang C, Peng J (2019) A provably secure biometrics-based authentication scheme for multiserver environment. Secur Commun Netw 2019(4):1–15

    Google Scholar 

  47. Wang X, Zhao J (2010) An improved key agreement protocol based on chaos. Commun Nonlinear ence Numer Simul 15(12):4052–4057

    Article  MathSciNet  MATH  Google Scholar 

  48. Wei J, Hu X, Liu W (2012) An improved authentication scheme for telecare medicine information systems. J Med Syst 36(6):3597–3604

    Article  Google Scholar 

  49. Wen F, Susilo W, Yang G (2015) Analysis and improvement on a biometric-based remote user authentication scheme using smart cards. Wirel Pers Commun 80:1747–1760

    Article  Google Scholar 

  50. Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for sip using ecc. Comput Standard Inter 31 (2):286–291

    Article  Google Scholar 

  51. Wu ZY, Lee YC, Lai F, Lee HC, Chung Y (2012) A secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1529–1535

    Article  Google Scholar 

  52. Xiaoliang W, Bai L, Yang Q, Wang L, Jiang F (2019) A dual privacy-preservation scheme for cloud-based ehealth systems. J Inform Secur Appl 47:132–138

    Google Scholar 

  53. Xiong L, Niu J, Khan MK, Liao J (2013) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36 (5):1365–1371

    Article  Google Scholar 

  54. Xu J, Zhu WT, Feng DG (2009) An improved smart card based password authentication scheme with provable security. Comput Standard Inter 31 (4):723–728

    Article  Google Scholar 

  55. Yoon EJ, Jeon IS (2011) An efficient and secure diffie–hellman key agreement protocol based on chebyshev chaotic map. Commun Nonlinear ence Numer Simul 16(6):2383–2389

    Article  MathSciNet  MATH  Google Scholar 

  56. Zhang L (2008) Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos Solitons Fractals 37(3):669–674

    Article  MathSciNet  MATH  Google Scholar 

  57. Zhu Z (2012) An efficient authentication scheme for telecare medicine information systems. J Med Syst 36(6):3833–3838

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics (NUAA), Nanjing, 210016, China

    Xiao-Ying Zhai & Jian Wang

Authors
  1. Xiao-Ying Zhai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jian Wang.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhai, XY., Wang, J. A multi-server biometric authentication scheme based on extended chaotic map for telecare medical information system. Multimed Tools Appl 81, 40159–40179 (2022). https://doi.org/10.1007/s11042-022-13177-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-022-13177-4

Keywords

Search

Navigation