Skip to main content
SpringerLink
Log in

An anonymous and provably secure biometric-based authentication scheme using chaotic maps for accessing medical drop box data

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Telecare medicine information systems (TMISs) provides a platform to the participating medical entities to share medical data over an insecure public channel. Medical drop box (MDB) is used for the said purpose, where electronic health record (EHR) is maintained for national health information exchange (NHIX). EHR is a crucial part of MDB. Therefore, the main challenge in NHIX is to restrict MDB access to only the authenticated entities. Very Recently, Moon et al. introduced a biometrics-based authentication scheme using chaotic maps for TMISs. The authors claimed that their scheme is efficient and robust in terms of its usage and implementation. However, this paper unveils that due to storage of verifier table on server, their scheme is having scalability and efficiency issues. Furthermore, the use of the same parameters \(\mathrm{IM}_1\) and \(\mathrm{IM}_2\) during different login requests makes the scheme traceable. Therefore, an improved scheme using chaotic maps has been proposed in this paper, which provides user anonymity and untraceability along with computational efficiency. The security of the proposed scheme is evaluated in detail through the random oracle model. The analysis reveals that the proposed scheme is robust and secure against the known attacks. Moreover, analysis is further verified through popular automated tool ProVerif.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Abadi M, Blanchet B, Comon-Lundh H (2009) Models and proofs of protocol security: a progress report. In: Computer aided verification. Springer, New York, pp 35–49

  2. Alizadeh M, Abolfazli S, Zamani M, Baharun S, Sakurai K (2016) Authentication in mobile cloud computing: a survey. J Netw Comput Appl 61:59–80

    Article  Google Scholar 

  3. Alizadeh M, Baharun S, Zamani M, Khodadadi T, Darvishi M, Gholizadeh S, Ahmadi H (2015) Anonymity and untraceability assessment of authentication protocols in proxy mobile ipv6. J Teknol 72(5)

  4. Alizadeh M, Zamani M, Baharun S, Hassan WH, Khodadadi T (2015) Security and privacy criteria to evaluate authentication mechanisms in proxy mobile ipv6. J Teknol 72(5)

  5. Alizadeh M, Zamani M, Baharun S, Manaf AA, Sakurai K, Anada H, Keshavarz H, Chaudhry SA, Khan MK (2015) Cryptanalysis and improvement of a secure password authentication mechanism for seamless handover in proxy mobile ipv6 networks. PloS One 10(11):e0142,716

    Article  Google Scholar 

  6. Cao X, Zhong S (2006) Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun Lett 10(8):580–581. doi:10.1109/LCOMM.2006.1665116

    Article  Google Scholar 

  7. Chaudhry SA, Farash M, Naqvi H, Sher M (2015) A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron Commer Res 1–27. doi:10.1007/s10660-015-9192-5

  8. Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan M (2015) An improved and provably secure privacy preserving authentication protocol for sip. Peer-to-Peer Netw Appl. doi:10.1007/s12083-015-0400-9

  9. Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208. doi:10.1109/TIT.1983.1056650

    Article  MathSciNet  MATH  Google Scholar 

  10. Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani M (2008) On the power of power analysis in the real world: a complete break of the keeloq code hopping scheme. In: Wagner D (ed) Advances in cryptology, CRYPTO 2008. Lecture notes in computer science, vol 5157, pp 203–220. Springer, Berlin. doi:10.1007/978-3-540-85174-5_12

  11. Gao B, Shi Y, Yang C, Li L, Wang L, Yang Y (2014) Stp-lwe: a variant of learning with error for a flexible encryption. In: Mathematical problems in engineering

  12. Guo C, Chang CC (2013) Chaotic maps-based password-authenticated key agreement using smart cards. Commun Nonlinear Sci Numer Simul 18(6):1433–1440

    Article  MathSciNet  MATH  Google Scholar 

  13. He D, Kumar N, Shen H, Lee JH (2015) One-to-many authentication for access control in mobile pay-tv systems. Sci China Inf Sci 1–14. doi:10.1007/s11432-015-5469-5

  14. He D, Zeadally S, Kumar N, Lee JH (2016) Anonymous authentication for wireless body area networks with provable security. IEEE Syst J 99:1–12. doi:10.1109/JSYST.2016.2544805

  15. He D, Zeadally S, Wu L (2015) Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst J 99:1–10. doi:10.1109/JSYST.2015.2428620

  16. Huang HC, Fang WC, Lai WH (2012) Secure medical information exchange with reversible data hiding. In: 2012 IEEE International Symposium on Circuits and Systems (ISCAS), pp 1424–1427

  17. Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ch SA (2013) A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Security Comm Networks 7:1210–1218. doi:10.1002/sec.834

  18. Jiang Q, Ma J, Lu X, Tian Y (2014) Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J Med Syst 38(2):1–8

    Article  Google Scholar 

  19. Kumari S, Chaudhry SA, Wu F, Li X, Farash MS, Khan MK (2015) An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl 1–15. doi:10.1007/s12083-015-0409-0

  20. Li CT, Lee CC, Weng CY (2014) A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J Med Syst 38(9):1–11

    Article  Google Scholar 

  21. Lin HY (2015) Improved chaotic maps-based password-authenticated key agreement using smart cards. Commun Nonlinear Sci Numer Simul 20(2):482–488

    Article  MATH  Google Scholar 

  22. Lu Y, Li L, Peng H, Xie D, Yang Y (2015) Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 39(6):1–10

    Article  Google Scholar 

  23. Maro JC, Platt R, Holmes JH, Strom BL, Hennessy S, Lazarus R, Brown JS (2009) Design of a national distributed health data network. Ann Intern Med 151(5):341–344

    Article  Google Scholar 

  24. Mir O, Nikooghadam M (2015) A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wirel Pers Commun 83(4):2439–2461

  25. Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143

    Article  Google Scholar 

  26. Moon J, Choi Y, Kim J, Won D (2016) An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 40(3):1–11. doi:10.1007/s10916-015-0422-0

    Article  Google Scholar 

  27. Mostashari F, Tripathi M, Kendall M (2009) A tale of two large community electronic health record extension projects. Health Affairs 28(2):345–356

    Article  Google Scholar 

  28. Niu Y, Wang X (2011) An anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Numer Simul 16(4):1986–1992

    Article  MathSciNet  MATH  Google Scholar 

  29. Özkaynak F, Yavuz S (2013) Designing chaotic s-boxes based on time-delay chaotic system. Nonlinear Dyn 74(3):551–557

    Article  MathSciNet  MATH  Google Scholar 

  30. People H (2013) Conclusion and future directions: CDC health disparities and inequalities report—United States, 2013. In: CDC Health Disparities and Inequalities Report—United States, 2013, vol 62(3), p 184

  31. Privacy N (2008) Security framework for electronic exchange of individually identifiable health information. Office of the National Coordinator for Health Information Technology, US Department of Health and Human Services, p 15

  32. Qazi MS, Ali M (2009) Pakistan’s health management information system: health managers’ perspectives. J Pak Med Assoc (JPMA) 59(1):10

    Google Scholar 

  33. Sinha PK, Sunder G, Bendale P, Mantri M, Dande A (2012) Electronic health record: standards, coding systems, frameworks, and infrastructures. Wiley, New York

    Book  Google Scholar 

  34. Ts Z, Chu J, Araki K, Yoshihara H (2014) Design and development of an international clinical data exchange system: the international layer function of the dolphin project. pubmed commons. J Am Med Inf Assoc 18(5):683–689

    Google Scholar 

  35. Tseng HR, Jan RH, Yang W (2009) A chaotic maps-based key agreement protocol that preserves user anonymity. In IEEE International Conference on Communications, 2009, ICC’09, pp 1–6

  36. Vest JR (2012) Health information exchange: national and international approaches. Adv Health Care Manag 12:3–24

    Article  Google Scholar 

  37. Wei J, Hu X, Liu W (2012) An improved authentication scheme for telecare medicine information systems. J Med Syst 36(6):3597–3604

    Article  Google Scholar 

  38. West DM, Friedman A (2012) Health information exchanges and megachange. In: Governance studies at Brookings

  39. Xiao D, Liao X, Wong K (2005) An efficient entire chaos-based scheme for deniable authentication. Chaos Solitons Fractals 23(4):1327–1331

    Article  MATH  Google Scholar 

  40. Xie Q, Hu B, Dong N, Wong DS (2014) Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems. PloS One 9(7):e102,747

    Article  Google Scholar 

  41. Xue K, Hong P (2012) Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Numer Simul 17(7):2969–2977

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgments

The authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding for this Prolific Research Group (PRG-1436-16).

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan

    Imran Khan, Shehzad Ashraf Chaudhry & Muhammad Sher

  2. Department of Computer Science, Kent State University, Kent, OH, USA

    Javed I. Khan

  3. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

Authors
  1. Imran Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muhammad Sher
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Javed I. Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shehzad Ashraf Chaudhry.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Khan, I., Chaudhry, S.A., Sher, M. et al. An anonymous and provably secure biometric-based authentication scheme using chaotic maps for accessing medical drop box data. J Supercomput 74, 3685–3703 (2018). https://doi.org/10.1007/s11227-016-1886-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-016-1886-5

Keywords

Search

Navigation