Skip to main content
Log in

An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function

  • TRANSACTIONAL PROCESSING SYSTEMS
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava’s scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava’s scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava’s scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. AVISPA: Automated validation of internet security protocols and applications. http://www.avispa-project.org/. Accessed Jan 2013.

  2. AVISPA: AVISPA Web Tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed Sept 2013.

  3. Awasthi, A. K., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):1–4, 2013.

  4. Basin, D., Modersheim, S., and Vigano, L., OFMC: A symbolic model checker for security protocols. Int. J. Inf. Sec. 4(3):181–208, 2005.

  5. Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.

  6. Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:1–9, 2013.

  7. Das, A. K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Sec. 5(3):145–151, 2011.

  8. Das, A. K., A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Netw. Sci. 2(1–2):12–27, 2013.

  9. Das, A. K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.

  10. Das, A. K., Massand, A., and Patil, S., A novel proxy signature scheme based on user hierarchical access control policy. J. King Saud University - Comput. Inf. Sci. 25(2):219–228, 2013.

  11. Das, A. K., Paul, N. R., and Tripathy, L., Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf. Sci. 209:80–92, 2012.

  12. Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.

  13. Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.

  14. Dolev, D., and Yao, A., On the security of public key protocols. IEEE Trans. Inf. Theory. 29(2):198–208, 1983.

  15. Hwang, M.-S., and Li, L.-H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1): 28–30, 2000.

  16. Hwang, T., Chen, Y., and Laih, C.-S., Non-interactive password authentications without password tables. In: Proceedings of IEEE Region 10 Conference on Computer and Communication Systems (TENCON’90). Vol. 1, pp. 429–431, 1990.

  17. Jaspher, G., Kathrine, W., Kirubakaran, E., and Prakash, P., Smart card based remote user authentication schemes: A survey. Procedia Eng. 38:1318–1326, 2012.

  18. Jina, A. T. B., Linga, D. N. C., and Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.

  19. Khan, M. K., Kim, S.-K., and Alghathbar, K., Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’. Comput Commun. 34(3):305–309, 2011.

  20. Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. In: Proceedings of Advances in Cryptology - CRYPTO’99, LNCS. Vol. 1666, pp. 388–397, 1999.

  21. Lamport, L., Password authentification with insecure communication. Commun. ACM. 24(11):770–772, 1981.

  22. Li, C.-T., and Hwang, M.-S., An efficient biometric-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33:1–5, 2010.

  23. Li, C.-T., Lee, C.-C., Liu, C.-J., and Lee, C.-W., A robust remote user authentication scheme against smart card security breach. In: Proceedings of Data and Applications Security and Privacy XXV, LNCS. VOl. 6818, pp. 231–238, 2011.

  24. Li, X., Niu, J.-W., Ma, J., Wang, W.-D., and Liu, C.-L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34:73–79, 2011.

  25. Lumini, A., and Nanni, L., An improved BioHashing for human authentication. Pattern Recog. 40(3):1057–1065, 2007.

  26. Madhusudhan, R., and Mittal, R. C., Dynamic ID-based remote user password authentication schemes using smart cards: A review. J. Netw. Comput. Appl. 35(4):1235–1248, 2012.

  27. Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

  28. Odelu, V., Das, A. K., and Goswami, A., An effective and secure key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 37(2):1–18, 2013.

  29. Wang, Y.-Y., Liu, J.-Y., Xiao, F.-X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009.

  30. Xiao, D., Liao, X., and Deng, S., One-way hash function construction based on the chaotic map with changeable-parameter. Chaos, Solitons Fractals. 241:65–71, 2005.

Download references

Acknowledgments

The authors would like to acknowledge the many helpful suggestions of the anonymous reviewers, which have improved the content and the presentation of this paper.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ashok Kumar Das.

Additional information

Conflict of interests

The authors declare that they have no conflict of interest.

This article is part of the Topical Collection on Transactional Processing Systems

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Das, A.K., Goswami, A. An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function. J Med Syst 38, 27 (2014). https://doi.org/10.1007/s10916-014-0027-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0027-z

Keywords

Navigation