Abstract
The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.’s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.’s scheme and additionally achieves extra security requirements.
Similar content being viewed by others
References
Amin, R, Cryptanalysis and an efficient secure id-based remote user authentication using smart card. Int. J. Comput. Appl. 75(13):43–48, 2013.
Amin, R, and Biswas, GP, Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arab. J. Sci. Eng.,1–15, 2015. doi:10.1007/s13369-015-1743-5.
Amin, R, and Biswas, GP, Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel. Pers. Commun., 1–24, 2015. doi:10.1007/s11277-015-2616-7.
Amin, R, and Biswas, GP, An improved rsa based user authentication and session key agreement protocol usable in tmis. J. Med. Syst. 39(8):79, 2015. doi:10.1007/s10916-015-0262-y.
Amin, R, and Biswas, GP, A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J. Med. Syst. 39(3):33, 2015. doi:10.1007/s10916-015-0217-3.
Amin, R, and Biswas, GP, Remote access control mechanism using rabin public key cryptosystem. In: Information Systems Design and Intelligent Applications, Advances in Intelligent Systems and Computing. Vol. 339, pp. 525–533. Springer, India. 2015. doi:10.1007/978-81-322-2250-7_52.
Amin, R, and Biswas, GP, A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Netw., 2015. doi:10.1016/j.adhoc.2015.05.020.
Amin, R, and Biswas, GP, A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8):78, 2015. doi:10.1007/s10916-015-0258-7.
Amin, R, Islam, SH, Biswas, GP, Khan, MK: An efficient remote mutual authentication scheme using smart mobile phone over insecure networks. In: Cyber Situational Awareness, 2015 International Conference on Data Analytics and Assessment (CyberSA). pp. 1–7, 2015, doi:10.1109/CyberSA.2015.7166114
Amin, R, Maitra, T, Rana, SP, An improvement of Wang et. al.’s remote user authentication scheme against smart card security breach. Int. J. Comput. Appl. 75(13):37–42, 2013.
An, Y, Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. J. Biomed. Biotechnol. 6, 2012. doi:10.1155/2012/519723.
An, YH: Security improvements of dynamic id-based remote user authentication scheme with session key agreement. In: 2013 15th International Conference on Advanced Communication Technology (ICACT), pp. 1072–1076 (2013)
Arshad, H, and Nikooghadam, M, Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):1–12, 2014. doi:10.1007/s10916-014-0136-8.
Burrows, M, Abadi, M, Needham, R, A logic of authentication. ACM Trans. Comput. Syst. 8(1):18–36, 1990. doi:10.1145/77648.77649 10.1145/77648.77649.
Chang, YF, Tai, WL, Chang, HC, Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 27(11):3430–3440, 2014. doi:10.1002/dac.2552.
Chang, YF, Yu, SH, Shiao, DR, A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(2):9902, 2013. doi:10.1007/s10916-012-9902-7.
Chaudhry, SA, Farash, MS, Naqvi, H, Kumari, S, Khan, MK, An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks, 2015. doi:10.1002/sec.1299.
Chaudhry, SA, Naqvi, H, Shon, T, Sher, M, Farash, MS, Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6):66, 2015. doi:10.1007/s10916-015-0244-0.
Chaudhry, SA, Uddin, N, Sher, M, Ghani, A, Naqvi, H, Irshad, A, An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimedia Tools and Applications 74(5):1711–1723, 2015. doi:10.1007/s11042-014-2283-9.
Chou, JS, Huang, CH, Huang, YS, Chen4, Y: Efficient two-pass anonymous identity authentication using smart card. Cryptology ePrint Archive, Report 2013/402 (2013)
Das, A, Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. Inf. Secur., IET 5(3):145–151, 2011. doi:10.1049/iet-ifs.2010.0125.
Das, AK, Cryptanalysis and further improvement of a biometric-based remote user authentication scheme using smart cards. International Journal of Network Security and Its Applications 3(2):13–28, 2011.
Das, AK, and Goswami, A, A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9948, 2013. doi:10.1007/s10916-013-9948-1 10.1007/s10916-013-9948-1.
Dolev, D, and Yao, AC, On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198–208, 1983.
Farash, MS, Chaudhry, SA, Heydari, M, Sajad Sadough, SM, Kumari, S, Khan, MK, A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int. J. Commun. Syst., 2015. doi:10.1002/dac.3019.
Fu, Z, Sun, X, Liu, Q, Zhou, L, Shu, J, Achieving efficient cloud search services: Multikeyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans. Commun. E98B(1):190–200, 2015.
Giri, D, Maitra, T, Amin, R, Srivastava, PD, An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1):145, 2014. doi:10.1007/s10916-014-0145-7.
Guo, P, Wang, J, Li, B, Lee, S, A variable threshold-value authentication architecture for wireless mesh networks. J. Internet Technol. 15(6):929–936, 2014.
Islam, S H, and Biswas, GP, Dynamic id-based remote user mutual authentication scheme with smartcard using elliptic curve cryptography. J. Electron. (China) 31(5):473–488, 2014. doi:10.1007/s11767-014-4002-0.
He, D, Jianhua, C, Rui, Z, A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.
He, D, and Khan, MK, Cryptanalysis of a key agreement protocol based on chaotic hash. Int. J. Electron. Secur. Digit. Forensic. 5(3–4):172–177, 2013. doi:10.1504/IJESDF.2013.058650.
He, D, Khan, MK, Kumar, N, A new handover authentication protocol based on bilinear pairing functions for wireless networks. Int. J. Ad Hoc Ubiquit. Comput. 18(1–2):67–74, 2015. doi:10.1504/IJAHUC.2015.067774.
He, D, Kumar, N, Chen, J, Lee, CC, Chilamkurti, N, Yeo, SS, Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems. 21(1):49–60, 2015. doi:10.1007/s00530-013-0346-9.
He, D, Kumar, N, Chilamkurti, N, A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci 321: 263–277, 2015. doi:10.1016/j.ins.2015.02.010.
He, D, Kumar, N, Chilamkurti, N, Lee, JH, Lightweight ecc based rfid authentication integrated with an id verifier transfer protocol. J. Med. Syst. 38(10):116, 2014. doi:10.1007/s10916-014-0116-z 10.1007/s10916-014-0116-z.
He, D, Kumar, N, Lee, JH, Sherratt, R, Enhanced three-factor security protocol for consumer usb mass storage devices. IEEE Trans. Consum. Electron. 60(1):30–37, 2014. doi:10.1109/TCE.2014.6780922.
He, D, and Zeadally, S, Authentication protocol for an ambient assisted living system. Commun. Mag. IEEE 53(1):71–77, 2015. doi:10.1109/MCOM.2015.7010518.
Islam, S H, Khan, MK, Obaidat, MS, Muhaya, F.T.B, Provably secure and anonymous password authentication protocol for roaming service in global mobility networks using extended chaotic maps. Wirel. Pers. Commun.,1–22, 2015. doi:10.1007/s11277-015-2542-8.
Islam, SH, Design and analysis of an improved smartcard based remote user password authentication scheme. Int. J. Commun. Syst., 2014. doi:10.1002/dac.2793.
Islam, SH, A provably secure id-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wirel. Pers. Commun. 79(3):1975–1991, 2014. doi:10.1007/s11277-014-1968-8.
Islam, SH, Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inf. Sci. 312:104–130, 2015. doi:10.1016/j.ins.2015.03.050.
Islam, SH, and Biswas, GP, A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.
Islam, SH, and Biswas, GP, Design of improved password authentication and update scheme based on elliptic curve cryptography. Math. Comput. Model. 57(1112):2703–2717, 2013. doi:10.1016/j.mcm.2011.07.001. Information System Security and Performance Modeling and Simulation for Future Mobile Networks.
Islam, SH, and Khan, MK, Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10):135, 2014. doi:10.1007/s10916-014-0135-9.
Jina, A.T.B, Ling, D.N.C, Goh, A, Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.
Khan, MK, and He, D, A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography. Sec. and Commun. Netw. 5(11):1260–1266, 2012. doi:10.1002/sec.573.
Khan, MK, and Kumari, S, An improved biometrics-based remote user authentication scheme with user anonymity. BioMed Res. Int.,9, 2013. doi:10.1155/2013/491289.
Khan, MK, and Zhang, J, Improving the security of a flexible biometrics remote user authentication scheme. Comput. Stand. Interfaces. 29(1):82–85, 2007. doi:10.1016/j.csi.2006.01.002.
Kocher, P, Jaffe, J, Jun, B: Differential power analysis. In: Advances in Cryptology CRYPTO 99, Lecture Notes in Computer Science, Vol. 1666, pp. 388–397 (1999)
Kumari, S, and Khan, MK, More secure smart card-based remote user password authentication scheme with user anonymity. Secur. Commun. Netw. 7(11):2039–2053, 2014. doi:10.1002/sec.916.
Kumari, S, Khan, MK, Atiquzzaman, M, User authentication schemes for wireless sensor networks: A review. Ad Hoc Netw. 27:159–194, 2015. doi:10.1016/j.adhoc.2014.11.018.
Kumari, S, Khan, MK, Li, X, An improved remote user authentication scheme with key agreement. Comput. Electr. Eng. 40(6):1997–2012, 2014. doi:10.1016/j.compeleceng.2014.05.007.
Kumari, S, Khan, MK, Li, X, Wu, F, Design of a user anonymous password authentication scheme without smart card. Int. J. Commun. Syst. 27(10):609–618, 2014. doi:10.1002/dac.2853.
Lee, JK, Ryu, SR, Yoo, KY, Fingerprint-based remote user authentication scheme using smart cards. Electron. Lett. 38(12):554–555, 2002.
Li, CT, and Hwang, MS, An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.
Li, X, Ma, J, Wang, W, Xiong, Y, Zhang, J, A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Math. Comput. Model. 58(12):85–95, 2013. doi:10.1016/j.mcm.2012.06.033.
Li, X, Niu, J, Khan, MK, Liao, J, An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5):1365–1371, 2013. doi:10.1016/j.jnca.2013.02.034.
Li, X, Niu, JW, Ma, J, Wang, WD, Liu, CL, Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.
Li, X, Xiong, Y, Ma, J, Wang, W, An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2):763–769, 2012. doi:10.1016/j.jnca.2011.11.009.
Lin, CH, and Lai, YY, A flexible biometrics remote user authentication scheme. Computer Standards & Interfaces 27(1):19–23, 2004. doi:10.1016/j.csi.2004.03.003.
Lumini, A, and Nanni, L, An improved biohashing for human authentication. Pattern Recogn. 40(3): 1057–1065, 2007.
Messerges, TS, Dabbish, EA, Sloan, RH, Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Mishra, D: A study on id-based authentication schemes for telecare medical information system. CoRR arXiv: http://arxiv.org/abs/1311.0151 (2013)
Mishra, D, Mukhopadhyay, S, Chaturvedi, A, Kumari, S, Khan, MK, Cryptanalysis and improvement of yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6): 24, 2014. doi:10.1007/s10916-014-0024-2.
Mishra, D, Mukhopadhyay, S, Kumari, S, Khan, M, Chaturvedi, A, Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5):41, 2014. doi:10.1007/s10916-014-0041-1.
Ren, Y, Shen, J, Wang, J, Han, J, Lee, S, Mutual verifiable provable data auditing in public cloud storage. J. Internet Technol. 16(2):317–323, 2014.
Tool, AW: http://www.avispa-project.org/web-interface/expert.php/ use on febraury (2015)
Wang, XM, Zhang, WF, Zhang, JS, Khan, MK, Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Computer Standards & Interfaces 29(5):507–512, 2007. doi:10.1016/j.csi.2006.11.005.
Yan Wang, Y, Yong Liu, J, Xia Xiao, F, Dan, J, A more efficient and secure dynamic id-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009. doi:10.1016/j.comcom.2008.11.008.
Wei, J, Hu, X, Liu, W, An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.
Wen, F, and Li, X, An improved dynamic id-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2):381–387, 2012. doi:10.1016/j.compeleceng.2011.11.010.
Wu, ZY, Lee, YC, Lai, F, Lee, HC, Chung, Y, A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.
Xu, X, Zhu, P, Wen, Q, Jin, Z, Zhang, H, He, L, A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(6):24, 2014. doi:10.1007/s10916-013-9994-8..
Zhang, L, and Zhu, S, Robust ecc-based authenticated key agreement scheme with privacy protection for telecare medicine information systems. J. Med. Syst. 39(5):49, 2015. doi:10.1007/s10916-015-0233-3.
Zhu, Z, An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012. doi:10.1007/s10916-012-9856-9.
Acknowledgments
The second author is supported by the Outstanding Potential for Excellence in Research and Academics (OPERA) award, Birla Institute of Technology and Science (BITS) Pilani, Pilani Campus, Rajasthan, India. The authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16). This research is also partially supported by the National Natural Science Foundation of China under Grant No. 61300220.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Systems-Level Quality Improvement
Rights and permissions
About this article
Cite this article
Amin, R., Islam, S.H., Biswas, G. et al. Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems. J Med Syst 39, 140 (2015). https://doi.org/10.1007/s10916-015-0318-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-015-0318-z