Skip to main content

Advertisement

SpringerLink
Log in

Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Xia, Z., Wang, X., Sun, X., and Wang, Q., A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 27(2):340–352, 2016.

    Article  Google Scholar 

  2. Fu, Z., Ren, K., Shu, J., Sun, X., and Huang, F., Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Trans. Parallel Distrib. Syst. 27(9):2546–2559, 2016.

    Article  Google Scholar 

  3. Fu, Z., Sun, X., Liu, Q., Zhou, L., and Shu, J., Achieving effocient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans. Commun. 98(1):190–200, 2015.

    Article  Google Scholar 

  4. Ren, Y., Shen, J., Wang, J., Han, J., and Lee, S., Mutual verifiable provable data auditing in public cloud storage. J. Internet Technol. 16(2):317–323, 2015.

    Google Scholar 

  5. Xu, J., Zhu, W. T., and Feng, D. G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.

    Article  Google Scholar 

  6. Wang, Y. Y., Liu, J. Y., Xiao, F. X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009.

    Article  CAS  Google Scholar 

  7. Song, R., Advanced smart card based password authentication protocol. Comput. Stand. Interfaces 32(5):321–325, 2010.

    Article  Google Scholar 

  8. Sood, S. K., Sarje, A. K., and Singh, K., An improvement of Xu et al.’s authentication scheme using smart cards. In: Proceedings of the Third Annual ACM Bangalore Conference, p. 15. ACM, (2010)

  9. Khan, M. K., Kim, S. K., and Alghathbar, K., Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’. Comput. Commun. 34(3):305–309, 2011.

    Article  Google Scholar 

  10. Chen, B. L., Kuo, W. C., and Wuu, L. C., Robust smart-card-based remote user password authentication scheme. Int. J. Commun. Syst. 27(2):377–389, 2014.

    Article  Google Scholar 

  11. Kumari, S., and Khan, M. K., Cryptanalysis and improvement of ‘a robust smart-card-based remote user password authentication scheme’. Int. J. Commun. Syst. 27(12):3939–3955, 2014.

    Article  Google Scholar 

  12. Li, X., Niu, J., Khan, M. K., and Liao, J., An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5):1365–1371, 2013.

    Article  Google Scholar 

  13. An, Y. H., Security improvements of dynamic id-based remote user authentication scheme with session key agreement. In: 15th International Conference on Advanced Communication Technology (ICACT), 2013, pp. 1072–1076. IEEE (2013)

  14. Amin, R., Islam, S. H., Biswas, G., Khan, M. K., and Li, X., Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J. Med. Syst. 39(11):1–21, 2015.

    Google Scholar 

  15. Sood, S. K., Secure dynamic identity-based authentication scheme using smart cards. Information Security Journal: A Global Perspective 20(2):67–77, 2011.

    Google Scholar 

  16. He, D., and Wu, S., Security flaws in a smart card based authentication scheme for multi-server environment. Wirel. Pers. Commun. 70(1):323–329, 2013.

    Article  Google Scholar 

  17. Wang, D., Wang, N., Wang, P., and Qing, S., Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity. Inf. Sci. 321:162–178, 2015.

    Article  Google Scholar 

  18. Ma, C. G., Wang, D., and Zhao, S. D., Security flaws in two improved remote user authentication schemes using smart cards. Int. J. Commun. Syst. 27(10):2215–2227, 2014.

    Article  Google Scholar 

  19. Wang, D., He, D., Wang, P., and Chu, C. H., Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12(4):428–442, 2015.

    Article  Google Scholar 

  20. Guo, P., Wang, J., Geng, X. H., Kim, C. S., and Kim, J. U., A variable threshold-value authentication architecture for wireless mesh networks. J. Internet Technol. 15(6):929–935, 2014.

    Google Scholar 

  21. Karuppiah, M., and Saravanan, R., A secure authentication scheme with user anonymity for roaming service in global mobility networks. Wirel. Pers. Commun. 84(3):2055–2078, 2015.

    Article  Google Scholar 

  22. Li, X., Niu, J., Wang, Z., and Chen, C., Applying biometrics to design three-factor remote user authentication scheme with key agreement. Security and Communication Networks 7(10):1488–1497, 2014.

    Google Scholar 

  23. Kumari, S., Khan, M. K., and Li, X., An improved remote user authentication scheme with key agreement. Comput. Electr. Eng. 40(6):1997–2012, 2014.

    Article  Google Scholar 

  24. Islam, S., Obaidat, M. S., and Amin, R., An anonymous and provably secure authentication scheme for mobile user. Int. J. Commun. Syst. 29(9):1529–1544, 2016.

    Article  Google Scholar 

  25. Islam, S. H., Khan, M. K., and Li, X., Security analysis and improvement of ‘a more secure anonymous user authentication scheme for the integrated EPR information system’. PloS one 10(8):e0131368, 2015.

    Article  CAS  PubMed  PubMed Central  Google Scholar 

  26. Li, X., Niu, J., Liao, J., and Liang, W., Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 28(2):374–382, 2015.

    Article  CAS  Google Scholar 

  27. He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 9(3):816–823, 2015.

    Article  Google Scholar 

  28. He, D., Kumar, N., and Chilamkurti, N., A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci. 321:263–277, 2015.

    Article  Google Scholar 

  29. Jiang, Q., Ma, J., and Wei, F., On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst. J., 2016. doi:10.1109/JSYST.2016.2574719.

  30. Jiang, Q., Wei, F., Fu, S., Ma, J., Li, G., and Alelaiwi, A., Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn. 83(4):2085–2101, 2016.

    Article  Google Scholar 

  31. Jiang, Q., Ma, J., Lu, X., and Tian, Y., An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Networking and Applications 8(6):1070–1081, 2015.

    Article  Google Scholar 

  32. Li, X., Niu, J. W., Ma, J., Wang, W. D., and Liu, C. L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.

    Article  CAS  Google Scholar 

  33. Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology—CRYPTO’ 99, pp. 388–397. Springer (1999)

  34. Messerges, T. S., Dabbish, E., Sloan, R. H., et al., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  Google Scholar 

  35. Kargl, A., Pyka, S., and Seuschek, H., Fast Arithmetic on ATmega128 for Elliptic Curve Cryptography. IACR Cryptology ePrint Archive 2008:442, 2008.

    Google Scholar 

  36. Burrows, J. H., Secure hash standard. DTIC Document, 16, 1995.

Download references

Acknowledgments

This work is supported by the National Natural Science Foundation of China under Grant nos. 61300220 & 61572013 & 61572188 & 61572060 & 61190125, the Scientific Research Fund of Hunan Provincial Education Department under Grant no. 16B089, the General and Special Financial Grant from China Postdoctoral Science Foundation under Grant Nos. 2014M550590 & 2015T80035, and CERNET Innovation Project 2015 (NGII20151004). Fan Wu is supported by University Distinguished Young Research Talent Training Program of Fujian Province (Year 2016), and Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369.

Author information

Authors and Affiliations

  1. State Key Laboratory of Virtual Reality Technology and Systems, School of Computer Science and Engineering, Beihang University, Beijing, 100191, China

    Xiong Li & Jianwei Niu

  2. School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, 411201, China

    Xiong Li

  3. School of Computing Science and Engineering, VIT University, Vellore, Tamilnadu, 632014, India

    Marimuthu Karuppiah

  4. Department of Mathematics, Ch. Charan Singh University, Meerut, Uttar Pradesh, 250005, India

    Saru Kumari

  5. Department of Computer Science and Engineering, Xiamen Institute of Technology, Xiamen, 361021, China

    Fan Wu

Authors
  1. Xiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianwei Niu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marimuthu Karuppiah
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Fan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jianwei Niu.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, X., Niu, J., Karuppiah, M. et al. Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications. J Med Syst 40, 268 (2016). https://doi.org/10.1007/s10916-016-0629-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-016-0629-8

Keywords

Search

Navigation