Skip to main content

Advertisement

SpringerLink
Log in

An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

In the last few years, numerous remote user authentication and session key agreement schemes have been put forwarded for Telecare Medical Information System, where the patient and medical server exchange medical information using Internet. We have found that most of the schemes are not usable for practical applications due to known security weaknesses. It is also worth to note that unrestricted number of patients login to the single medical server across the globe. Therefore, the computation and maintenance overhead would be high and the server may fail to provide services. In this article, we have designed a medical system architecture and a standard mutual authentication scheme for single medical server, where the patient can securely exchange medical data with the doctor(s) via trusted central medical server over any insecure network. We then explored the security of the scheme with its resilience to attacks. Moreover, we formally validated the proposed scheme through the simulation using Automated Validation of Internet Security Schemes and Applications software whose outcomes confirm that the scheme is protected against active and passive attacks. The performance comparison demonstrated that the proposed scheme has lower communication cost than the existing schemes in literature. In addition, the computation cost of the proposed scheme is nearly equal to the exiting schemes. The proposed scheme not only efficient in terms of different security attacks, but it also provides an efficient login, mutual authentication, session key agreement and verification and password update phases along with password recovery.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Amin, R., and Biswas, G. P., Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel. Pers. Commun. 1–24, 2015. doi:10.1007/s11277-015-2616-7.

  2. Amin, R., and Biswas, G. P., An improved rsa based user authentication and session key agreement protocol usable in tmis. J. Med. Syst. 39(8):79, 2015. doi:10.1007/s10916-015-0262-y.

    Article  PubMed  Google Scholar 

  3. Amin, R., and Biswas, G. P., A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J. Med. Syst. 39(3):33, 2015. doi:10.1007/s10916-015-0217-3.

    Article  PubMed  Google Scholar 

  4. Amin, R., and Biswas, G. P.: Remote access control mechanism using rabin public key cryptosystem. In: Information Systems Design and Intelligent Applications, Advances in Intelligent Systems and Computing, vol. 339, pp. 525–533. India: Springer, 2015. doi:10.1007/978-81-322-2250-7_52

  5. Amin, R., and Biswas, G. P., A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks: Ad Hoc Networks, 2015.

  6. Amin, R., and Biswas, G. P., A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8):78, 2015. doi:10.1007/s10916-015-0258-7.

    Article  PubMed  Google Scholar 

  7. Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., An efficient remote mutual authentication scheme using smart mobile phone over insecure networks. In: 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–7 (2015), doi:10.1109/CyberSA.2015.7166114

  8. Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., Li, X., Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J. Med. Syst. 2015. doi:10.1007/s10916-015-0318-z.

  9. Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., Obaidat, M. S., Design and analysis of an enhanced patient-server mutual authentication protocol for telecare medical information system. J. Med. Technol. 39(11):137, 2015. doi:10.1007/s10916-015-0307-2.

    Google Scholar 

  10. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P. H., Héam, P. C., Kouchnarenko, O., Mantovani, J., et al., The avispa tool for the automated validation of internet security protocols and applications. In: Computer Aided Verification, pp. 281–285: Springer, 2005

  11. Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–7, 2013.

    Article  Google Scholar 

  12. Chaudhry, S. A., Farash, M. S., Naqvi, H., Kumari, S., Khan, M. K., An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks, 2015. doi:10.1002/sec.1299.

  13. Chen, H. M., Lo, J. W., Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  PubMed  Google Scholar 

  14. Dolev, D., and Yao, A. C., On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198–208, 1983.

    Article  Google Scholar 

  15. Farash, M. S., Chaudhry, S. A., Heydari, M., Sajad Sadough, S. M., Kumari, S., Khan, M. K., A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int. J. Commun. Syst. 2015. doi:10.1002/dac.3019.

  16. Giri, D., Maitra, T., Amin, R., Srivastava, P., An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1):145, 2014. doi:10.1007/s10916-014-0145-7.

    Article  PubMed  Google Scholar 

  17. Guo, P., Wang, J., Li, B., Lee, S., A variable thresholdvalue authentication architecture for wireless mesh networks. Journal of Internet Technology 15(6):929–936, 2014.

    Google Scholar 

  18. He, D., Jianhua, C., Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  19. He, D., Kumar, N., Chen, J., Lee, C. C., Chilamkurti, N., Yeo, S. S., Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems 21(1):49–60, 2015. doi:10.1007/s00530-013-0346-9.

    Article  Google Scholar 

  20. He, D., Kumar, N., Chilamkurti, N., A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci. 321:263–277, 2015. doi:10.1016/j.ins.2015.02.010. http://www.sciencedirect.com/science/article/pii/S0020025515001012.

    Article  Google Scholar 

  21. He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 9(3):816–823, 2015. doi:10.1109/JSYST.2014.2301517.

    Article  Google Scholar 

  22. Hsu, C. L., Chuang, Y. H., Kuo, C.l., A novel remote user authentication scheme from bilinear pairings via internet. Wirel. Pers. Commun. 1–12, 2015.

  23. Islam, SH, Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inf. Sci. 312(0):104–130, 2015. doi:10.1016/j.ins.2015.03.050.

    Article  Google Scholar 

  24. Islam, S. H., and Biswas, G. P., An efficient and secure strong designated verifier signature scheme without bilinear pairings. Journal of Applied Mathematics and Informatics 31(3–4):425–441, 2013.

    Article  Google Scholar 

  25. Islam, S. H., Khan, M. K., Obaidat, M. S., Muhaya, F.T.B., Provably secure and anonymous password authentication protocol for roaming service in global mobility networks using extended chaotic maps. Wirel. Pers. Commun. 1–22, 2015. doi:10.1007/s11277-015-2542-8.

  26. Jiang, Q., Ma, J., Lu, X., Tian, Y., Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J. Med. Syst. 38(2):1–8, 2014.

    Article  Google Scholar 

  27. Kalra, S., and Sood, S., Advanced remote user authentication protocol for multi-server architecture based on ecc. Journal of Information Security and Applications 18(2):98–107, 2013.

    Article  Google Scholar 

  28. Kim, H., Jeon, W., Lee, K., Lee, Y., Won, D., Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme. In: Computational Science and Its Applications–ICCSA 2012, pp. 391–406: Springer, 2012.

  29. Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology CRYPTO 99, Lecture Notes in Computer Science, vol. 1666, pp. 388–397 (1999)

  30. Lee, C. C., Hsu, C. W., Lai, Y. M., Vasilakos, A., An enhanced mobile-healthcare emergency system based on extended chaotic maps. J. Med. Syst. 37(5):1–12, 2013.

    Article  Google Scholar 

  31. Lee, T. F., Chang, I. P., Lin, T. H., Wang, C. C., A secure and efficient password-based user authentication scheme using smart cards for the integrated epr information system. J. Med. Syst. 37(3):1–7, 2013.

    Google Scholar 

  32. Li, C. T., Lee, C. C., Weng, C. Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):1–11, 2014.

    Article  CAS  Google Scholar 

  33. Li, X., Ma, J., Wang, W., Xiong, Y., Zhang, J., A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Math. Comput. Model. 58(1):85–95, 2013.

    Article  Google Scholar 

  34. Li, X., Niu, J., Khan, M. K., Liao, J., An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5):1365–1371, 2013.

    Article  Google Scholar 

  35. Li, X., Niu, J. W., Ma, J., Wang, W. D., Liu, C. L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.

    Article  CAS  Google Scholar 

  36. Li, X., Xiong, Y., Ma, J., Wang, W., An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2):763–769, 2012.

    Article  CAS  Google Scholar 

  37. Lin, H. Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9929, 2013. doi:10.1007/s10916-013-9929-4.

    Article  PubMed  Google Scholar 

  38. Lin, H. Y., Chaotic map based mobile dynamic id authenticated key agreement scheme. Wirel. Pers. Commun. 78(2):1487–1494, 2014.

    Article  Google Scholar 

  39. Messerges, T. S., Dabbish, E. A., Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  Google Scholar 

  40. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M. K., Cryptanalysis and improvement of yan et al.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):1–12, 2014.

    Article  Google Scholar 

  41. Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10):1–10, 2014.

    Article  Google Scholar 

  42. Odelu, V., Das, A. K., Goswami, A., Cryptanalysis on robust biometrics-based authentication scheme for multiserver environment. Tech. rep., Cryptology ePrint Archive, eprint. iacr.org/2014/715.pdf (2014)

  43. Shen, J., Tan, H., Wang, J., Wang, J., Lee, S., A novel routing protocol providing good transmission reliability in underwater sensor networks. Journal of Internet Technology 16(1):171–178, 2015.

    Google Scholar 

  44. Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3):200–204, 2013.

    Google Scholar 

  45. Wang, Z., Huo, Z., Shi, W., A dynamic identity based authentication scheme using chaotic maps for telecare medicine information systems. Journal of medical systems 39(1):1–8, 2015.

    Google Scholar 

  46. Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. Journal of Medical Systems 36(6):3597–3604, 2012.

    Article  PubMed  Google Scholar 

  47. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., Chung, Y., A secure authentication scheme for telecare medicine information systems. Journal of medical systems 36(3):1529–1535, 2012.

    Article  PubMed  Google Scholar 

  48. Xie, Q., Liu, W., Wang, S., Han, L., Hu, B., Wu, T., Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care. Journal of medical systems 38(9):1–10, 2014.

    Article  CAS  Google Scholar 

  49. Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. Journal of medical systems 37(2):1–8, 2013.

    Article  Google Scholar 

  50. Xu, L., and Wu, F., Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. Journal of medical systems 39(2):1–9, 2015.

    Article  Google Scholar 

  51. Yan, X., Li, W., Li, P., Wang, J., Hao, X., Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. Journal of Medical Systems 37(5):9972, 2013. doi:10.1007/s10916-013-9972-1.

    Article  PubMed  Google Scholar 

  52. Ren, Y., Shen, J., Wang, J., Han, J., and Lee, S., Mutual verifiable provable data auditing in public cloud storage. Journal of Internet Technology 16(2):317–323, 2014.

    Google Scholar 

  53. Yoon, EJ, and Yoo, KY, Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. The Journal of Supercomputing 63(1):235–255, 2013.

    Article  Google Scholar 

  54. Zhu, Z, An efficient authentication scheme for telecare medicine information systems. Journal of Medical Systems 36(6):3833–3838, 2012. doi:10.1007/s10916-012-9856-9.

    Article  PubMed  Google Scholar 

Download references

Acknowledgments

The authors extend their sincere appreciations to the Outstanding Potential for Excellence in Research and Academics (OPERA) award, BITS Pilani, Rajasthan, India, and the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16).

Conflict of interests

The authors of this article declare that they do not have any conflict of interest.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian School of Mines, Dhanbad, 826004, Jharkhand, India

    Ruhul Amin & G. P. Biswas

  2. Department of Computer Science and Information Systems, Birla Institute of Technology and Science, Pilani Campus, Rajasthan, 333031, India

    SK Hafizul Islam

  3. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

  4. Department of Computer Science and Engineering, Thapar University, Patiala, 147004, India

    Neeraj Kumar

Authors
  1. Ruhul Amin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. SK Hafizul Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. G. P. Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Neeraj Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to SK Hafizul Islam.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Amin, R., Islam, S.H., Biswas, G.P. et al. An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography. J Med Syst 39, 180 (2015). https://doi.org/10.1007/s10916-015-0351-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0351-y

Keywords

Search

Navigation