Abstract
Telemedicine Information System (TMIS) is a platform for data communication and exchange between patients and medical servers via the Internet. Recently, Lee et al. proposed a ticket-based multi-server biometric authentication scheme using extended chaotic maps for TMIS, which enables legal participants to directly perform authentication and communication, and can effectively avoid the problem of third-party bandwidth overload. In this paper, we analyze this scheme and point out that it is vulnerable to offline password guessing attack and known session-specific temporary information attack. Besides, its scheme does not provide the user revocation function when the smart card is lost/stolen or the user’s identity authentication information is leaked, which also makes it insecure against other attacks such as impersonation attack. Meanwhile, this scheme does not provide the server to re-register with the same identity when the server’s private key is leaked. To this end, we pertinently propose a multi-server biometric authentication scheme based on extended chaotic mapping and fuzzy verification factor applied to TMIS, which further provides user revocation and re-registration functions. On the one hand, we employ the Burrows–Abadi–Needham logic to prove that the user and server can securely achieve mutual authentication by this proposed scheme. On the other hand, we employ informal analysis to prove that our scheme can also resist various known attacks. Overall, it has high security along with low computational cost, low communication cost, and a diversified of security features and thus more suitable for TMIS.
Similar content being viewed by others
References
A NMRL, A LZ, Chang XA, A KS, C XLB, A CZ (2019) Suaa: a secure user authentication scheme with anonymity for the single & multi-server environments. Inf Ences 477:369–385
Abdalla M, Fouque PA, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. Proc of Pkc 153(1):27–39
Abdulla, Anwer A (2015) Exploiting similarities between secret and cover images for improved embedding efficiency and security in digital steganography
Abdulla AA, Sellahewa H, Jassim SA (2014) Stego quality enhancement by message size reduction and fibonacci bit-plane mapping. Int Conf Res Secur Standardisation:151–166
Amin R (2016) Cryptanalysis and efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. Int J Netw Secur 18(1):172–181
An Y (2012) Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. J Biomed Biotechnol 2012(519):723
Bellare M, Canetti R, Krawczyk H (1998) A modular approach to the design and analysis of authentication and key exchange protocols. In: Proceedings of the thirtieth annual ACM symposium on the theory of computing, Dallas, Texas, USA, May 23-26, 1998
BELLOVIN SM (1992) Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the IEEE symposium on security & privacy
Brickell E, Li J (2012) Enhanced privacy id: a direct anonymous attestation scheme with enhanced revocation capabilities. IEEE Trans Dependable Secure Comput 9(3):345–360. https://doi.org/10.1109/TDSC.2011.63https://doi.org/10.1109/TDSC.2011.63
Burrows M, Abadi M, Needham RM (1989) R.m.: a logic of authentication. Proc Royal Soc Math Phys Eng Sci 426(1871):1–13
Byun JW, Jeong IR, Lee DH, Park CS (2002) Password-authenticated key exchange between clients with different passwords. In: International conference on information & communications security
Chatterjee S, Roy S, Das AK, Chattopadhyay S, Vasilakos AV (2016) Secure biometric-based authentication scheme using chebyshev chaotic map for multi-server environment. IEEE Trans Dependable Secure Comput PP (99):1–1
Cheng T, Chang C, Lo Y (2017) Smart card–based password authenticated key agreement protocol using chaotic maps. Int J Commun Syst 30(12)
Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. pp 523–540
Dolev D, Yao CC (1981) On the security of public key protocols. In: Symposium on foundations of computer science
Duchêne J, Le Guernic C, Alata E, Nicomette V, Kaaniche M (2017) State of the art of network protocol reverse engineering tools. J Comput Virology Hacking Techn 14:53–68
FIPS (1995) Secure hash standard. National Institutes of Standards & Technology
Halevi S, Krawczyk H (1999) Public-key cryptography and password protocols. ACM Trans Inform Syst Secur 2(3):230–268
He D, Chen J, Zhang R (2012) A more secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1989–1995
He D, Kumar N, Lee JH, Sherratt RS (2014) Enhanced three-factor security protocol for consumer usb mass storage devices. IEEE Trans Consum Electron 60(1):30–37
Huang X, Xiang Y, Chonka A, Zhou J, Deng RH (2011) A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans Parallel & Distrib Syst 22(8):1390–1397
Huh JH, Kim TJ (2018) A location-based mobile health care facility search system for senior citizens. J Supercomput 75:1831–1848
Irshad A, Chaudhry SA, Xie Q, Li X, Farash MS, Kumari S, Wu F (2018) An enhanced and provably secure chaotic map-based authenticated key agreement in multi-server architecture. Arab J Sci Eng 43(2):811–828
Irshad A, Sher M, Chaudhary SA, Naqvi H, Farash MS (2016) An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging registration centre. J Supercomput 72(4):1–22
Jangirala S, Das AK, Wazid M, Vasilakos AV (2020) Designing secure user authentication protocol for big data collection in iot-based intelligent transportation system. IEEE Int Thing J PP(99):1–1
Katz J, Ostrovsky R, Yung M (2010) Efficient and secure authenticated key exchange using weak passwords, vol 57
Khan MK, Kumari S (2013) An improved biometrics-based remote user authentication scheme with user anonymity. BioMed Res Int,2013,(2013-11-21) 2013(5) 491:289
Kocarev, Ljupco, Lian, Shiguo (2011) Chaos-based cryptography: theory, algorithms and applications. Springer, Berlin
Lee T-F (2015) Enhancing the security of password authenticated key agreement protocols based on chaotic maps. Inf Sci 290:63–71
Lee TF, Diao YY, Hsieh YP (2019) A ticket-based multi-server biometric authentication scheme using extended chaotic maps for telecare medical information systems. Multimed Tools Appl 78(22):31,649–31,672
Li X, Niu J, Kumari S, Islam SH, Wu F, Khan MK, Das AK (2016) A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wirel Pers Commun 89 (2):569–597
Li X, Wu F, Khan MK, Xu L, Shen J, Jo M (2017) A secure chaotic map-based remote authentication scheme for telecare medicine information systems. Futur Gener Comput Syst 84:149–159
Lin C, He D, Kumar N, Huang X, Vijayakumar P, Choo K (2020) Homechain: a blockchain-based secure mutual authentication system for smart homes. IEEE Int Thing J
Mandal S, Bera B, Sutrala AK, Das AK, Park Y (2020) Certificateless signcryption-based three-factor user access control scheme for iot environment. IEEE Int Thing J PP(99):1–1
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans on Inform Forensic Secur 10(9):1–1
Pfitzmann (2001) Birgit: lecture notes in computer science advances in cryptology — eurocrypt 2001 volume 2045 —— analysis of key-exchange protocols and their use for building secure channels. https://doi.org/10.1007/3-540-44987-6 (chapter 28), 453–474
Shin S, Kwon T (2019) A lightweight three-factor authentication and key agreement scheme in wireless sensor networks for smart homes. Sensors 19(9):2012–
Shuming Q, Guoai X, Haseeb A, Licheng W (2017) A robust mutual authentication scheme based on elliptic curve cryptography for telecare medical information systems. IEEE Access 6:7452–7463. https://doi.org/10.1109/ACCESS.2017.2780124
Srinivas J, Das AK, Member IEEE, Kumar N 1 Cloud centric authentication for wearable 2 healthcare monitoring system
Sutrala AK, Bagga P, Das AK, Kumar N, Lorenz P (2020) On the design of conditional privacy preserving batch verification-based authentication scheme for internet of vehicles deployment. IEEE Transactions on Vehicular Technology PP (99):1–1
Veyrat-Charvillon N, Standaert FX (2011) Generic side-channel distinguishers: improvements and limitations. In: Conference on advances in cryptology
Wang D, He D, Wang P, Chu CH (2015) Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Trans Dependable Secure Comput 12(4):428–442
Wang D, Wang P (2016) On the implications of zipf’s law in passwords. Springer, Berlin
Wang D, Zhang Z, Wang P, Yan J, Huang X (2016) Targeted online password guessing: an underestimated threat. In: ACM CCS 2016
Wang F, Xu G, Wang C, Peng J (2019) A provably secure biometrics-based authentication scheme for multiserver environment. Secur Commun Netw 2019(4):1–15
Wang X, Zhao J (2010) An improved key agreement protocol based on chaos. Commun Nonlinear ence Numer Simul 15(12):4052–4057
Wei J, Hu X, Liu W (2012) An improved authentication scheme for telecare medicine information systems. J Med Syst 36(6):3597–3604
Wen F, Susilo W, Yang G (2015) Analysis and improvement on a biometric-based remote user authentication scheme using smart cards. Wirel Pers Commun 80:1747–1760
Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for sip using ecc. Comput Standard Inter 31 (2):286–291
Wu ZY, Lee YC, Lai F, Lee HC, Chung Y (2012) A secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1529–1535
Xiaoliang W, Bai L, Yang Q, Wang L, Jiang F (2019) A dual privacy-preservation scheme for cloud-based ehealth systems. J Inform Secur Appl 47:132–138
Xiong L, Niu J, Khan MK, Liao J (2013) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36 (5):1365–1371
Xu J, Zhu WT, Feng DG (2009) An improved smart card based password authentication scheme with provable security. Comput Standard Inter 31 (4):723–728
Yoon EJ, Jeon IS (2011) An efficient and secure diffie–hellman key agreement protocol based on chebyshev chaotic map. Commun Nonlinear ence Numer Simul 16(6):2383–2389
Zhang L (2008) Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos Solitons Fractals 37(3):669–674
Zhu Z (2012) An efficient authentication scheme for telecare medicine information systems. J Med Syst 36(6):3833–3838
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zhai, XY., Wang, J. A multi-server biometric authentication scheme based on extended chaotic map for telecare medical information system. Multimed Tools Appl 81, 40159–40179 (2022). https://doi.org/10.1007/s11042-022-13177-4
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-022-13177-4