Skip to main content

Advertisement

SpringerLink
Log in

Design of a Secure Three-Factor Authentication Scheme for Smart Healthcare

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Now-a-days, the society is witnessing a keen urge to enhance the quality of healthcare services with the intervention of technology in the health sector. The main focus in transforming traditional healthcare to smart healthcare is on facilitating the patients as well as medical professionals. However, this changover is not easy due to various issues of security and integrity associated with it. Security of patients’s personal health record and privacy can be handled well by permitting only authorized access to the confidential health-data via suitably designed authentication scheme. In pursuit to contribute in this direction, we came across the role of Universal Serial Bus (USB), the most widely accepted interface, in enabling communication between peripheral devices and a host controller like laptop, personal computer, smart phone, tablet etc. In the process, we analysed a recently proposed a three-factor authentication scheme for consumer USB Mass Storage Devices (MSD) by He et al. In this paper, we demonstrate that He et al.’s scheme is vulnerable to leakage of temporary but session specific information attacks, late detection of message replay, forward secrecy attacks, and backward secrecy attacks. Then motivated with the benefits of USB, we propose a secure three-factor authentication scheme for smart healthcare.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Al-Zarouni, M., The reality of risks from consented use of USB devices. in Proc. 4th in Proc. 4th Australian Information Security Management Conference, pp. 312–317, 2006.

  2. Yang, F. Y., Wu, T. D., and Chiu, S. H., A secure control protocol for USB mass storage devices. IEEE Transactions on Consumer Electronics. 56(4):2239–2243, 2010.

    Article  Google Scholar 

  3. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., and Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. Journal of medical systems. 38(5):41, 2014.

    Article  Google Scholar 

  4. Moon, J., Choi, Y., Kim, J., and Won, D., An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. Journal of medical systems. 40(3):70, 2016.

    Article  Google Scholar 

  5. Khan, M. K., and Kumari, S., Cryptanalysis and improvement of “an efficient and secure dynamic ID-based authentication scheme for telecare medical information systems”. Security and Communication Networks. 7(2):399–408, 2014.

    Article  Google Scholar 

  6. Hou, J. L., and Yeh, K. H., Novel authentication schemes for IoT based healthcare systems. International Journal of Distributed Sensor Networks. 11(11):183659, 2015.

    Article  Google Scholar 

  7. Lu, Y., Li, L., Peng, H., and Yang, Y., An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. Journal of medical systems. 39(3):32, 2015.

    Article  Google Scholar 

  8. He, D., Kumar, N., Chen, J., Lee, C. C., Chilamkurti, N., and Yeo, S. S., Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems. 21(1):49–60, 2015.

    Article  Google Scholar 

  9. Wu, F., Xu, L., Kumari, S., and Li, X., An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks. Multimedia Systems. 23(2):195–205, 2017.

    Article  Google Scholar 

  10. Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., and Li, X., Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. Journal of medical systems. 39(11):140, 2015.

    Article  Google Scholar 

  11. Li, X., Niu, J., Karuppiah, M., Kumari, S., and Wu, F., Secure and efficient two-factor user authentication scheme with user anonymity for network based e-health care applications. Journal of medical systems. 40(12):268, 2016.

    Article  Google Scholar 

  12. Li, C. T., Lee, C. C., Weng, C. Y., and Chen, S. J., A secure dynamic identity and chaotic maps based user authentication and key agreement scheme for e-healthcare systems. Journal of medical systems. 40(11):233, 2016.

    Article  Google Scholar 

  13. Irshad, A., Sher, M., Nawaz, O., Chaudhry, S. A., Khan, I., and Kumari, S., A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme. Multimedia Tools and Applications. 76(15):16463–16489, 2017.

    Article  Google Scholar 

  14. Li, X., Wu, F., Khan, M. K., Xu, L., Shen, J., and Jo, M., A secure chaotic map-based remote authentication scheme for telecare medicine information systems. Future Generation Computer Systems. 84:149–159, 2018.

    Article  Google Scholar 

  15. Li, X., Ibrahim, M. H., Kumari, S., Sangaiah, A. K., Gupta, V., and Choo, K. K., Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Computer Networks. 129:429–443, 2017.

    Article  Google Scholar 

  16. Wu, F., Li, X., Sangaiah, A. K., Xu, L., Kumari, S., Wu, L., and Shen, J., A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Future Generation Computer Systems. 82:727–737, 2018.

    Article  Google Scholar 

  17. Wu, F., Li, X., Xu, L., Kumari, S., and Sangaiah, A. K., A novel mutual authentication scheme with formal proof for smart healthcare systems under global mobility networks notion. Computers & Electrical Engineering. 68:107–118, 2018.

    Article  Google Scholar 

  18. Chen, B., QIN, C., YU, L., and JIANG, P., A secure access authentication scheme for removable storage media. Journal of information & Computational Science. 9(15):4353–4363, 2012.

    Google Scholar 

  19. Lee, C. C., Chen, C. T., Wu, P. H., and Chen, T. Y., Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices. IET Computers & Digital Techniques. 7(1):48–55, 2013.

    Article  Google Scholar 

  20. He, D., Kumar, N., Lee, J. H., and Sherratt, R. S., Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Transactions on Consumer Electronics. 60(1):30–37, 2014.

    Article  Google Scholar 

  21. Li, C. T., and Hwang, M. S., An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and computer applications. 33(1):1–5, 2010.

    Article  Google Scholar 

  22. Li, X., Peng, J., Niu, J., Wu, F., Liao, J., and Choo, K. R., A robust and energy efficient authentication protocol for industrial internet of things. IEEE Internet of Things Journal. 5(3):1606–1615, 2018.

    Article  CAS  Google Scholar 

  23. Amin, R., Islam, S. H., Gope, P., Choo, K.-K. R., and Tapas, N., Anonymity preserving and lightweight multi-medical server authentication protocol for telecare medical information system. IEEE Journal of Biomedical and Health Informatics In press, 2018. https://doi.org/10.1109/JBHI.2018.2870319.

  24. J. Holdsworth, W.B. Glisson and K-K R. Choo, Medical device vulnerability mitigation effort gap analysis taxonomy. Smart Health, In press, https://doi.org/10.1016/j.smhl.2017.12.001, 2017.

  25. Chen, L., Lee, W. K., Chang, C. C., Choo, K.-K. R., and Zhang, N., Blockchain based searchable encryption for electronic health record sharing. Future Generation Computer Systems 95:420–429, 2019.

    Article  Google Scholar 

  26. Challa, S., Das, A. K., Odelu, V., Kumar, N., Kumari, S., Khan, M. K., and Vasilakos, A. V., An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Computers and Electrical Engineering 69:534–554, 2018.

    Article  Google Scholar 

  27. S. F. Aghili, H. Mala, M. Shojafar, P. Peris-Lopez, LACO: Lightweight three-factor authentication, access control and ownership transfer scheme for e-health systems in IoT, Future Generation Computer Systems, Elsevier, In press, doi: https://doi.org/10.1016/j.future.2019.02.020, 2019.

    Article  Google Scholar 

  28. Masdari, M., and Ahmadzadeh, S., A survey and taxonomy of the authentication schemes in telecare medicine information systems. Journal of Network and Computer Applications. 87:1–9, 2017.

    Article  Google Scholar 

  29. Aslam, M. U., Derhab, A., Saleem, K., Abbas, H., Orgun, M., Iqbal, W., and Aslam, B., A survey of authentication schemes in telecare medicine information systems. Journal of medical systems. 41(1):14, 2017.

    Article  Google Scholar 

  30. Chen, T. L., Chung, Y. F., and Lin, F. Y., A study on agent-based secure scheme for electronic medical record system. Journal of medical systems. 36(3):1345–1357, 2012.

    Article  Google Scholar 

  31. Dodis, Y., Reyzin, L., and Smith, A., Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: InInternational conference on the theory and applications of cryptographic techniques 2004 may 2. Berlin, Heidelberg: Springer, 523–540.

    Chapter  Google Scholar 

  32. Zhang, S., Li, X., Tan, Z., Peng, T., and Wang, G., A caching and spatial K-anonymity driven privacy enhancement scheme in continuous location-based services. Future Generation Computer Systems. 94:40–50, 2019.

    Article  Google Scholar 

  33. Zhang, S., Choo, K. R., Liu, Q., and Wang, G., Enhancing privacy through uniform grid and caching in location-based services. Future Generation Computer Systems. 86:881–892, 2018.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, Chaudhary Charan Singh University, Meerut, Uttar Pradesh, 250004, India

    Km. Renuka & Saru Kumari

  2. School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, 411201, China

    Xiong Li

Authors
  1. Km. Renuka
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiong Li.

Ethics declarations

Conflict of interest

All the authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Renuka, K., Kumari, S. & Li, X. Design of a Secure Three-Factor Authentication Scheme for Smart Healthcare. J Med Syst 43, 133 (2019). https://doi.org/10.1007/s10916-019-1251-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-019-1251-3

Keywords

Search

Navigation