1
|
Yupapin P, Meshram C, Barve SK, Ibrahim RW, Akbar MA. An efficient provably secure verifier-based authentication protocol using fractional chaotic maps in telecare medicine information systems. Soft comput 2023. [DOI: 10.1007/s00500-023-07889-4] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 03/15/2023]
|
2
|
Ghahramani M, Javidan R. Time dependency: an efficient biometric-based authentication for secure communication in wireless healthcare sensor networks. JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES 2022. [DOI: 10.1007/s11416-022-00448-9] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/14/2022]
|
3
|
Shamshad S, Minahil, Mahmood K, Kumari S, Chen CM. A secure blockchain-based e-health records storage and sharing scheme. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2020. [DOI: 10.1016/j.jisa.2020.102590] [Citation(s) in RCA: 28] [Impact Index Per Article: 7.0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/24/2022]
|
4
|
Ali Z, Ghani A, Khan I, Chaudhry SA, Islam SKH, Giri D. A robust authentication and access control protocol for securing wireless healthcare sensor networks. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2020. [DOI: 10.1016/j.jisa.2020.102502] [Citation(s) in RCA: 21] [Impact Index Per Article: 5.3] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/24/2022]
|
5
|
An efficient key authentication procedure for IND-CCA2 secure Paillier-based cryptosystem. Soft comput 2020. [DOI: 10.1007/s00500-020-04768-0] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/24/2022]
|
6
|
Ostad-Sharif A, Abbasinezhad-Mood D, Nikooghadam M. A Robust and Efficient ECC-based Mutual Authentication and Session Key Generation Scheme for Healthcare Applications. J Med Syst 2018; 43:10. [PMID: 30506115 DOI: 10.1007/s10916-018-1120-5] [Citation(s) in RCA: 37] [Impact Index Per Article: 6.2] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/28/2018] [Accepted: 11/06/2018] [Indexed: 11/26/2022]
Abstract
Telecare medicine information system (TMIS) has provided an efficient and convenient way for communications of patients at home and medical staffs at clinical centers. To make these communications secure, user authentication by medical servers is considered as a crucial requirement. For this purpose, many user authentication and key agreement protocols have been put forwrad in order to fulfil this vital necessity. Recently, Arshad and Rasoolzadegan have revealed that not only the authentication and key agreement protocols suggested by Amin and Biswas and Giri et al. are defenseless against the replay attack and do not support the perfect forward secrecy, but also Amin and Biswas's protocol is susceptible to the offline password guessing attack. Nonetheless, in this paper, we demonstrate that Arshad and Rasoolzadegan's and the other existing schemes still fail to resist a well-known attack. Therefore, to cover this security gap, a new user authentication and session key agreement protocol is recommended that can be employed effectively for offering secure communication channels in TMIS. Our comparative security and performance analyses reveal that the proposed scheme can both solve the existing security drawback and, same as Arshad and Rasoolzadegan's scheme, has low communication and computational overheads.
Collapse
Affiliation(s)
- Arezou Ostad-Sharif
- Department of Computer Engineering and Information Technology, Imam Reza International University, Mashhad, Iran
| | - Dariush Abbasinezhad-Mood
- Department of Computer Engineering and Information Technology, Imam Reza International University, Mashhad, Iran
| | - Morteza Nikooghadam
- Department of Computer Engineering and Information Technology, Imam Reza International University, Mashhad, Iran.
| |
Collapse
|
7
|
A biometric security scheme for wireless body area networks. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2018. [DOI: 10.1016/j.jisa.2018.06.001] [Citation(s) in RCA: 15] [Impact Index Per Article: 2.5] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
|
8
|
Roy S, Chatterjee S, Mahapatra G. An efficient biometric based remote user authentication scheme for secure internet of things environment. JOURNAL OF INTELLIGENT & FUZZY SYSTEMS 2018. [DOI: 10.3233/jifs-169435] [Citation(s) in RCA: 11] [Impact Index Per Article: 1.8] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
Affiliation(s)
- Sandip Roy
- Department of Computer Science and Engineering, Asansol Engineering College, Asansol, WB, India
| | | | | |
Collapse
|
9
|
Chandrakar P, Om H. Cryptanalysis and Security Enhancement of Three-Factor Remote User Authentication Scheme for Multi-Server Environment. INTERNATIONAL JOURNAL OF BUSINESS DATA COMMUNICATIONS AND NETWORKING 2017. [DOI: 10.4018/ijbdcn.2017010108] [Citation(s) in RCA: 14] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/09/2022]
Abstract
Recently, Om et al. proposed three-factor remote user authentication protocol using ElGamal cryptosystem and ensured that it is withstands to various kinds of security attacks. But, the authors review carefully Om et al.'s scheme and discover that it unable to resist three attacks (like password guessing; denial of service; and user impersonation). Moreover, their protocol is not facilitating user anonymity. To solve these security vulnerabilities, the authors devise a secure and robust anonymous identity based authentication scheme for multi-server environment. The authentication proof of the proposed scheme has validated using BAN (Burrows-Abadi-Needham) logic, which confirms the protocol facilitates mutual authentication and session-key negotiation securely. Informal security analysis also confirms that it is well protected against various security attacks. In addition, the proposed work is compared along with other schemes (in the context of smart card storage and computation costs as well as execution time).
Collapse
Affiliation(s)
- Preeti Chandrakar
- Indian Institute of Technology (Indian School of Mines), Dhanbad, India
| | - Hari Om
- Indian Institute of Technology (Indian School of Mines), Dhanbad, India
| |
Collapse
|
10
|
A Survey of Authentication Schemes in Telecare Medicine Information Systems. J Med Syst 2016; 41:14. [PMID: 27900653 DOI: 10.1007/s10916-016-0658-3] [Citation(s) in RCA: 16] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/06/2016] [Accepted: 11/08/2016] [Indexed: 10/20/2022]
Abstract
E-Healthcare is an emerging field that provides mobility to its users. The protected health information of the users are stored at a remote server (Telecare Medical Information System) and can be accessed by the users at anytime. Many authentication protocols have been proposed to ensure the secure authenticated access to the Telecare Medical Information System. These protocols are designed to provide certain properties such as: anonymity, untraceability, unlinkability, privacy, confidentiality, availability and integrity. They also aim to build a key exchange mechanism, which provides security against some attacks such as: identity theft, password guessing, denial of service, impersonation and insider attacks. This paper reviews these proposed authentication protocols and discusses their strengths and weaknesses in terms of ensured security and privacy properties, and computation cost. The schemes are divided in three broad categories of one-factor, two-factor and three-factor authentication schemes. Inter-category and intra-category comparison has been performed for these schemes and based on the derived results we propose future directions and recommendations that can be very helpful to the researchers who work on the design and implementation of authentication protocols.
Collapse
|
11
|
Zhang L, Zhu S, Tang S. Privacy Protection for Telecare Medicine Information Systems Using a Chaotic Map-Based Three-Factor Authenticated Key Agreement Scheme. IEEE J Biomed Health Inform 2016; 21:465-475. [PMID: 26766384 DOI: 10.1109/jbhi.2016.2517146] [Citation(s) in RCA: 53] [Impact Index Per Article: 6.6] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/09/2022]
Abstract
Telecare medicine information systems (TMIS) provide flexible and convenient e-health care. However, the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.'s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.'s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.'s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient to enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes.
Collapse
|
12
|
Moon J, Choi Y, Kim J, Won D. An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps. J Med Syst 2016; 40:70. [PMID: 26743628 DOI: 10.1007/s10916-015-0422-0] [Citation(s) in RCA: 27] [Impact Index Per Article: 3.4] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/28/2015] [Accepted: 12/08/2015] [Indexed: 10/22/2022]
Abstract
Recently, numerous extended chaotic map-based password authentication schemes that employ smart card technology were proposed for Telecare Medical Information Systems (TMISs). In 2015, Lu et al. used Li et al.'s scheme as a basis to propose a password authentication scheme for TMISs that is based on biometrics and smart card technology and employs extended chaotic maps. Lu et al. demonstrated that Li et al.'s scheme comprises some weaknesses such as those regarding a violation of the session-key security, a vulnerability to the user impersonation attack, and a lack of local verification. In this paper, however, we show that Lu et al.'s scheme is still insecure with respect to issues such as a violation of the session-key security, and that it is vulnerable to both the outsider attack and the impersonation attack. To overcome these drawbacks, we retain the useful properties of Lu et al.'s scheme to propose a new password authentication scheme that is based on smart card technology and requires the use of chaotic maps. Then, we show that our proposed scheme is more secure and efficient and supports security properties.
Collapse
Affiliation(s)
- Jongho Moon
- Information Security Group, Sungkyunkwan University, 2066 Seobu-ro, Suwon, 16419, Korea.
| | - Younsung Choi
- Information Security Group, Sungkyunkwan University, 2066 Seobu-ro, Suwon, 16419, Korea
| | - Jiye Kim
- Information Security Group, Sungkyunkwan University, 2066 Seobu-ro, Suwon, 16419, Korea
| | - Dongho Won
- Information Security Group, Sungkyunkwan University, 2066 Seobu-ro, Suwon, 16419, Korea.
| |
Collapse
|
13
|
An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography. J Med Syst 2015; 39:175. [PMID: 26399937 DOI: 10.1007/s10916-015-0335-y] [Citation(s) in RCA: 36] [Impact Index Per Article: 4.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/27/2015] [Accepted: 08/26/2015] [Indexed: 10/23/2022]
Abstract
Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient's as well as TMIS server's legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1-8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.'s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.'s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.'s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.'s scheme is also robust against known attacks.
Collapse
|
14
|
Amin R, Islam SKH, Biswas GP, Khan MK, Li X. Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems. J Med Syst 2015; 39:140. [PMID: 26342492 DOI: 10.1007/s10916-015-0318-z] [Citation(s) in RCA: 51] [Impact Index Per Article: 5.7] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/20/2015] [Accepted: 08/07/2015] [Indexed: 11/28/2022]
Abstract
The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.'s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.'s scheme and additionally achieves extra security requirements.
Collapse
Affiliation(s)
- Ruhul Amin
- Department of Computer Science and Engineering, Indian School of Mines, Dhanbad, 826004, Jharkhand, India,
| | | | | | | | | |
Collapse
|
15
|
Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System. J Med Syst 2015; 39:137. [PMID: 26324169 DOI: 10.1007/s10916-015-0307-2] [Citation(s) in RCA: 24] [Impact Index Per Article: 2.7] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/14/2015] [Accepted: 07/29/2015] [Indexed: 10/23/2022]
Abstract
In order to access remote medical server, generally the patients utilize smart card to login to the server. It has been observed that most of the user (patient) authentication protocols suffer from smart card stolen attack that means the attacker can mount several common attacks after extracting smart card information. Recently, Lu et al.'s proposes a session key agreement protocol between the patient and remote medical server and claims that the same protocol is secure against relevant security attacks. However, this paper presents several security attacks on Lu et al.'s protocol such as identity trace attack, new smart card issue attack, patient impersonation attack and medical server impersonation attack. In order to fix the mentioned security pitfalls including smart card stolen attack, this paper proposes an efficient remote mutual authentication protocol using smart card. We have then simulated the proposed protocol using widely-accepted AVISPA simulation tool whose results make certain that the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. Moreover, the rigorous security analysis proves that the proposed protocol provides strong security protection on the relevant security attacks including smart card stolen attack. We compare the proposed scheme with several related schemes in terms of computation cost and communication cost as well as security functionalities. It has been observed that the proposed scheme is comparatively better than related existing schemes.
Collapse
|
16
|
A Secure User Anonymity and Authentication Scheme Using AVISPA for Telecare Medical Information Systems. J Med Syst 2015; 39:89. [PMID: 26242748 DOI: 10.1007/s10916-015-0265-8] [Citation(s) in RCA: 30] [Impact Index Per Article: 3.3] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/11/2015] [Accepted: 06/16/2015] [Indexed: 10/23/2022]
Abstract
Telecare medicine information systems (TMIS) have been known as an effective mechanism to increase quality and security of healthcare services. In other to the protection of patient privacy, several authentication schemes have been proposed in TMIS, however, most of them have a security problems. Recently, Das proposed a secure and robust password-based remote user authentication scheme for the integrated EPR information system. However, in this paper, we show that his scheme have some security flaws. Then, we shall propose a secure authentication scheme to overcome their weaknesses. We prove the proposed scheme with random oracle and also use the BAN logic to prove the correctness of the proposed scheme. Furthermore, we simulate our scheme for the formal security analysis using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool.
Collapse
|
17
|
An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS. J Med Syst 2015; 39:79. [PMID: 26123833 DOI: 10.1007/s10916-015-0262-y] [Citation(s) in RCA: 32] [Impact Index Per Article: 3.6] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/15/2015] [Accepted: 06/02/2015] [Indexed: 10/23/2022]
Abstract
Recently, Giri et al.'s proposed a RSA cryptosystem based remote user authentication scheme for telecare medical information system and claimed that the protocol is secure against all the relevant security attacks. However, we have scrutinized the Giri et al.'s protocol and pointed out that the protocol is not secure against off-line password guessing attack, privileged insider attack and also suffers from anonymity problem. Moreover, the extension of password guessing attack leads to more security weaknesses. Therefore, this protocol needs improvement in terms of security before implementing in real-life application. To fix the mentioned security pitfalls, this paper proposes an improved scheme over Giri et al.'s scheme, which preserves user anonymity property. We have then simulated the proposed protocol using widely-accepted AVISPA tool which ensures that the protocol is SAFE under OFMC and CL-AtSe models, that means the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The informal cryptanalysis has been also presented, which confirmed that the proposed protocol provides well security protection on the relevant security attacks. The performance analysis section compares the proposed protocol with other existing protocols in terms of security and it has been observed that the protocol provides more security and achieves additional functionalities such as user anonymity and session key verification.
Collapse
|
18
|
A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity. J Med Syst 2015; 39:78. [DOI: 10.1007/s10916-015-0258-7] [Citation(s) in RCA: 56] [Impact Index Per Article: 6.2] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/25/2015] [Accepted: 06/02/2015] [Indexed: 11/30/2022]
|
19
|
Arshad H, Teymoori V, Nikooghadam M, Abbassi H. On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems. J Med Syst 2015; 39:76. [DOI: 10.1007/s10916-015-0259-6] [Citation(s) in RCA: 22] [Impact Index Per Article: 2.4] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/31/2015] [Accepted: 06/02/2015] [Indexed: 10/23/2022]
|
20
|
Robust ECC-based authenticated key agreement scheme with privacy protection for Telecare medicine information systems. J Med Syst 2015; 39:49. [PMID: 25732081 DOI: 10.1007/s10916-015-0233-3] [Citation(s) in RCA: 15] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/07/2015] [Accepted: 02/11/2015] [Indexed: 10/23/2022]
Abstract
To protect the transmission of the sensitive medical data, a secure and efficient authenticated key agreement scheme should be deployed when the healthcare delivery session is established via Telecare Medicine Information Systems (TMIS) over the unsecure public network. Recently, Islam and Khan proposed an authenticated key agreement scheme using elliptic curve cryptography for TMIS. They claimed that their proposed scheme is provably secure against various attacks in random oracle model and enjoys some good properties such as user anonymity. In this paper, however, we point out that any legal but malicious patient can reveal other user's identity. Consequently, their scheme suffers from server spoofing attack and off-line password guessing attack. Moreover, if the malicious patient performs the same time of the registration as other users, she can further launch the impersonation attack, man-in-the-middle attack, modification attack, replay attack, and strong replay attack successfully. To eliminate these weaknesses, we propose an improved ECC-based authenticated key agreement scheme. Security analysis demonstrates that the proposed scheme can resist various attacks and enables the patient to enjoy the remote healthcare services with privacy protection. Through the performance evaluation, we show that the proposed scheme achieves a desired balance between security and performance in comparisons with other related schemes.
Collapse
|
21
|
Lu Y, Li L, Peng H, Yang Y. An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J Med Syst 2015; 39:32. [PMID: 25681101 PMCID: PMC4328119 DOI: 10.1007/s10916-015-0221-7] [Citation(s) in RCA: 77] [Impact Index Per Article: 8.6] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 12/24/2014] [Accepted: 01/26/2015] [Indexed: 11/26/2022]
Abstract
The telecare medical information systems (TMISs) enable patients to conveniently enjoy telecare services at home. The protection of patient’s privacy is a key issue due to the openness of communication environment. Authentication as a typical approach is adopted to guarantee confidential and authorized interaction between the patient and remote server. In order to achieve the goals, numerous remote authentication schemes based on cryptography have been presented. Recently, Arshad et al.(J Med Syst 38(12): 2014) presented a secure and efficient three-factor authenticated key exchange scheme to remedy the weaknesses of Tan et al.’s scheme (J Med Syst 38(3): 2014). In this paper, we found that once a successful off-line password attack that results in an adversary could impersonate any user of the system in Arshad et al.’s scheme. In order to thwart these security attacks, an enhanced biometric and smart card based remote authentication scheme for TMISs is proposed. In addition, the BAN logic is applied to demonstrate the completeness of the enhanced scheme. Security and performance analyses show that our enhanced scheme satisfies more security properties and less computational cost compared with previously proposed schemes.
Collapse
Affiliation(s)
- Yanrong Lu
- />Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876 China
- />National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing, 100876 China
| | - Lixiang Li
- />Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876 China
- />National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing, 100876 China
| | - Haipeng Peng
- />Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876 China
- />National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing, 100876 China
| | - Yixian Yang
- />Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876 China
- />National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing, 100876 China
| |
Collapse
|
22
|
Das AK. A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems. J Med Syst 2015; 39:30. [PMID: 25677956 DOI: 10.1007/s10916-015-0218-2] [Citation(s) in RCA: 33] [Impact Index Per Article: 3.7] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 12/04/2014] [Accepted: 01/26/2015] [Indexed: 11/25/2022]
Abstract
Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan's scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan's scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan's scheme and then presented an improvement on Tan's s scheme. However, we show that Arshad and Nikooghadam's scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan's scheme, and Arshad and Nikooghadam's scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.
Collapse
Affiliation(s)
- Ashok Kumar Das
- Center for Security, Theory and Algorithmic Research International Institute of Information Technology, Hyderabad, 500 032, India,
| |
Collapse
|
23
|
Guo D, Wen Q, Li W, Zhang H, Jin Z. An improved biometrics-based authentication scheme for telecare medical information systems. J Med Syst 2015; 39:20. [PMID: 25663481 DOI: 10.1007/s10916-015-0194-6] [Citation(s) in RCA: 7] [Impact Index Per Article: 0.8] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/11/2014] [Accepted: 01/07/2015] [Indexed: 10/24/2022]
Abstract
Telecare medical information system (TMIS) offers healthcare delivery services and patients can acquire their desired medical services conveniently through public networks. The protection of patients' privacy and data confidentiality are significant. Very recently, Mishra et al. proposed a biometrics-based authentication scheme for telecare medical information system. Their scheme can protect user privacy and is believed to resist a range of network attacks. In this paper, we analyze Mishra et al.'s scheme and identify that their scheme is insecure to against known session key attack and impersonation attack. Thereby, we present a modified biometrics-based authentication scheme for TMIS to eliminate the aforementioned faults. Besides, we demonstrate the completeness of the proposed scheme through BAN-logic. Compared to the related schemes, our protocol can provide stronger security and it is more practical.
Collapse
Affiliation(s)
- Dianli Guo
- State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China,
| | | | | | | | | |
Collapse
|
24
|
The Current and Future Needs of Our Medical Systems. J Med Syst 2015; 39:16. [DOI: 10.1007/s10916-015-0212-8] [Citation(s) in RCA: 4] [Impact Index Per Article: 0.4] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/13/2015] [Accepted: 01/20/2015] [Indexed: 10/24/2022]
|
25
|
Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J Med Syst 2015; 39:10. [PMID: 25631840 DOI: 10.1007/s10916-014-0179-x] [Citation(s) in RCA: 57] [Impact Index Per Article: 6.3] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/21/2014] [Accepted: 11/28/2014] [Indexed: 10/24/2022]
Abstract
Nowadays, connected health care applications are used more and more in the world. Service through the applications can save the patients' time and expense, such as telecare medical information system (TMIS) and integrated electronic patient record (EPR) information system. In the applications, preserving patients' privacy, transmitting messages securely and keeping mutual authentication should all be paid attention. Many authentication schemes have been proposed to make a secure communicating environment. Recently Xie et al. showed that Wen's scheme was insecure because it was under the off-line password guessing attack and without user anonymity and forward security. They gave a new three-factor authentication scheme and claimed that it was secure. However, we find that Xie et al's scheme is vulnerable to the De-synchronization attack and the server has too much storage burden in the scheme. Then we present an improved scheme which overcomes the usual weaknesses and keeps ordinary security characters. Compared with recent schemes of the same kind, our scheme is secure and practical.
Collapse
|