Abstract
Biometrics is an emerging technology for patient authentication due to its advantages over the other methods, as passwords and smart cards. However, in mobile environments, it introduces hard constraints on computation, storage and communication, respectively, when analyzing, saving and transmitting the patient biometric data. In this paper, we address these challenges and we propose a secure and lightweight remote patient authentication scheme for mobile healthcare environments. The proposed scheme translates the patient biometric data to ECC-based keys. When a remote diagnostic is required or an unexpected incident underwent on the health of a patient, the latter can be securely and cost-effectively authenticated without needing to save or communicate its biometric template. Through simulations, we conduct an overall evaluation of the proposed scheme compared to concurrent solutions. The results indicate out performance of the proposed scheme while providing effective security.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Given two points Q and G over an elliptic curve, it is computationally hard to find an integer \(k\in [1, n-1]\) such as \(Q = k\cdot G\). This means that, for a big integer n, there is no polynomial-time bounded algorithm allowing to compute k in a reasonable time due to the high number of possible combinations. This problem is known, in the literature, as Elliptic Curve Discrete Logarithm Problem (ECDLP). For more detail about the ECDLP, kindly refer to Hankerson et al. (2003) and Cohen et al. (2005).
References
Bayometric (2017a) Lumidigm m301 multispectral fingerprint scanner. https://www.bayometric.com/fingerprint-scanner-lumidigm-mercury-m301-m30x-sensor/. Accessed 26 Aug 2017
Bayometric (2017b) Suprema biomini usb fingerprint reader/scanner. https://www.bayometric.com/suprema-biomini-biometric-usb-fingerprint-reader-scanner/. Accessed 26 Aug 2017
Neuro Technology (2017) Zvetco verifi p5100. http://www.neurotechnology.com/fingerprint-scanner-zvetco-verifi-p5100.html. Accessed 26 Aug 2017
Al-Ani M (2014) Biometrics: identification and security, multidisciplinary perspectives in cryptology and information security. IGI Glob Chapter 14 4(1):343–364. doi:10.4018/978-1-4666-5808-0.ch014
Andalib A, Abdulla-Al-Shami M (2013) A novel key generation scheme for biometric cryptosystems using fingerprint minutiae. In: Proceedings of the international conference on informatics, electronics and vision, pp 1–6. doi:10.1109/ICIEV.2013.6572670
Aqsa M, Junaid Q, Basharat A, Kok-Lim A, Ubaid U (2015) Qos in ieee 802.11-based wireless networks: a contemporary review. J Netw Comput Appl 55:24–46. doi:10.1016/j.jnca.2015.04.016
Barman S, Samanta D, Chattopadhyay S (2015) Revocable key generation from irrevocable biometric data for symmetric cryptography. In: Proceedings of the third IEEE international conference on computer, communication, control and information technology, pp 1–4. doi:10.1109/C3IT.2015.7060182
Belguechi R, Le-goff T, Cherrier E, Rosenberger C (2011) Study of the robustness of a cancelable biometric system. In: Proceedings of the conference on network and information systems security, pp 1–7. doi:10.1109/SAR-SSI.2011.5931387
Bo Y, Aidong S, Wenzheng Z (2009) A fully robust fuzzy extractor. In: Proceedings of the international conference on cyber-enabled distributed computing and knowledge discovery, pp 392–395. doi:10.1109/CYBERC.2009.5342191
Boyen X, Dodis Y, Katz J, Ostrovsky R, Smith A (2005) Secure remote authentication using biometric data. In: Proceedings of the 24th annual international conference on the theory and applications of cryptographic techniques EUROCRYPT: advances in cryptology, part of the lecture notes in computer science book series 3494:147–163. doi:10.1007/11426639_9
Bradai N, Chaari L, Kamoun L (2011) A comprehensive overview of wireless body area networks (WBAN). Int J E-Health Med Commun 2(3):1–30. doi:10.4018/jehmc.2011070101
Chatterjee S, Das A, Sing J (2013) A novel and efficient user access control scheme for wireless body area sensor networks. J King Saud Univ Comput Inf Sci 26(2):181–201. doi:10.1016/j.jksuci.2013.10.007
Chen C, Lee C, Hsu C (2012) Mobile device integration of a fingerprint biometric remote authentication scheme. Int J Commun Syst 25(5):585–597. doi:10.1002/dac.1277
Chuang M, Chen M (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41(4):1411–1418. doi:10.1016/j.eswa.2013.08.040
Cohen H, Frey G, Avanzi R, Doche C, Lange T, Nguyen K, Vercauteren F (2005) Handbook of elliptic and hyperelliptic curve cryptography. Chapman and Hall, Boca Raton
Diffie W, Hellman M (1976) New directions in cryptography. IEEE Transactions in Information Theory 22(6):644–654. doi:10.1109/TIT.1976.1055638
Doshi A, Nirgude M (2015) Biometric recognition techniques. Int J Adv Res Comput Netw Wirel Mobile Commun 2(1):143–152
Elgazzar K, Aboelfotoh M, Martin P, Hassanein H (2012) Ubiquitous health monitoring using mobile web services. Procedia Comput Sci 10:332–339. doi:10.1016/j.procs.2012.06.044
Hankerson D, Menezes A, Vanstone S (2003) Guide to elliptic curve cryptography. Springer, New York. doi:10.1007/b97644
He D, Wang D (2015) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823. doi:10.1109/JSYST.2014.2301517
Hong L, Wan Y, Jain A (1998) Fingerprint image enhancement: algorithms and performance evaluation. IEEE Trans Pattern Anal Mach Intell 20(8):777–789. doi:10.1109/34.709565
Jain A, Ross A, Prabhakar S (2004) An introduction to biometric recognition. IEEE Trans Circ Syst Video Technol 14(1):4–20. doi:10.1109/TCSVT.2003.818349
Jayaram M, Fleyeh H (2013) Soft computing in biometrics: a pragmatic appraisal. Am J Intell Syst 3(3):105–112. doi:10.5923/j.ajis.20130303.01
Jung J, Kang D, Lee D, Won D (2017) An improved and secure anonymous biometric-based user authentication with key agreement scheme for the integrated EPR information system. PLoS One 12(1):e0169,414. doi:10.1371/journal.pone.0169414
Khan M, Jiashu Z, Wang X (2008) Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos Solitons Fractals 35(3):519–524. doi:10.1016/j.chaos.2006.05.061
Khan M, Kumari S, Gupta M (2014) More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816. doi:10.1007/s00607-013-0308-2
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:203–209. doi:10.1090/S0025-5718-1987-0866109-5
Kumari S, Karuppiah M, Das A, Li X, Wu F, Gupta V (2017) Design of a secure anonymity preserving authentication scheme for session initiation protocol using elliptic curve cryptography. J Ambient Intell Hum Comput. doi:10.1007/s12652-017-0460-1
Lalithamani N, Soman K (2009) An effective scheme for generating irrevocable cryptographic key from cancelable fingerprint templates. Int J Comput Sci Netw Secur 9(3):183–193. http://paper.ijcsns.org/07_book/200903/20090325.pdf. Accessed 26 Aug 2017
Li C, Weng C, Lee C, Wang C (2015) A hash based remote user authentication and authenticated key agreement scheme for the integrated epr information system. J Med Syst 39(144):1–11. doi:10.1007/s10916-015-0322-3
Li M, Lou W, Ren K (2010) Data security and privacy in wireless body area networks. IEEE Wirel Commun 17(1):51–58. doi:10.1109/MWC.2010.5416350
Limbasiya T, Doshi N (2017) An analytical study of biometric based remote user authentication schemes using smart cards. Comput Electr Eng 59:305–321. doi:10.1016/j.compeleceng.2017.01.026
Lu Y, Li L, Yang X, Yang Y (2015) Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS One 10(5):e0126,323. doi:10.1371/journal.pone.0126323
Lu Y, Li L, Peng H, Yang Y (2016) A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl 9(2):449–459. doi:10.1007/s12083-015-0363-x
Mastali N, Agbinya J (2010) Authentication of subjects and devices using biometrics and identity management systems for persuasive mobile computing: a survey paper. In: Proceedings of the 5th international conference on broadband and biomedical communications, pp 1–6. doi:10.1109/IB2COM.2010.5723618.
Miller V (1986) Uses of elliptic curves in cryptography. In: Proceedings of the conference on the theory and application of cryptographic techniques CRYPTO 1985: advances in cryptology—CRYPTO ’85. Springer, LNCS 218, pp 417–426. doi:10.1007/3-540-39799-X_31
Mishra D, Das A, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143. doi:10.1016/j.eswa.2014.07.004
Moolla Y, Viriri S, Nelwamondo F, Tapamo J (2012) Handwritten signature verification using weighted fractional distance classification. In: Proceedings of the international conference on signal processing, communication and computing, pp 212–217. doi:10.1109/ICSPCC.2012.6335587
Odelu V, Das A, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans Inf Forensics Sec 10(9):1953–1966. doi:10.1109/TIFS.2015.2439964
Peralta D, Galar M, Triguero I, Paternain D, Garcia S, Barrenechea E, Benitez J, Bustince H, Herrera F (2015) A survey on fingerprint minutiae-based local matching for verification and identification: taxonomy and experimental evaluation. Inf Sci 315:67–87. doi:10.1016/j.ins.2015.04.013
Reddy A, Das A, Odelu V, Yoo K (2016) An enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography. PLoS One 11(5):e0154,308. doi:10.1371/journal.pone.0154308
Reddy A, Yoon E, Das A, Odelu V, Yoo K (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5:3622–3639. doi:10.1109/ACCESS.2017.2666258
Ross A, Nandakumar K, Jain A (2008) Introduction to multibiometrics. In: Jain AK, Flynn P, Ross A (eds) Handbook of biometrics, vol 14. Springer, New York. doi:10.1007/978-0-387-71041-9
Sabah B, Shabir S, Shubham A, Sanyam S (2015) Unimodal and multimodal biometric recognition techniques a survey. Int J Comput Sci Netw 4(1):148–155. http://ijcsn.org/articles/0401/Unimodal-&-Multimodal-Biometric-Recognition-Techniques-A-Survey.html. Accessed 26 Aug 2017
Sonkamble S, Thool R, Sonkamble B (2010) Survey of biometric recognition systems and their applications. J Theoret Appl Inf Technol 11(1):45–51. http://www.jatit.org/volumes/eleventh_volume_1_2010.php. Accessed 26 Aug 2017
Stojmenović I (2002) Handbook of wireless networks and mobile computing. Wiley, Oxford. doi:10.1002/0471224561
Tong VVT, Sibert H, Lecour J, Girault M (2007) Fingerkey, un cryptosystème biométrique pour l’authentification. In: Proceedings of the conference on network and information systems security \(<\)hal-00156447\(>\), pp 1–10
Truong T, Tran M, Duong A (2012) Robust mobile device integration of a fingerprint biometric remote authentication scheme. In: Proceedings of the 26th IEEE international conference on advanced information networking and applications, pp 678–685. doi:10.1109/AINA.2012.47
Wang C, Zhang X, Zheng Z (2016) Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PLoS One 11(2):e0149,173. doi:10.1371/journal.pone.0149173
Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Comput Electr Eng 45(5):274–285. doi:10.1016/j.compeleceng.2015.02.015
Yoon E, Choi S, Yoo K (2012) A secure and efficiency id-based authenticated key agreement scheme based on elliptic curve cryptosystem for mobile devices. Int J Innov Comput Inf Control 8(4):2637–2653. https://pdfs.semanticscholar.org/7273/c09fbd67ea221ff94204374ea39dec8dc011.pdf. Accessed 26 Aug 2017
Zaeri N (2011) Minutiae-based fingerprint extraction and recognition. In: Jucheng Y (Ed) Biometrics. InTech. doi:10.5772/17527 (ISBN: 978-953-307-618-8)
Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong H (2014) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 74(10):3477–3488. doi:10.1007/s11042-014-1885-6
Acknowledgements
This work was carried out in the framework of research activities of the laboratory LIMED, which is affiliated to the Faculty of Exact Sciences of the University of Bejaia. It was done in collaboration with the Labex MS2T, which was funded by the French Government, through the program “Investments for the future” managed by the National Agency for Research (Reference ANR-11-IDEX-0004-02).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mohammedi, M., Omar, M. & Bouabdallah, A. Secure and lightweight remote patient authentication scheme with biometric inputs for mobile healthcare environments. J Ambient Intell Human Comput 9, 1527–1539 (2018). https://doi.org/10.1007/s12652-017-0574-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-017-0574-5