Skip to main content
SpringerLink
Log in

A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography

  • Mobile & Wireless Health
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Recently several authentication schemes are proposed for telecare medicine information system (TMIS). Many of such schemes are proved to have weaknesses against known attacks. Furthermore, numerous such schemes cannot be used in real time scenarios. Because they assume a single server for authentication across the globe. Very recently, Amin et al. (J. Med. Syst. 39(11):180, 2015) designed an authentication scheme for secure communication between a patient and a medical practitioner using a trusted central medical server. They claimed their scheme to extend all security requirements and emphasized the efficiency of their scheme. However, the analysis in this article proves that the scheme designed by Amin et al. is vulnerable to stolen smart card and stolen verifier attacks. Furthermore, their scheme is having scalability issues along with inefficient password change and password recovery phases. Then we propose an improved scheme. The proposed scheme is more practical, secure and lightweight than Amin et al.’s scheme. The security of proposed scheme is proved using the popular automated tool ProVerif.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Alizadeh, M., Zamani, M., Baharun, S., Manaf, A. A., Sakurai, K., Anada, H., Keshavarz, H., Chaudhry, S. A., Khan, M. K., Cryptanalysis and improvement of a secure password authentication mechanism for seamless handover in proxy mobile ipv6 networks. PloS one 10(11):e0142716, 2015.

    Article  PubMed  PubMed Central  Google Scholar 

  2. Mir, O., and Nikooghadam, M.: A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services

  3. He, D., Kumar, N., Chen, J., Lee, C.-C., Chilamkurti, N., Yeo, S.-S., Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimed. Syst. 21(1): 49–60, 2013.

    Article  Google Scholar 

  4. Maitra, T., Obaidat, M. S., Islam, S. H., Giri, D., Amin, R.: Security analysis and design of an efficient ecc-based two-factor password authentication scheme. Security and Communication Networks (2016) n/a–n/aSec 1596 doi:10.1002/sec.1596

  5. Wang, D., and Wang, P., On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions. Comput. Netw. 73:41–57, 2014.

    Article  Google Scholar 

  6. Wang, D., He, D., Wang, P., Chu, C., Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Depend Secur Comput 99:1–1, 2014. doi:10.1109/TDSC.2014.2355850.

    CAS  Google Scholar 

  7. He, D., Zeadally, S., Kumar, N., Lee, J. H., Anonymous authentication for wireless body area networks with provable security. IEEE Syst J 99:1–12, 2016. doi:10.1109/JSYST.2016.2544805.

    Google Scholar 

  8. He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823, 2015. doi:10.1109/JSYST.2014.2301517.

    Article  Google Scholar 

  9. Farash, M. S., Ahmadian-Attari, M., Bayat, M., A certificateless multiple-key agreement protocol based on bilinear pairings. IACR Crypt ePrint Arch 2012:393, 2012.

    Google Scholar 

  10. Farash, M. S., Attari, M. A., Atani, R. E., Jami, M., A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Comput Elect Eng 39(2):530–541, 2013.

    Article  Google Scholar 

  11. Amin, R., Islam, S. H., Biswas, G., Khan, M. K., Kumar, N., An efficient and practical smart card based anonymity preserving user authentication scheme for tmis using elliptic curve cryptography. J Med Syst 39 (11):1–18, 2015.

    Google Scholar 

  12. Alizadeh, M., Baharun, S., Zamani, M., Khodadadi, T., Darvishi, M., Gholizadeh, S., Ahmadi, H., Anonymity and untraceability assessment of authentication protocols in proxy mobile ipv6. Jurnal Teknologi 72(5).

  13. He, D., Kumar, N., Chilamkurti, N.: A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci.

  14. Arshad, H., and Nikooghadam, M., An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc. Multimed Tools Appl.,1–17, 2014.

  15. He, D., Kumar, N., Shen, H., Lee, J.-H., One-to-many authentication for access control in mobile pay-tv systems. Sci. Chin. Inf. Sci.,1–14, 2015.

  16. He, D., Zeadally, S., Wu, L., Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J. 99:1–10, 2015. doi:10.1109/JSYST.2015.2428620.

    Article  Google Scholar 

  17. Jin, A. T. B., Ling, D. N. C., Goh, A., Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.

    Article  Google Scholar 

  18. Lumini, A., and Nanni, L., An improved biohashing for human authentication. Pattern Recog. 40(3): 1057–1065, 2007.

    Article  Google Scholar 

  19. Leng, L., Teoh, A. B. J., Li, M., Khan, M. K., A remote cancelable palmprint authentication protocol based on multi-directional two-dimensional palmphasor-fusion. Secur. Commun. Netw. 7(11):1860–1871, 2014.

    Article  Google Scholar 

  20. Leng, L., and Teoh, A. B. J., Alignment-free row-co-occurrence cancelable palmprint fuzzy vault. Pattern Recog. 48(7):2290–2303, 2015.

    Article  Google Scholar 

  21. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.: On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Wagner, D. (Ed.) Advances in Cryptology, CRYPTO 2008, Vol. 5157 of Lecture Notes in Computer Science, pp. 203–220. Springer, Berlin (2008), 10.1007/978-3-540-85174-5_12

  22. Dolev, D., and Yao, A. C., On the security of public key protocols. IEEE Trans. Inform. Theory 29(2): 198–208, 1983. doi:10.1109/TIT.1983.1056650.

    Article  Google Scholar 

  23. Cao, X., and Zhong, S., Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun. Lett. 10(8):580–581, 2006. doi:10.1109/LCOMM.2006.1665116.

    Article  Google Scholar 

  24. Messerges, T. S., Dabbish, E. A., Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  Google Scholar 

  25. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology CRYPTO 99, pp. 388–397. Springer (1999)

  26. Xie, Q., A new authenticated key agreement for session initiation protocol. Int. J. Commun. Syst. 25(1):47–54, 2012.

    Article  Google Scholar 

  27. Xie, Q., Hu, B., Dong, N., Wong, D. S., Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems. PloS one 9(7):e102747, 2014.

    Article  PubMed  PubMed Central  Google Scholar 

  28. Wu, F., Xu, L., Kumari, S., Li, X., An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw. Appl.,1–20, 2016.

  29. Chaudhry, S. A., Farash, M. S., Naqvi, H., Kumari, S., Khan, M. K., An enhanced privacy preserving remote user authentication scheme with provable security. Secur. Commun. Netw., 1–13, 2015. doi:10.1002/sec.1299.

  30. Kalra, S., and Sood, S., Advanced remote user authentication protocol for multi-server architecture based on ecc. J. Inf. Secur. Appl. 18(2):98–107, 2013.

    Google Scholar 

  31. Kim, H., Jeon, W., Lee, K., Lee, Y., Won, D.: Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme. In: Computational Science and Its Applications–ICCSA 2012, pp. 391–406. Springer (2012)

  32. Yoon, E.-J., and Yoo, K.-Y., Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J. Supercomput. 63(1):235–255, 2013.

    Article  Google Scholar 

  33. Kilinc, H. H., and Yanik, T., A survey of sip authentication and key agreement schemes. IEEE Commun. Surveys Tutor. 16(2):1005–1023, 2014.

    Article  Google Scholar 

Download references

Acknowledgments

Authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16). This work was supported by Institute for Information & communications Technology Promotion(IITP) grant funded by the Korea government(MSIP) (No.B0713-15-0007, Development of International Standards Smart Medical Security Platform focused on the Field Considering Life Cycle of Medical Information)

Author information

Authors and Affiliations

  1. Department of Computer Science & Software Engineering, International Islamic University Islamabad, Islamabad, Pakistan

    Shehzad Ashraf Chaudhry & Muhammad Tawab Khan

  2. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

  3. Division of Information and Computer Engineering, College of Information Technology, Ajou University, San 5, Woncheon-Dong, Yeongtong-Gu, Suwon, 443-749, Korea

    Taeshik Shon

Authors
  1. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Tawab Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Taeshik Shon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shehzad Ashraf Chaudhry.

Additional information

This article is part of the Topical Collection on Mobile & Wireless Health

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chaudhry, S.A., Khan, M.T., Khan, M.K. et al. A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography. J Med Syst 40, 230 (2016). https://doi.org/10.1007/s10916-016-0592-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-016-0592-4

Keywords

Search

Navigation