Skip to main content

Advertisement

SpringerLink
Log in

A secure three-factor-based authentication with key agreement protocol for e-Health clouds

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

The rapid development of electronic healthcare (e-Health) has brought great convenience to people’s life. In order to guarantee the security of users, a large number of identity authentication protocols have been put forward. Recently, Jiang et al. proposed a privacy preserving three-factor authentication protocol for e-Health clouds. However, we find that their protocol cannot resist the replay attack, the denial of service attack and the known session-specific temporary information attack. Then we propose a secure three-factor-based authentication with key agreement protocol. The analyses show our protocol overcomes the weaknesses of Jiang et al.’s protocol. Moreover, our protocol can resist replay attack, man-in-the-middle attack and provide the user anonymity, the user untraceability, the perfect forward secrecy, etc. In addition, we prove the security of the protocol by the well-known Burrows-Abadi-Needham (BAN) logic. By comparing with the related protocols, we find that our protocol has better security and performance. Therefore, we believe our protocol is more suitable for e-Health clouds.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Pawar P, Jones VM, Van Beijnum B et al (2012) A framework for the comparison of mobile patient monitoring systems. J Biomed Inf 45(3):544–556

    Google Scholar 

  2. Abbas A, Khan SU (2014) A Review on the state-of-the-art privacy-preserving approaches in the e-health clouds. IEEE J Biomed Health Inform 18(4):1431–1441

    Google Scholar 

  3. Xia Z, Wang X, Sun X et al (2016) A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parallel Distrib Syst 27(2):340–352

    Google Scholar 

  4. Fu Z, Sun X, Liu Q et al (2015) Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. Ice Trans Commun 98(1):190–200

    Google Scholar 

  5. Li H, Yang Y, Luan TH et al (2016) Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data. IEEE Trans Dependable Secure Comput 13(3):312–325

    Google Scholar 

  6. Jiang Q, Ma J, Li G et al (2013) An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wirel Pers Commun 68(4):1477–1491

    Google Scholar 

  7. Zhao D, Peng H, Li L et al (2013) A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wirel Pers Commun 78(1):247–269

    Google Scholar 

  8. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772

    MathSciNet  Google Scholar 

  9. Fan CI, Chan YC, Zhang ZK (2005) Robust remote authentication scheme with smart cards. Comp Secur 24(8):619–628

    Google Scholar 

  10. Juang WS, Chen ST, Liaw HT (2008) Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans Ind Electron 55(6):2551–2556

    Google Scholar 

  11. Sun DZ, Huai JP, Sun JZ et al (2009) Improvements of Juang’s password-authenticated key agreement scheme using smart cards. IEEE Trans Ind Electron 56(6):2284–2291

    Google Scholar 

  12. Jiang Q, Ma J, Li G et al (2013) An improved password-based remote user authentication protocol without smart cards. Inf Technol Control 42(2):113–123

    Google Scholar 

  13. Chen TY, Lee CC, Hwang MS et al (2013) Towards secure and efficient user authentication scheme using smart card for multi-server environments. J Supercomput 66(2):1008–1032

    Google Scholar 

  14. Arshad H, Nikooghadam M (2015) Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol. J Supercomput 71(8):3163–3180

    Google Scholar 

  15. Wang D, He D, Wang P et al (2014) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Dependable Secure Comput 12(4):428–442

    Google Scholar 

  16. Wang D, Wang N, Wang P et al (2015) Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity. Inf Sci 321:162–178

    MATH  Google Scholar 

  17. Chang CC, Lin IC (2004) Remarks on fingerprint-based remote user authentication scheme using smart cards. ACM SIGOPS Operat Syst Rev 38(4):91–96

    Google Scholar 

  18. Lin CH, Yiyi Lai (2004) A flexible biometrics remote user authentication scheme. Comp Stand Interfaces 27(1):19–23

    Google Scholar 

  19. Ku WC, Chang ST, Chiang MH (2005) Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards. Electron Lett 41(5):240–241

    Google Scholar 

  20. Khan MK, Zhang J, Wang X (2008) Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos Solitons Fractals 35(3):519–524

    Google Scholar 

  21. Fan CI, Yihui Lin (2009) Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE Trans Inf Forensics Secur 4(4):933–945

    Google Scholar 

  22. Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Compur Appl 33(1):1–5

    Google Scholar 

  23. Yipin Liao, S S Wang (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Comp Stand Interfaces 31(1):24–29

    Google Scholar 

  24. Tsai JL (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Comp Secur 27(3–4):115–121

    Google Scholar 

  25. Dodis Y, Reyzin L, Smith A, et al. (2004) Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In: Theory and Application of Cryptographic Techniques, pp 523-540

  26. Huang X, Xiang Y, Chonka A et al (2010) A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans Parall Distrib Syst 22(8):1390–1397

    Google Scholar 

  27. Li X, Niu J, Wang Z et al (2014) Applying biometrics to design three-factor remote user authentication scheme with key agreement. Secur Commun Netw 7(10):1488–1497

    Google Scholar 

  28. Li X, Niu J, Khan MK et al (2016) Robust three-factor remote user authentication scheme with key agreement for multimedia systems. Secur Commun Netw 9(13):1916–1927

    Google Scholar 

  29. Mishra D, Kumari S, Khan MK et al (2017) An anonymous biometric-based remote user-authenticated key agreement scheme for multimedia systems. Int J Commun Syst 30(1):e2946

    Google Scholar 

  30. He D, Wang D (2014) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823

    Google Scholar 

  31. Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans Inf Forensics Securi 10(9):1953–1966

    Google Scholar 

  32. Chen CL, Lee CC, Hsu CY (2012) Mobile device integration of a fingerprint biometric remote authentication scheme. Int J Commun Syst 25(5):585–597

    Google Scholar 

  33. Truong T, Tran M T, Duong A, et al. (2012) Robust Mobile Device Integration of a Fingerprint Biometric Remote Authentication Scheme. In: Advanced Information Networking and Applications, pp 678-685

  34. Khan MK, Kumari S, Gupta MK (2014) More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816

    MathSciNet  Google Scholar 

  35. Yeh HL, Chen TH, Hu KJ et al (2013) Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data. IET Inf Secur 7(3):247–252

    Google Scholar 

  36. Wu F, Xu L, Kumari S et al (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Comput Electr Eng 45:274–285

    Google Scholar 

  37. Jiang Q, Khan MK, Lu X et al (2016) A privacy preserving three-factor authentication protocol for e-Health clouds. J Supercomput 72(10):3826–3849

    Google Scholar 

  38. Burrows M, Martin Abadi, Needham RM (1989) A logic of authentication. Acm Trans Comp Syst 23(5):1–13

    MATH  Google Scholar 

  39. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    MathSciNet  MATH  Google Scholar 

  40. Wang Y (2012) Password protected smart card and memory stick authentication against off-line dictionary attacks//IFIP International Information Security Conference. Springer, Berlin, pp 489–500

  41. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comp 51(5):541–552

    MathSciNet  MATH  Google Scholar 

  42. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual International Cryptology Conference. Springer, Berlin, Heidelberg, pp 388–397

  43. He D, Kumar N, Lee JH et al (2014) Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans Consum Electron 60(1):30–37

    Google Scholar 

  44. He D, Wang D, Wu S (2013) Cryptanalysis and improvement of a password-based remote user authentication scheme without smart cards. Inf Technol Control 42(2):105–112

    Google Scholar 

  45. Katz J, Menezes AJ, Van Oorschot PC et al (1996) Handbook of Applied Cryptography. CRC Press, Boca Raton

    Google Scholar 

  46. He D, Wu S, Chen J (2012) Note on ’Design of improved password authentication and update scheme based on elliptic curve cryptography’. Math Comp Modell 3(55):1661–1664

    MathSciNet  MATH  Google Scholar 

  47. Ostad-Sharif A, Abbasinezhad-Mood D, Nikooghadam M (2019) Efficient utilization of elliptic curve cryptography in design of a three-factor authentication protocol for satellite communications. Comp Commun 147:85–97

    Google Scholar 

  48. Xu S, Liu X, Ma M et al (2020) An improved mutual authentication protocol based on perfect forward secrecy for satellite communications. Int J Sat Commun Netw 38(1):62–73

    Google Scholar 

  49. Qi M, Chen J (2018) New robust biometrics-based mutual authentication scheme with key agreement using elliptic curve cryptography. Multimed Tools Appl 77(18):23335–23351

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Mathematics and Statistics, Wuhan University, Wuhan, 430072, China

    Yulei Chen & Jianhua Chen

Authors
  1. Yulei Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianhua Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yulei Chen.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chen, Y., Chen, J. A secure three-factor-based authentication with key agreement protocol for e-Health clouds. J Supercomput 77, 3359–3380 (2021). https://doi.org/10.1007/s11227-020-03395-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-020-03395-8

Keywords

Search

Navigation