Skip to main content
Log in

Authenticated Key Agreement Scheme with Strong Anonymity for Multi-Server Environment in TMIS

  • Mobile & Wireless Health
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The technology of Internet of Things (IoT) has appealed to both professionals and the general public to its convenience and flexibility. As a crucial application of IoT, telecare medicine information system (TMIS) provides people a high quality of life and advanced level of medical service. In TMIS, smart card-based authenticated key agreement schemes for multi-server architectures have gathered momentum and positive impetus due to the conventional bound of a single server. However, we demonstrate that most of the protocols in the literatures can not implement strong security features in TMIS, such as Lee et al.’s and Shu’s scheme. They store the identity information directly, which fail to provide strong anonymity and suffer from password guessing attack. Then we propose an extended authenticated key agreement scheme (short for AKAS) with strong anonymity for multi-server environment in TMIS, by enhancing the security of the correlation parameters stored in the smart cards and calculating patients’ dynamic identities. Furthermore, the proposed chaotic map-based scheme provides privacy protection and is formally proved under Burrows-Abadi-Needham (BAN) logic. At the same, the informal security analysis attests that the AKAS scheme not only could resist the multifarious security attacks but also improve efficiency by 21% compared with Lee et al.’s and Shu’s scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Lee, I., and Lee, K., The internet of things (IoT): applications, investments, and challenges for enterprises. Business Horizons 58(4):431–440, 2015.

    Article  Google Scholar 

  2. Seyedi, M., Kibret, B., Lai, D. T., and Faulkner, M., A survey on intrabody communications for body area network applications. IEEE Trans. Biomed. Eng. 60(8):2067–2079, 2013.

    Article  Google Scholar 

  3. Ji, Y., Zhang, J., Ma, J., Chao, Y., and Xin, Y., Bmpls: Blockchain-based multi-level privacy-preserving location sharing scheme for telecare medical information systems. J. Med. Syst. 42(8):147?, 2018.

    Article  Google Scholar 

  4. Liu, X., and Ma, W., Cdaka: a provably-secure heterogeneous cross-domain authenticated key agreement protocol with symptoms-matching in tmis. J. Med. Syst. 42(8):135, 2018.

    Article  Google Scholar 

  5. Lamport, L., Password authentication with insecure communication. Commun. ACM 24(11):770–772, 1981.

    Article  Google Scholar 

  6. Irshad, A., Sher, M., Nawaz, O., Chaudhry, S. A., Khan, I., and Kumari, S., A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme. Multimed. Tools Appl. 76(15):16463–16489, 2017.

    Article  Google Scholar 

  7. Chen, C. -T., and Lee, C. -C., A two-factor authentication scheme with anonymity for multi-server environments. Security and Communication Networks 8(8):1608–1625, 2015.

    Article  Google Scholar 

  8. Luo, E., Bhuiyan, M. Z. A., Wang, G., Rahman, M. A., Wu, J., and Atiquzzaman, M., Privacyprotector: Privacy-protected patient data collection in IoT-based healthcare systems. IEEE Commun. Mag. 56(2):163–168, 2018.

    Article  Google Scholar 

  9. Tao, H., Bhuiyan, M. Z. A., Abdalla, A. N., Hassan, M. M., Zain, J. M., and Hayajneh, T.: Secured data collection with hardware-based ciphers for IoT-based healthcare. IEEE Internet Things J. PP(99)

  10. Bhuiyan, M. Z. A., Wang, G., Wu, J., Cao, J., Liu, X., and Wang, T., Dependable structural health monitoring using wireless sensor networks. IEEE Trans. Dependable Secure Comput. 14(4):363–376, 2017.

    Article  Google Scholar 

  11. Hsiang, H. C., and Shih, W. K., Improvement of the secure dynamic id based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces 31(6):1118–1123, 2009.

    Article  Google Scholar 

  12. Li, X., Xiong, Y., Ma, J., and Wang, W., An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2):763–769, 2012.

    Article  CAS  Google Scholar 

  13. Liao, Y. P., and Wang, S. S., A secure dynamic id based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces 31(1):24–29, 2009.

    Article  Google Scholar 

  14. Lin, H., Wen, F., and Du, C., An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Wirel. Pers. Commun. 84(4):2351–2362, 2015.

    Article  Google Scholar 

  15. Lu, Y., Li, L., Yang, X., and Yang, Y., Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. Plos One 10(5):e0126323, 2015.

    Article  Google Scholar 

  16. Odelu, V., Das, A. K., and Goswami, A., A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensics Secur. 10(9):1953–1966, 2015.

    Article  Google Scholar 

  17. Sood, S. K., Sarje, A. K., and Singh, K., A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2):609–618, 2011.

    Article  Google Scholar 

  18. Xue, K., Hong, P., and Ma, C., A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J. Comput. Syst. Sci. 80(1):195–206, 2014.

    Article  Google Scholar 

  19. Tao, W., Liao, W., and Jianfeng, M. A., Analysis and improvement of an authentication protocol for the multi-server architecture. Journal of Xidian University 40(6):174–179, 2013.

    Google Scholar 

  20. Tsaur, W. J., Li, J. H., and Lee, W. B., An efficient and secure multi-server authentication scheme with key agreement. J. Syst. Softw. 85(4):876–882, 2012.

    Article  Google Scholar 

  21. Li, C. T., Lee, C. C., Weng, C. Y., and Fan, C., An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Trans. Internet Inf. Syst. 7(1):119–131, 2013.

    Article  CAS  Google Scholar 

  22. Lee, C. C., Lou, D. C., Li, C. T., and Hsu, C. W., An extended chaotic-maps-based protocol with key agreement for multiserver environments. Nonlinear Dyn 76(1):853–866, 2014.

    Article  Google Scholar 

  23. Shu, J., and Commercial, D. E., Authenticated key agreement protocol based on extended chaotic maps for multi-server environments. Application Research of Computers 63(5):50507?-050507, 2016.

    Google Scholar 

  24. Kocher, P. C., Jaffe, J., and Jun, B.: Differential power analysis. In: International Cryptology Conference, pp. 388?-397, 1999.

  25. Messerges, T., Dabbish, E., and Sloan, R., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  Google Scholar 

  26. Chang, Y. F., Yu, S. H., and Shiao, D. R., A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(2):9902, 2013.

    Article  Google Scholar 

  27. Zhang, L., Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons and Fractals 37(3):669–674, 2008.

    Article  Google Scholar 

  28. Irshad, A., Sher, M., Chaudhry, S., Xie, Q., Kumari, S., and Wu, F., An improved and secure chaotic map based authenticated key agreement in multi-server architecture. Multimed. Tools Appl. 77:01, 2017.

    Google Scholar 

Download references

Acknowledgments

This work is supported in part by the National key Research and Development Program of China under Grant No.2017YFB1400704, the Key Research and Development Program of Shaanxi Province under Grant No.2019ZDLGY12-03, 2019ZDLGY13-06, 2019ZDLGY12-04 and 2019Z-DLGY13-01, the National Natural Science Foundation of China under Grant No.61972310, 61972308 and 61902295.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Yulong Shen.

Ethics declarations

Conflict of interests

Author Hui Qiao declares that she has no conflict of interest. Author Xuewen Dong declares that he has no conflict of interest. Author Yulong Shen declares that he has no conflict of interest.

Ethical approval

This article does not contain any studies with human participants performed by any of the authors.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the Topical Collection on Mobile & Wireless Health

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Qiao, H., Dong, X. & Shen, Y. Authenticated Key Agreement Scheme with Strong Anonymity for Multi-Server Environment in TMIS. J Med Syst 43, 321 (2019). https://doi.org/10.1007/s10916-019-1442-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-019-1442-y

Keywords

Navigation