Skip to main content

Advertisement

SpringerLink
Log in

Smart Environment as a Service: Three Factor Cloud Based User Authentication for Telecare Medical Information System

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The Telecare Medical Information System (TMIS) provides a set of different medical services to the patient and medical practitioner. The patients and medical practitioners can easily connect to the services remotely from their own premises. There are several studies carried out to enhance and authenticate smartcard-based remote user authentication protocols for TMIS system. In this article, we propose a set of enhanced and authentic Three Factor (3FA) remote user authentication protocols utilizing a smartphone capability over a dynamic Cloud Computing (CC) environment. A user can access the TMIS services presented in the form of CC services using his smart device e.g. smartphone. Our framework transforms a smartphone to act as a unique and only identity required to access the TMIS system remotely. Methods, Protocols and Authentication techniques are proposed followed by security analysis and a performance analysis with the two recent authentication protocols proposed for the healthcare TMIS system.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Song, M., Kim, S., and Lee, S., Smart card, USPTO, Pat. No: 6050494, April 18, 2000.

  2. Elberg, P., Electronic patient records and innovation in health care services. J. Med. Syst. 64:201–205, 2001.

    Google Scholar 

  3. Leiner, F., Gaus, W., Haux, R., and Knaup, P., Medical data management-a practical guide. Health Inf. Springer, New York 16:204, 2003.

  4. Xiao, C., and Yu. A., Medical Smart Card System for Patient, Science, Technology, and Energy Policy. White Paper Competition, Bears Breaking Boundaries, 2009.

  5. Huang, X., Xiang, Y., Chonka, A., Zhou, J., and Deng, R., A generic framework for three-factor authentication: Preserving security and privacy in distributed systems. Parallel Distrib. Syst. IEEE 22(08):1390–1397, 2011.

    Article  Google Scholar 

  6. Slawomir, G., and Peter, M., Sharing cloud services: User authentication for social enhancement of home networking. Trans. Consum. Electron. IEEE 57:1424–1432, 2011.

    Article  Google Scholar 

  7. Jucheng, Y., Naixure, X., Athanasios, V., Zhijun, F., Dongsun, P., Xianghua, X., Sook, Y., Shanjuan, X., and Yong, Y., A fingerprint recognition scheme based on assembling invariant moments for cloud computing communications. Syst. IEEE 5:574–583, 2011.

    Article  Google Scholar 

  8. Dirk, B., Richard, C., Orl, E., Markus, J., Steve, K., Scott, M., Jesus, M., and Paul, O., The future of authentication. Secur. Priv. IEEE 10:22–27, 2012.

    Article  Google Scholar 

  9. Cong, W., Kui, R., Wenjin, L., and Jin, L., Towards publicly auditable secure cloud data storage services. Networks IEEE 24:19–24, 2010.

    Article  Google Scholar 

  10. Fagen, L., and Khan, M. K., A biometric identity based signcryption scheme. Futur. Gener. Comput. Syst., Elsevier Science, 28:306–310, 2012.

    Google Scholar 

  11. Jun, E., Khan, M. K., and Young, K., New robust protocols for remote user authentication and password change. Innov. Comput. Inf. Control (IJICIC) 7:5583–5603, 2011.

    Google Scholar 

  12. Khan, M. K., Alghathbar, K., and Jiashu, Z., Secure and tokenless privacy-protecting chaotic revocable biometrics authentication scheme. Telecommun. Syst., Springer-Verlag, 47:227–234, 2011.

    Google Scholar 

  13. Sayim, M., and Khan, M. K., Authentication fingerprint statistically. Imaging Sci. (UK) 60:165–171, 2012.

    Article  Google Scholar 

  14. Sayim, M., Imran, M., and Khan, M. K., Fingerprint classification using PCA, LDA, L-LDA and BPN. Information 14:3313–3324, 2011.

    Google Scholar 

  15. Rhee, M. Y., Message Authentication Code, and Data Expansion Function, in Mobile Communication Systems and Security. John Wiley & Sons, Ltd, Chichester, UK. doi:10.1002/9780470823392.ch10.

  16. Siddiqui, Z., Abdullah, A., Khan, M. K., Qualified Analysis B/w ESB(s) using Analytical Hierarchy Process (AHP) Method. Second International Conference on Intelligent Systems, Modelling and Simulation (ISMS’11), Kuala Lumpur Malaysia, ISBN 978-1-4244-9809-3, 100–104:2011.

  17. Ghamdi, A., Siddiqui, Z., and Quadri, S., A Common Information Exchange Model for Multiple C4I Architectures. 12th International Conference on Computer Modelling and Simulation (UKSIM’10), UK, ISBN 978-1-4244-6614-6, 538–542, 2010.

  18. Ghamdi, A., Siddiqui, Z., Common Information Framework b/w/Defense Architectures, A Wen Semantics Approach. 16th Internationa Conference on Distributed Multimedia Systems, USA, ISSN 2326-3261, 14–16, 2010.

  19. Siddiqui, Z., Abdullah, A., Khan, M. K., and Alghathbar, K., Analysis of enterprise service buses on information security, interoperability and high-availability using Analytical Hierarchy Process (AHP). Phys. Sci. 6:35–42, 2011.

    Google Scholar 

  20. Siddiqui, Z., Abdullah, A., and Khan, M. K., Qualified Analysis b/w ESB(s) using Analytical Hierarchy Process (AHP) Method. International Conference on Intelligent Systems, Modelling and Simulation (ISMS’11), Malaysia, ISBN 978-1-4244-9809-3, 100–104, 2011.

  21. Siddiqui, Z., Abdullah, A., Khan, M. K., and Ghamdi, A., Node Level Information Security in Common Information Exchange Model (CIEM). Science International, ISSN 1013-5316, 21:221–230, 2010.

  22. Dunlop, L., Electronic health records: Interoperability challenges and patient’s right for privacy. Comput. Technol. Shidler J. 3:34–49, 2007.

    Google Scholar 

  23. Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37, 2012.

  24. Kumari, S., and Khan, M. K., Cryptanalysis and improvement of a robust smart-card-based remote user authentication scheme. doi:10.1002/dac.2590, 2013.

  25. Khan, M. K., and Zhang, J., Multimodal face and fingerprint biometrics authentication on space-limited tokens. Neurocomputing 71:3026–3031, 2008.

    Article  Google Scholar 

  26. Dilmaghani, R., Ghavami, M., and Bobarshad. H., A new paradigm for Telehealth implementation. International On Engineering Medicine and Biology Society, IEEE, ISBN 978-1-4244-4123-5, 3915–3918, 2010.

  27. Federal Financial Institutions Examination Council (FFIEC), http://www.ffiec.gov, Last Visit: 09 October 2013.

  28. Federal Financial Institutions Examination Council (FFIEC), “Authentication of Internet Banking Environment”, http://www.ffiec.gov, pp. 2-4, August 2001, Last Visit: 09 October 2013.

  29. Hung, S., Yao, C., and Yue, L., oPass: A user authentication protocol resistant to password stealing and password reuse attacks. Trans. Inf. Forensic Secur. IEEE 7:651–663, 2012.

    Article  Google Scholar 

  30. Gagnon, S., Nabelsi, V., Passerni, K., and Cakici, K., The next web apps architecture: Challenges for SaaS vendors. IT Prof. IEEE 13:44–50, 2011.

    Article  Google Scholar 

  31. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36:3597–3604, 2012.

    Article  Google Scholar 

  32. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36:3833–3838, 2012.

    Article  Google Scholar 

  33. Chen, M., Lo, W., and Yeh, K., An efficient and secure dynamic ID-based authentication scheme for telecare medical in- formation systems. Med. Syst. Springer, 36:3907–3915, 2012.

    Google Scholar 

  34. Qi, J., Ma, J., Ma, Z., and Li, G., A privacy enhanced authentication scheme for Telecare medical information system. Med. Syst. 37:9886–9894, 2013.

    Google Scholar 

  35. Khan, M. K., Jiashu, Z., and Xiaomin, W., Chaotic Hash-Based Fingerprint Biometric Remote User Authentication Scheme on Mobile Devices Vol. 35. Elsevier Science, UK, pp. 519–524, 2008.

    Google Scholar 

  36. Park, H., Hong, J., Park, J., Zhan, J., and Lee, D., Combined authentication-based multilevel access control in mobile application for DailyLifeService. Mob. Comput. IEEE 09:824–837, 2010.

    Article  Google Scholar 

  37. Fuglerud, K., and Dale, O., Secure and inclusive authentication with a talking mobile OTP client. Secur. Priv. IEEE 9:27–34, 2011.

    Article  Google Scholar 

  38. Hamdy, M., Alghathbar, K., and Khan, M. K., OTP-Based Two-Factor Authentication Using Mobile Phones. Eigth International Conference on Information Technology: New Generations (ITNG’11), IEEE, ISBN 978-0-7695-4367-3, 327–331, 2011.

  39. Saxena, N., Jan, E., Kari, K., and Asokan, N., Scure device pairing based on a visual channel: Design and usability study. Inf. Forensic Secur. IEEE 06:28–38, 2011.

    Article  Google Scholar 

  40. Kelin, E., GPA Location Authentication Method for Mobile Voting. USPTO, Pub. No: US 2011/0053559 A1, March 03, 2011.

  41. Kimberly, D., and Parker, Money Transfer Smart Phone Methods and Systems. USPTO, Pub. No: US 2011/0251941 A1, October 13, 2011.

  42. Haller, N., The S/KEY One-Time Password System. ISOC Symposium on Network and Distributed System Security, San Diego, CA, 151–157, 1994.

  43. Hamdy, E., Khan, M. K., Alghathbar, K., Kim, T., and Hassan, E., Mobile one-time passwords: Two-factor authentication using mobile phones. Secur. Commun. Netw., John Wiley & Sons, 5:508–516, 2011.

  44. Khan, M. K., Kumari, S., An efficient and secure dynamic id-based authentication scheme for Telecare medical information systems. doi:10.1002/sec.791, 2013.

  45. Khan, M. K., and Kumari, S., Cryptanalysis and improvement of an efficient and secure dynamic ID-based authentication scheme for Telecare medical information systems. J. Med. Syst. 37, 2013.

  46. Kocher, P., Jaffe, J., and Jun, B., Differential Power Analysis. Proceedings of Advances in Cryptology. Santa Barbara, CA, U.S.A., 388–397, 1999.

  47. Messerges, T., Dabbish, E., and Sloan, R., Examining smart-card security under the threat of power analysis attacks. Comp. IEEE 51(5):541–552, 2002.

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgments

The authors acknowledge the support provided by Research Center (RC), College of Computer & Information Sciences King Saud University.

Conflict of interest

The authors declare that they have no conflict of interest.

Author information

Authors and Affiliations

  1. Department of Software Engineering, College of Computer & Information Sciences (CCIS), King Saud University, Riyadh, Saudi Arabia

    Zeeshan Siddiqui & Abdullah S. Alghamdi

  2. Centre of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

  3. Faculty of Computing, Universiti Teknologi Malaysia, Skudai, Johor, Malaysia

    Zeeshan Siddiqui & Abdul Hanan Abdullah

Authors
  1. Zeeshan Siddiqui
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abdul Hanan Abdullah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Abdullah S. Alghamdi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muhammad Khurram Khan.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Siddiqui, Z., Abdullah, A.H., Khan, M.K. et al. Smart Environment as a Service: Three Factor Cloud Based User Authentication for Telecare Medical Information System. J Med Syst 38, 9997 (2014). https://doi.org/10.1007/s10916-013-9997-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-013-9997-5

Keywords

Search

Navigation