Skip to main content
SpringerLink
Log in

Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems

  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas’s scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.’s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Zhang, K, Yang, K, Liang, X, Su, Z, Shen, X, Luo, H H, Security and privacy for mobile healthcare networks: from a quality of protection perspective. IEEE Wireless Communications 22(4):104–112, 2015.

    Article  Google Scholar 

  2. He, D, Kumar, N, Chen, J, Lee, CC, Chilamkurti, N, Yeo, SS, Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems 21(1):49–60, 2015.

    Article  Google Scholar 

  3. He, D, and Zeadally, S, Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Systems Journal, 2015. doi:http://dx.doi.org/10.1109/JSYST.2015.2428620.

  4. Mir, O, Munilla, J, Kumari, S, Efficient anonymous authentication with key agreement protocol for wireless medical sensor networks, 2015. doi:10.1007/s12083-015-0408-1.

    Google Scholar 

  5. Mir, O, and Nikooghadam, M, A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wirel Pers Commun 83(4):2439–2461, 2015.

    Article  Google Scholar 

  6. He, D, Zeadally, S, Kumar, N, Lee, JH, Anonymous authentication for wireless body area networks with provable security, 2016. doi:10.1109/JSYST.2016.2544805.

    Google Scholar 

  7. Nikooghadam, M, Jahantigh, R, Arshad, H, A lightweight authentication and key agreement protocol preserving user anonymity. Multimedia Tools and Applications, 2016. doi:10.1007/s11042-016-3704-8.

  8. Arshad, H, and Nikooghadam, M, Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol. J Supercomput 71(8):3163–3180, 2015.

    Article  Google Scholar 

  9. Zhang, L, Zhu, S, Tang, S, Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE Journal of Biomedical and Health Informatics, 2016. doi:10.1109/JBHI.2016.2517146.

  10. Liu, W, Xie, Q, Wang, S, Hu, B, An improved authenticated key agreement protocol for telecare medicine information system. SpringerPlus 5(1):1–16, 2016.

    Article  Google Scholar 

  11. Bin Muhaya, FT, Cryptanalysis and security enhancement of Zhu’s authentication scheme for Telecare medicine information system. Security and Communication Networks 8(2):149–158, 2015.

    Article  Google Scholar 

  12. Amin, R, and Biswas, GP, An improved rsa based user authentication and session key agreement protocol usable in TMIS. Journal of Medical Systems 39(8):1–14, 2015.

    Google Scholar 

  13. Giri, D, Maitra, T, Amin, R, Srivastava, PD, An Efficient and Robust RSA-Based Remote User Authentication for Telecare Medical Information Systems. Journal of medical systems 39(1):1–9, 2015.

    Article  Google Scholar 

  14. Lamport, L, Password authentication with insecure communication. Commun ACM 24(11):770–772, 1981.

    Article  Google Scholar 

  15. Lennon, R, Matyas, S, Mayer, C, Cryptographic authentication of time-invariant quantities. IEEE Trans Commun 6:773–777, 1981.

    Article  Google Scholar 

  16. Yen, S, and Liao, K, Shared authentication token secure against replay and weak key attack. Inf Process Lett,78–80, 1997.

  17. He, D, Wang, H, Wang L, Shen, J, Yang, X, Efficient certificateless anonymous multi-receiver encryption scheme for mobile devices. Soft Computing, 2016. doi:10.1007/s00500-016-2231-x.

  18. He, D, Zhang, M, Xu, B, Insecurity of an Efficient Identity-Based Proxy Signature in the Standard Model. The Computer Journal 58(10):2507–2508, 2015.

    Article  Google Scholar 

  19. Arshad, H, and Nikooghadam, M, An efficient and secure authentication and key agreement scheme for session protocol using ECC. Multimed Tools Appl 75(1):181–197, 2016.

    Article  Google Scholar 

  20. He, D, Kumar, N, Lee, JH, Privacy-preserving data aggregation scheme against internal attackers in smart grids. Wireless Networks 22(2):491–502, 2016.

    Article  Google Scholar 

  21. Ramaki, AA, Amini, M, Atani, RE, RTECA: Real time episode correlation algorithm for multi-step attack scenarios detection. Computers & Security 49:206–219, 2015.

    Article  Google Scholar 

  22. He, D, Kumar, N, Shen, H, Lee, JH, One-to-many authentication for access control in mobile pay-TV systems. Science China-Information Sciences 59(5):1–14, 2016. doi:10.1007/s11432-015-5469-5.

    Article  Google Scholar 

  23. Hwang, M, and Li, L, A new remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(1):28–30, 2000.

    Article  Google Scholar 

  24. Sharif, A, Mollaeefar, M, Nazari, M, A novel method for digital image steganography based on a new three-dimensional chaotic map. Multimedia Tools and Applications, 2016. doi:10.1007/s11042-016-3398-y.

  25. Mollaeefar, M, Sharif, A, Nazari, M, A novel encryption scheme for colored image based on high level chaotic maps. Multimedia Tools and Applications, 2015. doi:10.1007/s11042-015-3064-9.

  26. Chan, C-K, and Cheng, L-M, Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):992–993, 2000.

    Article  Google Scholar 

  27. Sun, H-M, An efficient remote use authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):958–961, 2000.

    Article  Google Scholar 

  28. Chien, H-Y, Jan, J-K, Tseng, Y-M, An efficient and practical solution to remote authentication: smart card. Comput Secur 21(4):372–375, 2002.

    Article  Google Scholar 

  29. Ku, W, Chen, C, Lee, H, Cryptanalysis of a variant of peyravian-zunic’s password authentication scheme. IEICE Trans Commun E86-B(5):1682–1684, 2003.

    Google Scholar 

  30. Yoon, E, Ryu, E, Yoo, K, Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consum Electron 50(2):612–614, 2004.

    Article  Google Scholar 

  31. Wang, X, Zhang, W, Zhang, J, Khan, M, Cryptanalysis and improvement on two efficient remote user authentication scheme using cards. Comput Stand Interfaces 29(5):507–512, 2007.

    Article  Google Scholar 

  32. Hsieh, W, and Leu, J, Exploiting hash functions to intensify the remote user authentication scheme. Comput Secur 31(6):791–798, 2012.

    Article  Google Scholar 

  33. Wang, D, Ma, C, Wang, P, Chen, Z. , Robust smart card based password authentication scheme against smart card security breach. IACR Cryptology ePrint Archive. Retrieved from eprint.iacr.org/2012/439.eps (2012)

  34. Chang, Y, Tai, W, Chang H, Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int J Commun Syst, 2013. doi:10.1002/dac.2552.

  35. Kumari, S, Gupta, MK, Khan, MK, Li, X, An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Secur Commun Netw 7(11):1921–1932, 2014.

    Article  Google Scholar 

  36. He, D, Zeadally, S, Xu, B, Huang, X, An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Transactions on Information Forensics and Security 10 (12):2681–2691, 2015.

    Article  Google Scholar 

  37. He, D, Kumar, N, Lee, J H, Secure pseudonym-based near field communication protocol for the consumer internet of things. IEEE Transactions on Consumer Electronics 61(1):56–62, 2015.

    Article  Google Scholar 

  38. Kocher, P, Jaffe, J, Jun, B: Differential power analysis. In: Proceedings of Advances in Cryptology, Santa Barbara, CA, USA, 1666, pp. 788–797 (1999)

  39. Messerges, TS, Dabbish, EA, Sloan, RH, Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5):541–552, 2002.

    Article  Google Scholar 

  40. Wang, D, and Wang, P, Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Networks 20:1–15, 2014.

    Article  Google Scholar 

  41. Ma, CG, Wang, D, Zhao, SD, Security flaws in two improved remote user authentication schemes using smart cards. International Journal of Communication Systems 27(10):2215–2227, 2014.

    Article  Google Scholar 

  42. Klein, DV: Foiling the cracker: a survey of, and improvements to, password security. In: Proceedings of the 2nd USENIX Security Workshop, Anaheim, CA, USA, August, pp. 5–14 (1990)

  43. Kumari, S, Li, X, Wu, F, Das, AK, Arshad, H, Khan, MK, A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps. Future Generation Computer Systems 63:56–75, 2016.

    Article  Google Scholar 

  44. Bonneau, J: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 33th IEEE Symposium on Security and Privacy (S&P 2012), IEEE Computer Society, San Francisco, CA, USA, May, pp. 538–552 (2012)

  45. Islam, SH, Design and analysis of an improved smartcard-based remote user password authentication scheme. International Journal of Communication Systems, 2014. doi:10.1002/dac.2793.

  46. Gong, L, Needham, R, Yahalom, R: Reasoning about belief in cryptographic protocols. In: Proc 1990 IEEE Computer Society Symp. Research in Security and Privacy, pp. 234–246 (1990)

  47. Armando, A, Basin, D, Cuellar, J, Rusinowitch, M, Vigan, L, AVISPA: Automated Validation of Internet Security Protocols and Applications. ERCIM News,64, 2006.

  48. Chevalier, Y, Compagna, L, Cuellar, J, Hankes, DP, Mantovani, J, Modersheim, S, Vigneron, L: A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols. In: Proc. SAPS’04. Austrian Computer Society (2004)

  49. Basin, D, Modersheim, S, Vigano, L, OFMC: A symbolic model checker for security protocols. International Journal of Information Security 4(3):181–208, 2005.

    Article  Google Scholar 

  50. Hankerson, D, Menezes, A, Vanstone, S, Guide to elliptic curve cryptography. New York: Springer, 2004.

    Google Scholar 

  51. He, D, Kumar, N, Khan, MK, Lee, JH, Anonymous Two-factor Authentication for Consumer Roaming Service in Global Mobility Networks. IEEE Transactions on Consumer Electronics 59(4):811–817, 2013.

    Article  Google Scholar 

  52. Jiang, Q, Ma, J, Li, G, Yang, L, An Efficient Ticket Based Authentication Protocol with Unlinkability for Wireless Access Networks. Wireless Personal Communications 77(2):1489–1506, 2014.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Ferdowsi University of Mashhad, Mashhad, Iran

    Hamed Arshad & Abbas Rasoolzadegan

Authors
  1. Hamed Arshad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abbas Rasoolzadegan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Hamed Arshad or Abbas Rasoolzadegan.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Arshad, H., Rasoolzadegan, A. Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems. J Med Syst 40, 237 (2016). https://doi.org/10.1007/s10916-016-0585-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-016-0585-3

Keywords

Search

Navigation