Skip to main content
SpringerLink
Log in

Privacy-Preserving and Efficient Truly Three-Factor Authentication Scheme for Telecare Medical Information Systems

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Significant development of information technologies has made Telecare Medical Information Systems (TMISs) increasingly popular. In a TMIS, patients upload their medical data through smart devices to obtain a doctor’s diagnosis. However, these smart devices have limited computing and storage capacities, so it is difficult to store substantial patient information and to support time-consuming operations. Moreover, although many three-factor authentication protocols have been proposed for TMISs, the problems of privacy leaks and other security flaws are serious. In addition, authentication factors are verified at the user side in most protocols, giving users a high level of trust and resulting in a potential lack of security. In this paper, we propose a novel efficient truly three-factor authentication protocol for TMISs. In our proposed protocol, three factors (i.e., password, smart card and biometrics) are verified at the server side, which reduces the storage and computational burden of the user side. Additionally, our proposed protocol uses only lightweight operators and is thus efficient. A formal proof analysis demonstrates that our proposed protocol is provably secure in the random oracle model. The performance evaluation shows that the proposed protocol is very efficient and suitable for TMISs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Amin R, Islam SK, Biswas GP, Khan MK, and Li X, Cryptanalysis and en- hancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. Journal of Medical Systems 2015;39(11):140

  2. An Y, Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. Journal of Biomedicine & Biotechnology 2012;2012(4):519723

  3. Bresson E, Chevassut O, and Pointcheval D, Security proofs for an efficient password-based key exchange. In: ACM Conference on Computer and Communications Security. 2003. p. 241–50

  4. Chaudhry SA, Naqvi H, and Khan MK, An enhanced lightweight anonymous biometric based authentication scheme for tmis. Multimedia Tools & Applications 2017;(3):1–22

  5. Chaudhry SA, Naqvi H, Shon T, Sher M, and Farash MS, Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. Journal of medical systems 2015;39(6):66

  6. Das AK, Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. Information Security Iet 2011;5(3):145–51

  7. Dodis Y, Ostrovsky R, Reyzin L, and Smith A, Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Siam Journal on Computing 2008;38(1):97–139

  8. Fan CI, and Lin YH, Provably secure remote truly three-factor authentica- tion scheme with privacy protection on biometrics. IEEE Transactions on Information Forensics and Security 2009;4(4):933–45

  9. Hao F, Anderson R, and Daugman J, Combining crypto with biometrics effec- tively. IEEE Transactions on Computers 2006;55(9):1081–8

  10. Jiang Q, Chen Z, Li B, Shen J, Yang L, and Ma J, Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems. Journal of Ambient Intelligence & Humanized Computing 2017;(5): 1–13

  11. Jiang Q, Khan MK, Lu X, Ma J, and He D, A privacy preserving three-factor authentication protocol for e-health clouds. Journal of Supercomputing 2016;72(10):3826–49

  12. Jiang Q, Ma J, Yang C, Ma X, Shen J, and Chaudhry SA, Efficient end-to-end authentication protocol for wearable health monitoring systems . Computers & Electrical Engineering 2017;

  13. Jin Z, Teoh ABJ, Goi BM, and Tay YH, Biometric cryptosystems: A new bio- metric key binding and its implementation for fingerprint minutiae-based representation. Pattern Recognition 2016;56:50–62

  14. Kang H, Hori Y, Katashita T, Hagiwara M, and Iwamura K, Cryptographie key generation from puf data using efficient fuzzy extractors. In: International Conference on Advanced Communication Technology. 2014. p. 23–6

  15. Kelkboom EJC, Breebaart J, Buhan I, and Veldhuis RNJ, Maximum key size and classification performance of fuzzy commitment for gaussian modeled biometric sources. IEEE Transactions on Information Forensics & Security 2012;7(4):1225–41

  16. Khan MK, and Kumari S, An improved biometrics-based remote user authentication scheme with user anonymity. BioMed research international 2013;2013(5):491289

  17. Li CT, and Hwang MS, An efficient biometrics-based remote user authentica- tion scheme using smart cards. Academic Press Ltd., 2010

  18. Li X, Niu JW, Ma J, Wang WD, and Liu CL, Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network & Computer Applications 2011;34(1):73–9

  19. Li X, Wen Q, Li W, Zhang H, and Jin Z, Secure privacy-preserving biometric authentication scheme for telecare medicine information systems. Journal of Medical Systems 2014;38(11):139

  20. Li X, Wu F, Khan MK, Xu L, Shen J, and Jo M, A secure chaotic map-based remote authentication scheme for telecare medicine information systems. Future Generation Computer Systems 2017

  21. Mir O, and Nikooghadam M, A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wireless Personal Communications 2015;83(4):2439–61

  22. Nandakumar K, Jain AK, and Pankanti S, Fingerprint-based fuzzy vault: Implementation and performance. IEEE Transactions on Information Forensics & Security 2007;2(4):744–57

  23. Vallent TF, and Kim H, Three Factor Authentication Protocol Based on Bilin- ear Pairing. Springer Netherlands, 2013

  24. Wang D, and Wang P: Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Networks 2014;20(2):1–15

  25. Wazid M, Das AK, Kumari S, Li X, and Wu F, Design of an efficient and provably secure anonymity preserving threefactor user authentication and key agreement scheme for tmis. Security & Communication Networks 2016;9(13):1983–2001

  26. Wu F, Xu L, Kumari S, and Li X, A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile clientserver networks . Computers & Electrical Engineering 2015;45(C):274–85

  27. Wu ZY, Lee YC, Lai F, Lee HC, and Chung Y, A secure authentication scheme for telecare medicine information systems. Journal of medical systems 2012;36(3):1529–35

  28. Xie Q, Wong D, Wang G, Tan X, Chen K, and Fang L, Provably secure dynamic id-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Transactions on Information Forensics & Security 2017;12(6):1382–92

  29. Xiong H, Tao J, and Yuan C, Enabling telecare medical information systems with strong authentication and anonymity. IEEE Access 2017;5:5648–61

  30. Xu L, and Wu F, Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J Med Syst 2015;39(2):10

  31. Yeh HL, Chen TH, Hu KJ, and Shih WK, Robust elliptic curve cryptography- based three factor user authentication providing privacy of biometric data. Iet Information Security 2013;7(3):247–52

  32. Zhang L, Zhang Y, Tang S, and Luo H, Privacy protection for e-health systems by means of dynamic authentication and three-factor key agreement. IEEE Transactions on Industrial Electronics ;PP(99):1–

  33. Zhang L, Zhu S, and Tang S, Privacy protection for telecare medicine in- formation systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE Journal of Biomedical & Health Informatics 2017;PP(99):1–

Download references

Acknowledgements

The work was supported by the National Natural Science Foundation of China under Grant 61572370, 61501333 and 61572379.

Author information

Authors and Affiliations

  1. School of Mathematics and Statistics, Wuhan University, Wuhan, China

    Dongqing Xu, Jianhua Chen & Shu Zhang

  2. Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, 430072, China

    Qin Liu

Authors
  1. Dongqing Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianhua Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Qin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qin Liu.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xu, D., Chen, J., Zhang, S. et al. Privacy-Preserving and Efficient Truly Three-Factor Authentication Scheme for Telecare Medical Information Systems. J Med Syst 42, 219 (2018). https://doi.org/10.1007/s10916-018-1047-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-018-1047-x

Keywords

Search

Navigation