Abstract
Recently several authentication schemes are proposed for telecare medicine information system (TMIS). Many of such schemes are proved to have weaknesses against known attacks. Furthermore, numerous such schemes cannot be used in real time scenarios. Because they assume a single server for authentication across the globe. Very recently, Amin et al. (J. Med. Syst. 39(11):180, 2015) designed an authentication scheme for secure communication between a patient and a medical practitioner using a trusted central medical server. They claimed their scheme to extend all security requirements and emphasized the efficiency of their scheme. However, the analysis in this article proves that the scheme designed by Amin et al. is vulnerable to stolen smart card and stolen verifier attacks. Furthermore, their scheme is having scalability issues along with inefficient password change and password recovery phases. Then we propose an improved scheme. The proposed scheme is more practical, secure and lightweight than Amin et al.’s scheme. The security of proposed scheme is proved using the popular automated tool ProVerif.
Similar content being viewed by others
References
Alizadeh, M., Zamani, M., Baharun, S., Manaf, A. A., Sakurai, K., Anada, H., Keshavarz, H., Chaudhry, S. A., Khan, M. K., Cryptanalysis and improvement of a secure password authentication mechanism for seamless handover in proxy mobile ipv6 networks. PloS one 10(11):e0142716, 2015.
Mir, O., and Nikooghadam, M.: A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services
He, D., Kumar, N., Chen, J., Lee, C.-C., Chilamkurti, N., Yeo, S.-S., Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimed. Syst. 21(1): 49–60, 2013.
Maitra, T., Obaidat, M. S., Islam, S. H., Giri, D., Amin, R.: Security analysis and design of an efficient ecc-based two-factor password authentication scheme. Security and Communication Networks (2016) n/a–n/aSec 1596 doi:10.1002/sec.1596
Wang, D., and Wang, P., On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions. Comput. Netw. 73:41–57, 2014.
Wang, D., He, D., Wang, P., Chu, C., Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Depend Secur Comput 99:1–1, 2014. doi:10.1109/TDSC.2014.2355850.
He, D., Zeadally, S., Kumar, N., Lee, J. H., Anonymous authentication for wireless body area networks with provable security. IEEE Syst J 99:1–12, 2016. doi:10.1109/JSYST.2016.2544805.
He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823, 2015. doi:10.1109/JSYST.2014.2301517.
Farash, M. S., Ahmadian-Attari, M., Bayat, M., A certificateless multiple-key agreement protocol based on bilinear pairings. IACR Crypt ePrint Arch 2012:393, 2012.
Farash, M. S., Attari, M. A., Atani, R. E., Jami, M., A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Comput Elect Eng 39(2):530–541, 2013.
Amin, R., Islam, S. H., Biswas, G., Khan, M. K., Kumar, N., An efficient and practical smart card based anonymity preserving user authentication scheme for tmis using elliptic curve cryptography. J Med Syst 39 (11):1–18, 2015.
Alizadeh, M., Baharun, S., Zamani, M., Khodadadi, T., Darvishi, M., Gholizadeh, S., Ahmadi, H., Anonymity and untraceability assessment of authentication protocols in proxy mobile ipv6. Jurnal Teknologi 72(5).
He, D., Kumar, N., Chilamkurti, N.: A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci.
Arshad, H., and Nikooghadam, M., An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc. Multimed Tools Appl.,1–17, 2014.
He, D., Kumar, N., Shen, H., Lee, J.-H., One-to-many authentication for access control in mobile pay-tv systems. Sci. Chin. Inf. Sci.,1–14, 2015.
He, D., Zeadally, S., Wu, L., Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J. 99:1–10, 2015. doi:10.1109/JSYST.2015.2428620.
Jin, A. T. B., Ling, D. N. C., Goh, A., Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.
Lumini, A., and Nanni, L., An improved biohashing for human authentication. Pattern Recog. 40(3): 1057–1065, 2007.
Leng, L., Teoh, A. B. J., Li, M., Khan, M. K., A remote cancelable palmprint authentication protocol based on multi-directional two-dimensional palmphasor-fusion. Secur. Commun. Netw. 7(11):1860–1871, 2014.
Leng, L., and Teoh, A. B. J., Alignment-free row-co-occurrence cancelable palmprint fuzzy vault. Pattern Recog. 48(7):2290–2303, 2015.
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.: On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Wagner, D. (Ed.) Advances in Cryptology, CRYPTO 2008, Vol. 5157 of Lecture Notes in Computer Science, pp. 203–220. Springer, Berlin (2008), 10.1007/978-3-540-85174-5_12
Dolev, D., and Yao, A. C., On the security of public key protocols. IEEE Trans. Inform. Theory 29(2): 198–208, 1983. doi:10.1109/TIT.1983.1056650.
Cao, X., and Zhong, S., Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun. Lett. 10(8):580–581, 2006. doi:10.1109/LCOMM.2006.1665116.
Messerges, T. S., Dabbish, E. A., Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology CRYPTO 99, pp. 388–397. Springer (1999)
Xie, Q., A new authenticated key agreement for session initiation protocol. Int. J. Commun. Syst. 25(1):47–54, 2012.
Xie, Q., Hu, B., Dong, N., Wong, D. S., Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems. PloS one 9(7):e102747, 2014.
Wu, F., Xu, L., Kumari, S., Li, X., An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw. Appl.,1–20, 2016.
Chaudhry, S. A., Farash, M. S., Naqvi, H., Kumari, S., Khan, M. K., An enhanced privacy preserving remote user authentication scheme with provable security. Secur. Commun. Netw., 1–13, 2015. doi:10.1002/sec.1299.
Kalra, S., and Sood, S., Advanced remote user authentication protocol for multi-server architecture based on ecc. J. Inf. Secur. Appl. 18(2):98–107, 2013.
Kim, H., Jeon, W., Lee, K., Lee, Y., Won, D.: Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme. In: Computational Science and Its Applications–ICCSA 2012, pp. 391–406. Springer (2012)
Yoon, E.-J., and Yoo, K.-Y., Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J. Supercomput. 63(1):235–255, 2013.
Kilinc, H. H., and Yanik, T., A survey of sip authentication and key agreement schemes. IEEE Commun. Surveys Tutor. 16(2):1005–1023, 2014.
Acknowledgments
Authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16). This work was supported by Institute for Information & communications Technology Promotion(IITP) grant funded by the Korea government(MSIP) (No.B0713-15-0007, Development of International Standards Smart Medical Security Platform focused on the Field Considering Life Cycle of Medical Information)
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Mobile & Wireless Health
Rights and permissions
About this article
Cite this article
Chaudhry, S.A., Khan, M.T., Khan, M.K. et al. A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography. J Med Syst 40, 230 (2016). https://doi.org/10.1007/s10916-016-0592-4
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-016-0592-4