Abstract
Electronic health (E-health), which makes healthcare more convenient and flexible to practitioners, is envisioned to alleviate the contradiction between limited healthcare resources and growing healthcare requirements. However, it face various challenges, one of which is how to protect the sensitive health data. A mass of authentication schemes have been put forward to solve this issue, but most of them have security limitations in terms of security vulnerabilities and features. In this paper, we find that the scheme of Al-Saggaf et al. is vulnerable to the impersonation attack and lacks user anonymity. Furthermore, we put forth a privacy-aware smart card based biometric authentication (PSBA) scheme for e-health, which provides more desired security properties as well as defending various possible attacks. Finally, we applies ProVerif to prove mutual authentication and session key security of our scheme. The comprehensive analysis and comparison show the security and usability of our scheme.
Similar content being viewed by others
References
Li X, Ibrahim MH, Kumari S, Kumar R (2018) Secure and efficient anonymous authentication scheme for three-tier mobile healthcare systems with wearable sensors. Telecommun Syst 67(2):323–348
Wu F, Li X, Sangaiah AK, Xu L, Kumari S, Wu L, Shen J (2018) A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Fut Gener Comput Syst 82:727–737
Sun J, Reddy CK (2013) Big data analytics for healthcare. In: Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining, pp 1525–1525
Liu X, Deng R, Choo KKR, Yang Y, Pang H (2018) Privacy-preserving outsourced calculation toolkit in the cloud. IEEE Transactions on Dependable and Secure Computing
Xiong H, Zhang H, Sun J (2018) Attribute-based privacy-preserving data sharing for dynamic groups in cloud computing. IEEE Syst J. 13(3):2739–2750
Bae M, Lee SK, Yoo S, Kim H (2013) FASE: Fast Authentication system for e-health. In: 2013 Fifth International Conference on Ubiquitous and Future Networks (ICUFN), pp 648–649
Mir O, Nikooghadam M (2015) A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wirel Person Commun 83(4):2439–2461
Yang Y, Zheng X, Tang C (2017) Lightweight distributed secure data management system for health internet of things. J Netw Comput Appl 89:26–37
Yang Y, Zheng X, Guo W, Liu X, Chang V (2019) Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system. Inf Sci 479:567–592
Yang Y, Ma M (2015) Conjunctive keyword search with designated tester and timing enabled proxy re-encryption function for e-health clouds. IEEE Trans Inf Forens Secur 11(4):746–759
Yang Y, Zheng X, Guo W, Liu X, Chang V (2018) Privacy-preserving fusion of IoT and big data for e-health. Fut Gener Comput Syst 86:1437–1455
Yang Y, Liu X, Deng RH (2017) Lightweight break-glass access control system for healthcare internet-of-things. IEEE Trans Ind Inf 14(8):3610–3617
Lin B, Guo W, Xiong N, Chen G, Vasilakos AV, Zhang H (2016) A pretreatment workflow scheduling approach for big data applications in multicloud environments. IEEE Trans Netw Serv Manag 13 (3):581–594
Kumari S, Khan MK, Atiquzzaman M (2015) User authentication schemes for wireless sensor networks: a review. Ad Hoc Netw 27:159–194
Wu F, Li X, Xu L, Kumari S, Karuppiah M, Shen J (2017) A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server. Comput Electr Eng 63:168–181
Kumari S, Li X, Wu F, Das AK, Choo KKR, Shen J (2017) Design of a provably secure biometrics-based multi-cloud-server authentication scheme. Fut Gener Comput Syst 68:320–330
Lin B, Guo W, Lin X (2016) Online optimization scheduling for scientific workflows with deadline constraint on hybrid clouds. Concurr Comput Pract Exper 28(11):3079–3095
Kumari S, Li X, Wu F, Das AK, Arshad H, Khan MK (2016) A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps. Fut Gener Comput Syst 63:56–75
Kumari S, Wu F, Li X, Farash MS, Jiang Q, Khan MK, Das AK (2016) Single round-trip SIP authentication scheme with provable security for Voice over Internet Protocol using smart card. Multimed Tools Appl 75(24):17215–17245
Guo L, Shen H (2017) Efficient approximation algorithms for the bounded flexible scheduling problem in clouds. IEEE Trans Parallel Distrib Syst 28(12):3511–3520
Wang D, Cheng H, Wang P, Huang X, Jian G (2017) Zipf’s law in passwords. IEEE Trans Inf Forensic Secur 12(11):2776–2791
Wang D, Li W, Wang P (2018) Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks. IEEE Trans Ind Inf 14(9):4081–4092
Wang D, He D, Wang P, Chu CH (2014) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Depend Sec Comput 12(4):428–442
Li X, Niu J, Khan MK, Liao J, Zhao X (2016) Robust three-factor remote user authentication scheme with key agreement for multimedia systems. Secur Commun Netw 9(13):1916–1927
Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Comput Electr Eng 45:274–285
Jiang Q, Khan MK, Lu X, Ma J, He D (2016) A privacy preserving three-factor authentication protocol for e-Health clouds. J Supercomput 72(10):3826–3849
Kahani N, Elgazzar K, Cordy JR Authentication and access control in e-health systems in the cloud. In: 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), vol 13-23, pp 2016
Li X, Niu J, Kumari S, Wu F, Sangaiah AK, Choo KKR (2018) A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. J Netw Comput Appl 103:194–204
Xiong H (2014) Cost-effective scalable and anonymous certificateless remote authentication protocol. IEEE Trans Inf Forensic Secur 9(12):2327–2339
Wu D, Zhang F, Wang H, Wang R (2018) Security-oriented opportunistic data forwarding in mobile social networks. Fut Gener Comput Syst 87:803–815
Jiang Q, Zhang N, Ni J, Ma J, Ma X, Choo KR (2020) Unified Biometric Privacy Preserving Three-factor Authentication and Key Agreement for Cloud-assisted Autonomous Vehicles. IEEE Trans Veh Technol:1–1
Boonyarattaphan A, Bai Y, Chung S (2009) A security framework for e-health service authentication and e-health data transmission. In: 2009 9th International Symposium on Communications and Information Technology, pp 1213–1218
Löhr H, Sadeghi AR, Winandy M (2010) Securing the e-health cloud. In: Proceedings of the 1st acm international health informatics symposium, pp 220–229
Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5
Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143
Simplicio MA, Iwaya LH, Barros BM, Carvalho TC, NLäslund M. (2015) Secourhealth: a delay-tolerant security framework for mobile health data collection. IEEE J Biomed Health Inf 19(2):761–772
Mohit P, Amin R, Karati A, Biswas GP, Khan MK (2017) A standard mutual authentication protocol for cloud computing based health care system. J Med Syst 41(4):50
Djellalbia A, Badache N, Benmeziane S, Bensimessaoud S (2016) Anonymous authentication scheme in e-Health Cloud environment. In: 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST), pp 47–52
Karuppiah M, Das AK, Li X, Kumari S, Wu F, Chaudhry SA, Niranchana R (2019) Secure remote user mutual authentication scheme with key agreement for cloud environment. Mob Netw Appl 24(3):1046–1062
Li X, Niu J, Bhuiyan MZA, Wu F, Karuppiah M, Kumari S (2018) A robust ECC-based provable secure authentication protocol with privacy preserving for industrial internet of things. IEEE Trans Ind Inf 14(8):3599–3609
Kumari S, Das AK, Li X, Wu F, Khan MK, Jiang Q, Islam SH (2018) A provably secure biometrics-based authenticated key agreement scheme for multi-server environments. Multimed Tools Appl 77(2):2359–2389
Qiao H, Dong X, Shen Y (2019) Authenticated key agreement scheme with strong anonymity for Multi-Server environment in TMIS. J Med Syst 43(11):321
Al-Saggaf AA (2017) Key binding biometrics-based remote user authentication scheme using smart cards. IET Biom 7(3):278–284
Jiang Q, Chen Z, Ma J, Ma X, Shen J, Wu D (2019) Optimized Fuzzy Commitment based Key Agreement Protocol for Wireless Body Area Network. IEEE Trans Emerging Top Comput:1–1
Juels A, Wattenberg M (1999) A fuzzy commitment scheme. Proceedings of 6th ACM CCS. Singapore, pp 28–36
Blanchet B (2001) An efficient cryptographic protocol verifier based on prolog rules. csfw 1:82–96
Lee CC, Hwang MS, Yang WP (2005) A new blind signature based on the discrete logarithm problem for untraceability. Appl Math Comput 164(3):837–841
Das AK (2011) Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf Secur 5(3):145–151
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article belongs to the Topical Collection: Special Issue on Privacy-Preserving Computing
Guest Editors: Kaiping Xue, Zhe Liu, Haojin Zhu, Miao Pan and David S.L. Wei
Rights and permissions
About this article
Cite this article
Chen, L., Zhang, K. Privacy-aware smart card based biometric authentication scheme for e-health. Peer-to-Peer Netw. Appl. 14, 1353–1365 (2021). https://doi.org/10.1007/s12083-020-01008-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-020-01008-y