Skip to main content
SpringerLink
Log in

An Efficient Mutual Authentication Framework for Healthcare System in Cloud Computing

  • Mobile & Wireless Health
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The increasing role of Telecare Medicine Information Systems (TMIS) makes its accessibility for patients to explore medical treatment, accumulate and approach medical data through internet connectivity. Security and privacy preservation is necessary for medical data of the patient in TMIS because of the very perceptive purpose. Recently, Mohit et al.’s proposed a mutual authentication protocol for TMIS in the cloud computing environment. In this work, we reviewed their protocol and found that it is not secure against stolen verifier attack, many logged in patient attack, patient anonymity, impersonation attack, and fails to protect session key. For enhancement of security level, we proposed a new mutual authentication protocol for the similar environment. The presented framework is also more capable in terms of computation cost. In addition, the security evaluation of the protocol protects resilience of all possible security attributes, and we also explored formal security evaluation based on random oracle model. The performance of the proposed protocol is much better in comparison to the existing protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

References

  1. Abdalla, M., Izabachene, M., and Pointcheval, D.: Anonymous and transparent gateway-based password-authenticated key exchange. In: International conference on cryptology and network security, pp. 133–148. Springer, Berlin, 2008.

  2. Abor, P.A., and Agrizzi, D.: Healthcare governance and patients’ perception of service quality. In: Annual conference on innovations in business & Management, London, pp. 21–23, 2012

  3. Amin, R., Cryptanalysis and efficient dynamic ID based remote user authentication scheme in multi-server environment using smart card. IJ Netw. Secur. 18(1):172–181, 2016.

    Google Scholar 

  4. Amin, R., and Biswas, G. P., Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arab. J. Sci. Eng. 40(11):3135–3149, 2015.

    Article  Google Scholar 

  5. Amin, R., and Biswas, G. P., A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8):1–19, 2015.

    Google Scholar 

  6. Amin, R., Hafizul Islam, S.K., Biswas, G. P., Khan, M.K., and Kumar, N., A robust and anonymous patient monitoring system using wireless medical sensor networks. Futur. Gener. Comput. Syst. 80:483–495, 2018.

    Article  Google Scholar 

  7. Amin, R., Sk, H.I., Biswas, G. P., Khan, M.K., and Li, X., Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J. Med. Syst. 39(11):1–21, 2015.

    Google Scholar 

  8. Bajpai, D., Vardhan, M., Gupta, S., Kumar, R., and Kushwaha, D.S.: Security service level agreements based authentication and authorization model for accessing cloud services. In: Advances in computing and information technology, pp. 719–728. Springer, Berlin, 2012.

  9. Balduzzi, M., Zaddach, J., Balzarotti, D., Kirda, E., and Loureiro, S.: A security analysis of amazon’s elastic compute cloud service. In: Proceedings of the 27th annual ACM symposium on applied computing, pp. 1427–1434 ACM, 2012

  10. Bresson, E., Chevassut, O., and Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: Proceedings of the 10th ACM conference on Computer and communications security, pp. 241–250 ACM, 2003

  11. Cao, B.-Q., Li, B., and Xia, Q.-M.: A service-oriented qos-assured and multi-agent cloud computing architecture. In: IEEE international conference on cloud computing, pp. 644–649. Springer, Berlin, 2009.

  12. Casalicchio, E., and Silvestri, L., Mechanisms for SLA provisioning in cloud-based service providers. Comput. Netw. 57(3):795–810, 2013.

    Article  Google Scholar 

  13. Chaudhry, S.A., Khan, M.T., Khan, M.K., and Shon, T., A multiserver biometric authentication scheme for tmis using elliptic curve cryptography. J. Med. Syst. 40(11):230, 2016.

    Article  PubMed  Google Scholar 

  14. Chaudhry, S.A., Naqvi, H., Shon, T., Sher, M., and Farash, M.S., Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6):65–75, 2015.

    Article  Google Scholar 

  15. Chen, C.-L., Yang, T.-T., Chiang, M.-L., and Shih, T.-F., A privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 38(11):1–16, 2014.

    CAS  Google Scholar 

  16. Chen, C.-L., Yang, T.-T., and Shih, T.-F., A secure medical data exchange protocol based on cloud environment. J. Med. Syst. 38(9):1–12, 2014.

    CAS  Google Scholar 

  17. Chiou, S.-Y., Ying, Z., and Liu, J., Improvement of a privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 40(4):1–15, 2016.

    Article  Google Scholar 

  18. Debiao, H.E., Jianhua, C., and Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  PubMed  Google Scholar 

  19. Gope, P., and Amin, R., A novel reference security model with the situation based access policy for accessing ephr data. J. Med. Syst. 40(11):41–53, 2016.

    Article  Google Scholar 

  20. Hankerson, D., Menezes, A.J., and Vanstone, S.: Guide to elliptic curve cryptography. Springer Science & Business Media, 2006

  21. He, D., Kumar, N., Chen, J., Lee, C.-C., Chilamkurti, N., and Yeo, S.-S., Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimed. Syst. 21(1): 49–60, 2015.

    Article  Google Scholar 

  22. He, D., Kumar, N., Shen, H., and Lee, J.-H., One-to-many authentication for access control in mobile pay-TV systems. Sci. China Inf. Sci. 59(5):1–14, 2016.

    Article  Google Scholar 

  23. He, D., Kumar, N., Wang, H., Wang, L., Choo, K.-K.R., and Vinel, A.: A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Transactions on Dependable and Secure Computing , 2016

  24. He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 9(3):816–823, 2015.

    Article  Google Scholar 

  25. He, D., Zeadally, S., Kumar, N., and Lee, J.-H., Anonymous authentication for wireless body area networks with provable security. IEEE Syst. J. 11(4):2590–2601, 2017.

    Article  Google Scholar 

  26. Hwang, J.-J., Chuang, H.-K., Hsu, Yi-C., and Wu, C.-H.: A business model for cloud computing based on a separate encryption and decryption service. In: International conference on information science and applications (ICISA), pp. 1–7. IEEE, 2011

  27. Islam, S. K., Obaidat, M.S., and Amin, R., An anonymous and provably secure authentication scheme for mobile user. Int. J. Commun. Syst. 29(9):1529–1544, 2016.

    Article  Google Scholar 

  28. Islam, S.K.H., Amin, R., Biswas, G. P., Farash, M.S., Li, X., and Kumari, S., An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments. J. King Saud Univ. Comput. Inf. Sci. 29(3):311–324, 2017.

    Article  Google Scholar 

  29. Jiang, Q., Ma, J., and Ma, Z., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):1–8, 2013.

    Article  Google Scholar 

  30. Karati, A., Amin, R., and Biswas, G. P., Provably secure threshold-based abe scheme without bilinear map. Arab. J. Sci. Eng. 41(8):3201–3213, 2016.

    Article  Google Scholar 

  31. Kumari, S., Khan, M.K., and Kumar, R., Cryptanalysis and improvement of ’a privacy enhanced scheme for telecare medical information systems’. J. Med. Syst. 37(4):1–11, 2013.

    Article  Google Scholar 

  32. Lee, C.-C., Hsu, C.-W., Lai, Y.-M., and Vasilakos, A., An enhanced mobile-healthcare emergency system based on extended chaotic maps. J. Med. Syst.. 37(5):1–12, 2013.

    Article  Google Scholar 

  33. Li, C.-T., Lee, C.-C., and Weng, C.-Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):1–11, 2014.

    Article  CAS  Google Scholar 

  34. Li, X., Niu, J., Karuppiah, M., Kumari, S., and Fan, W.U., Secure and efficient two-factor user authentication scheme with user anonymity for network based e-health care applications. J. Med. Syst. 40(12):267–277, 2016.

    Article  CAS  Google Scholar 

  35. Li, X., Niu, J., Khan, M.K., and Liao, J., An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5):1365–1371, 2013.

    Article  Google Scholar 

  36. Maitra, T., Obaidat, M.S., Amin, R., Islam, S.K., Chaudhry, S.A., and Giri, D.: A robust ElGamal based password authentication protocol using smart card for client server communication. International Journal of Communication Systems 30(11), 2017

  37. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., and Khan, M.K., Cryptanalysis and improvement of Yan others.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):1–12, 2014.

    Article  Google Scholar 

  38. Mishra, D., Srinivas, J., and Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10):1–10, 2014.

    Article  Google Scholar 

  39. Mohit, P., Amin, R., Karati, A., Biswas, G.P., and Khan, M.K., A standard mutual authentication protocol for cloud computing based health care system. J. Med. Syst. 41(4):1–13, 2017.

    Article  Google Scholar 

  40. Ramez, W.S., Patients’ perception of health care quality, satisfaction and behavioral intention: an empirical study in Bahrain. Int. J. Bus. Soc. Sci. 3(18):131–141, 2012.

    Google Scholar 

  41. Sureshkumar, V., Anitha, R., Rajamanickam, N., and Amin, R., A lightweight two-gateway based payment protocol ensuring accountability and unlinkable anonymity with dynamic identity. Comput. Electr. Eng. 57:223–240, 2017.

    Article  Google Scholar 

  42. Sutrala, A.K., Das, A.K., Odelu, V., Wazid, M., and Kumari, S., Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Comput. Methods Prog. Biomed. 135:167–185, 2016.

    Article  Google Scholar 

  43. Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3):200–204, 2013.

    Google Scholar 

  44. Tsai, Y. L., Cloud computing security. Commun. CCISA 18(2):62–68, 2012.

    Google Scholar 

  45. Wazid, M., Das, A.K., Kumari, S., Li, X., and Fan, W.U., Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS. Secur. Commun. Netw. 9(13):1983–2001, 2016.

    Google Scholar 

  46. Wei, J., Xuexian, H.U., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  PubMed  Google Scholar 

  47. Wu, Z.-Y., Chung, Y., Lai, F., and Chen, T.-S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.

    Article  PubMed  Google Scholar 

  48. Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  PubMed  Google Scholar 

  49. Wu, Z.-Y., Tseng, Y.-J., Chung, Y., Chen, Y.-C., and Lai, F., A reliable user authentication and key agreement scheme for web-based hospital-acquired infection surveillance information system. J. Med. Syst. 36 (4):2547–2555, 2012.

    Article  PubMed  Google Scholar 

  50. Yan, X., Li, W., Li, P., Wang, J., Hao, X., and Gong, P., “A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(5):1–6, 2013.

    Article  CAS  Google Scholar 

  51. Yang, H., Kim, H., and Mtonga, K., An efficient privacy-preserving authentication scheme with adaptive key evolution in remote health monitoring system. Peer-to-Peer Netw. Appl. 8(6):1059–1069, 2015.

    Article  Google Scholar 

  52. Srinivas, J., Das, A.K., Kumar, N., and Rodrigues, J.: Cloud centric authentication for wearable healthcare monitoring system. IEEE Transactions on Dependable and Secure Computing, 2018

  53. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012.

    Article  PubMed  Google Scholar 

  54. Srinivas, J., Mishra, D., and Mukhopadhyay, S., A Mutual Authentication Framework for Wireless Medical Sensor Networks. J. Med. Syst. 41(5):80, 2017.

    Article  PubMed  Google Scholar 

  55. Mishra, D., Kumar, V., and Mukhopadhyay, S.: A pairing-free identity based authentication framework for cloud computing. In: International conference on network and system security, pp. 721–727. Springer, Berlin, 2013.

  56. Liu, Y., Guo, W., Fan, C.-I., Chang, L., and Cheng, C.: A practical privacy-preserving data aggregation (3PDA) scheme for smart grid. IEEE Transactions on Industrial Informatics, 2018

  57. Liu, Y., Liu, G., Cheng, C., Xia, Z., and Shen, J., A Privacy-Preserving Health Data Aggregation Scheme. TIIS 10(8):3852–3864, 2016.

    Google Scholar 

  58. Liu, X., Li, Y., Juan, Q.U., and Ding, Y., A lightweight pseudonym authentication and key agreement protocol for multi-medical server architecture in TMIS. KSII Trans. Internet & Inf. Syst. 11(2):924–943, 2017.

    Google Scholar 

  59. Xu, L., and Fan, W.U., An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity. Secur. Commun. Netw. 8(2):245–260, 2015.

    Article  Google Scholar 

  60. Menezes, A J, Van Oorschot, P C, and Vanstone, S. A.: Handbook of applied cryptography. CRC Press, 1996

  61. Wu, F., Lili, X.U, Kumari, S., and Li, X., A new and secure authentication scheme for wireless sensor networks with formal proof. Peer-to-Peer Netw. Appl. 10(1):16–30, 2017.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Applied Sciences and Humanities, Faculty of Engineering and Technology, Jamia Millia Islamia, New Delhi, 110025, India

    Vinod Kumar & Musheer Ahmad

  2. Department of Mathematics, Indian Institute of Technology Kharagpur, Khargpur, 721302, India

    Srinivas Jangirala

Authors
  1. Vinod Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Srinivas Jangirala
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Musheer Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Srinivas Jangirala.

Additional information

This article is part of the Topical Collection on Mobile & Wireless Health

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumar, V., Jangirala, S. & Ahmad, M. An Efficient Mutual Authentication Framework for Healthcare System in Cloud Computing. J Med Syst 42, 142 (2018). https://doi.org/10.1007/s10916-018-0987-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-018-0987-5

Keywords

Search

Navigation