1
|
Osei E, Mashamba-Thompson TP. Mobile health applications for disease screening and treatment support in low-and middle-income countries: A narrative review. Heliyon 2021; 7:e06639. [PMID: 33869857 PMCID: PMC8035664 DOI: 10.1016/j.heliyon.2021.e06639] [Citation(s) in RCA: 31] [Impact Index Per Article: 10.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/01/2020] [Revised: 11/15/2020] [Accepted: 03/26/2021] [Indexed: 12/12/2022] Open
Abstract
The advances in mobile technologies and applications are driving the transformation in health services delivery globally. Mobile phone penetration is increasing exponentially in low-and middle-income countries, hence using mobile phones for healthcare services could reach more people in resource-limited settings than the traditional forms of healthcare provision. The review presents recent literature on facilitators and barriers of implementing mHealth for disease screening and treatment support in low-and middle-income countries. We searched for relevant literature from the following electronic databases: MEDLINE; CINAHL with full text via EBSCOhost; Science Direct; PubMed; Google Scholar and Web of Science using the keywords for relevant studies. We searched for published studies from 2015 to August 2020 with no language limitations. A total of 721 articles identified, 125 articles met the inclusion criteria and were included in the qualitative synthesis. The review demonstrates relevant facilitators for the implementation of mHealth, which includes knowledge, attitudes, and perceptions of stakeholders on the use of mHealth and the performance of mHealth for disease diagnosis in low and-middle-income countries. Barriers and challenges hindering the implementation of mHealth applications were also identified. We proposed a framework for improving the implementation of mHealth for disease screening and treatment support in low-and middle-income countries.
Collapse
Affiliation(s)
- Ernest Osei
- Discipline of Public Health Medicine, School of Nursing and Public Health, University of KwaZulu-Natal, Durban, South Africa
| | - Tivani P. Mashamba-Thompson
- Discipline of Public Health Medicine, School of Nursing and Public Health, University of KwaZulu-Natal, Durban, South Africa
- Faculty of Health Sciences, University of Pretoria, Prinshof Campus, Pretoria, South Africa
| |
Collapse
|
2
|
Abstract
AbstractSustainable Computing has advanced the technological evolution of the Internet and information-based communication technology. It is nowadays emerging in the form of the Cloud of Medical Things (CoMT) to develop smart healthcare systems. The academic community has lately made great strides for the development of security for the CoMT based application systems, such as e-healthcare systems, industrial automation systems, military surveillance systems, and so on. To the architecture of CoMT based Smart Environment, Chebyshev Chaotic-Map based single-user sign-in (S-USI) is found as a significant security-control mechanism. To ensure the fidelity, the S-USI assigns a unary-token to the legal users to access the various services, provided by a service provider over an IP-enabled distributed networks. Numerous authentication mechanisms have been presented for the cloud-based distributed networks. However, most of the schemes are still persuasible to security threats, such as user-anonymity, privileged-insider, mutual authentication, and replay type of attacks. This paper applies a sensor/sensor-tag based smart healthcare environment that uses S-USI to provide security and privacy. To strengthen the authentication process, a robust secure based S-USI mechanism and a well-formed coexistence protocol proof for pervasive services in the cloud are proposed. Using the formal security analysis, the prominence of the proposed strategies is proven to show the security efficiency of proposed S-USI. From the formal verification, the comparison results demonstrate that the proposed S-USI consumes less computation overhead; and thus it can be more suitable for the telecare medical information systems.
Collapse
|
3
|
Secure and Efficient Cloud-based IoT Authenticated Key Agreement scheme for e-Health Wireless Sensor Networks. ARABIAN JOURNAL FOR SCIENCE AND ENGINEERING 2020. [DOI: 10.1007/s13369-020-04905-9] [Citation(s) in RCA: 8] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/23/2022]
|
4
|
Esther Omolara A, Jantan A, Abiodun OI, Arshad H, Dada KV, Emmanuel E. HoneyDetails: A prototype for ensuring patient’s information privacy and thwarting electronic health record threats based on decoys. Health Informatics J 2020; 26:2083-2104. [DOI: 10.1177/1460458219894479] [Citation(s) in RCA: 7] [Impact Index Per Article: 1.8] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
Advancements in electronic health record system allow patients to store and selectively share their medical records as needed with doctors. However, privacy concerns represent one of the major threats facing the electronic health record system. For instance, a cybercriminal may use a brute-force attack to authenticate into a patient’s account to steal the patient’s personal, medical or genetic details. This threat is amplified given that an individual’s genetic content is connected to their family, thus leading to security risks for their family members as well. Several cases of patient’s data theft have been reported where cybercriminals authenticated into the patient’s account, stole the patient’s medical data and assumed the identity of the patients. In some cases, the stolen data were used to access the patient’s accounts on other platforms and in other cases, to make fraudulent health insurance claims. Several measures have been suggested to address the security issues in electronic health record systems. Nevertheless, we emphasize that current measures proffer security in the short-term. This work studies the feasibility of using a decoy-based system named HoneyDetails in the security of the electronic health record system. HoneyDetails will serve fictitious medical data to the adversary during his hacking attempt to steal the patient’s data. However, the adversary will remain oblivious to the deceit due to the realistic structure of the data. Our findings indicate that the proposed system may serve as a potential measure for safeguarding against patient’s information theft.
Collapse
|
5
|
Renuka K, Kumari S, Li X. Design of a Secure Three-Factor Authentication Scheme for Smart Healthcare. J Med Syst 2019; 43:133. [PMID: 30945011 DOI: 10.1007/s10916-019-1251-3] [Citation(s) in RCA: 14] [Impact Index Per Article: 2.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/24/2018] [Accepted: 03/15/2019] [Indexed: 10/27/2022]
Abstract
Now-a-days, the society is witnessing a keen urge to enhance the quality of healthcare services with the intervention of technology in the health sector. The main focus in transforming traditional healthcare to smart healthcare is on facilitating the patients as well as medical professionals. However, this changover is not easy due to various issues of security and integrity associated with it. Security of patients's personal health record and privacy can be handled well by permitting only authorized access to the confidential health-data via suitably designed authentication scheme. In pursuit to contribute in this direction, we came across the role of Universal Serial Bus (USB), the most widely accepted interface, in enabling communication between peripheral devices and a host controller like laptop, personal computer, smart phone, tablet etc. In the process, we analysed a recently proposed a three-factor authentication scheme for consumer USB Mass Storage Devices (MSD) by He et al. In this paper, we demonstrate that He et al.'s scheme is vulnerable to leakage of temporary but session specific information attacks, late detection of message replay, forward secrecy attacks, and backward secrecy attacks. Then motivated with the benefits of USB, we propose a secure three-factor authentication scheme for smart healthcare.
Collapse
Affiliation(s)
- Km Renuka
- Department of Mathematics, Chaudhary Charan Singh University, Meerut, Uttar Pradesh, 250004, India
| | - Saru Kumari
- Department of Mathematics, Chaudhary Charan Singh University, Meerut, Uttar Pradesh, 250004, India
| | - Xiong Li
- School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, 411201, China.
| |
Collapse
|
6
|
Ostad-Sharif A, Abbasinezhad-Mood D, Nikooghadam M. A Robust and Efficient ECC-based Mutual Authentication and Session Key Generation Scheme for Healthcare Applications. J Med Syst 2018; 43:10. [PMID: 30506115 DOI: 10.1007/s10916-018-1120-5] [Citation(s) in RCA: 37] [Impact Index Per Article: 6.2] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/28/2018] [Accepted: 11/06/2018] [Indexed: 11/26/2022]
Abstract
Telecare medicine information system (TMIS) has provided an efficient and convenient way for communications of patients at home and medical staffs at clinical centers. To make these communications secure, user authentication by medical servers is considered as a crucial requirement. For this purpose, many user authentication and key agreement protocols have been put forwrad in order to fulfil this vital necessity. Recently, Arshad and Rasoolzadegan have revealed that not only the authentication and key agreement protocols suggested by Amin and Biswas and Giri et al. are defenseless against the replay attack and do not support the perfect forward secrecy, but also Amin and Biswas's protocol is susceptible to the offline password guessing attack. Nonetheless, in this paper, we demonstrate that Arshad and Rasoolzadegan's and the other existing schemes still fail to resist a well-known attack. Therefore, to cover this security gap, a new user authentication and session key agreement protocol is recommended that can be employed effectively for offering secure communication channels in TMIS. Our comparative security and performance analyses reveal that the proposed scheme can both solve the existing security drawback and, same as Arshad and Rasoolzadegan's scheme, has low communication and computational overheads.
Collapse
Affiliation(s)
- Arezou Ostad-Sharif
- Department of Computer Engineering and Information Technology, Imam Reza International University, Mashhad, Iran
| | - Dariush Abbasinezhad-Mood
- Department of Computer Engineering and Information Technology, Imam Reza International University, Mashhad, Iran
| | - Morteza Nikooghadam
- Department of Computer Engineering and Information Technology, Imam Reza International University, Mashhad, Iran.
| |
Collapse
|
7
|
Aghili SF, Mala H, Peris-Lopez P. Securing Heterogeneous Wireless Sensor Networks: Breaking and Fixing a Three-Factor Authentication Protocol. SENSORS 2018; 18:s18113663. [PMID: 30380595 PMCID: PMC6264007 DOI: 10.3390/s18113663] [Citation(s) in RCA: 10] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 08/03/2018] [Revised: 09/11/2018] [Accepted: 09/21/2018] [Indexed: 11/16/2022]
Abstract
Heterogeneous wireless sensor networks (HWSNs) are employed in many real-time applications, such as Internet of sensors (IoS), Internet of vehicles (IoV), healthcare monitoring, and so on. As wireless sensor nodes have constrained computing, storage and communication capabilities, designing energy-efficient authentication protocols is a very important issue in wireless sensor network security. Recently, Amin et al. presented an untraceable and anonymous three-factor authentication (3FA) scheme for HWSNs and argued that their protocol is efficient and can withstand the common security threats in this sort of networks. In this article, we show how their protocol is not immune to user impersonation, de-synchronization and traceability attacks. In addition, an adversary can disclose session key under the typical assumption that sensors are not tamper-resistant. To overcome these drawbacks, we improve the Amin et al.’s protocol. First, we informally show that our improved scheme is secure against the most common attacks in HWSNs in which the attacks against Amin et al.’s protocol are part of them. Moreover, we verify formally our proposed protocol using the BAN logic. Compared with the Amin et al.’s scheme, the proposed protocol is both more efficient and more secure to be employed which renders the proposal suitable for HWSN networks.
Collapse
Affiliation(s)
- Seyed Farhad Aghili
- Department of Information Technology Engineering, Faculty of Computer Engineering, University of Isfahan, Hezar Jerib St., Isfahan 81746-73441, Iran.
| | - Hamid Mala
- Department of Information Technology Engineering, Faculty of Computer Engineering, University of Isfahan, Hezar Jerib St., Isfahan 81746-73441, Iran.
| | - Pedro Peris-Lopez
- Department of Computer Science, University Carlos III of Madrid, Avda. de la Universidad 30, 28911 Leganés, Spain.
| |
Collapse
|
8
|
A Survey of Authentication Schemes in Telecare Medicine Information Systems. J Med Syst 2016; 41:14. [PMID: 27900653 DOI: 10.1007/s10916-016-0658-3] [Citation(s) in RCA: 16] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/06/2016] [Accepted: 11/08/2016] [Indexed: 10/20/2022]
Abstract
E-Healthcare is an emerging field that provides mobility to its users. The protected health information of the users are stored at a remote server (Telecare Medical Information System) and can be accessed by the users at anytime. Many authentication protocols have been proposed to ensure the secure authenticated access to the Telecare Medical Information System. These protocols are designed to provide certain properties such as: anonymity, untraceability, unlinkability, privacy, confidentiality, availability and integrity. They also aim to build a key exchange mechanism, which provides security against some attacks such as: identity theft, password guessing, denial of service, impersonation and insider attacks. This paper reviews these proposed authentication protocols and discusses their strengths and weaknesses in terms of ensured security and privacy properties, and computation cost. The schemes are divided in three broad categories of one-factor, two-factor and three-factor authentication schemes. Inter-category and intra-category comparison has been performed for these schemes and based on the derived results we propose future directions and recommendations that can be very helpful to the researchers who work on the design and implementation of authentication protocols.
Collapse
|
9
|
Sutrala AK, Das AK, Odelu V, Wazid M, Kumari S. Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. COMPUTER METHODS AND PROGRAMS IN BIOMEDICINE 2016; 135:167-185. [PMID: 27586489 DOI: 10.1016/j.cmpb.2016.07.028] [Citation(s) in RCA: 12] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 03/07/2016] [Revised: 06/12/2016] [Accepted: 07/20/2016] [Indexed: 06/06/2023]
Abstract
BACKGROUND AND OBJECTIVES Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. METHODS Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property. RESULTS The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. CONCLUSIONS We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security verification of our scheme using the widely accepted AVISPA tool. High security and extra functionality features allow our proposed scheme to be applicable for telecare medicine information systems which is used for e-health care medical applications.
Collapse
Affiliation(s)
- Anil Kumar Sutrala
- Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India
| | - Ashok Kumar Das
- Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India.
| | - Vanga Odelu
- Department of Mathematics, Indian Institute of Technology, Kharagpur 721 302, India; Department of Computer Science and Engineering, Indian Institute of Information Technology, Sri City, Chittoor 517 588, Andhra Pradesh, India
| | - Mohammad Wazid
- Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India
| | - Saru Kumari
- Department of Mathematics, Ch. Charan Singh University, Meerut 250 005, Uttar Pradesh, India
| |
Collapse
|
10
|
Moon J, Choi Y, Kim J, Won D. An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps. J Med Syst 2016; 40:70. [PMID: 26743628 DOI: 10.1007/s10916-015-0422-0] [Citation(s) in RCA: 27] [Impact Index Per Article: 3.4] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/28/2015] [Accepted: 12/08/2015] [Indexed: 10/22/2022]
Abstract
Recently, numerous extended chaotic map-based password authentication schemes that employ smart card technology were proposed for Telecare Medical Information Systems (TMISs). In 2015, Lu et al. used Li et al.'s scheme as a basis to propose a password authentication scheme for TMISs that is based on biometrics and smart card technology and employs extended chaotic maps. Lu et al. demonstrated that Li et al.'s scheme comprises some weaknesses such as those regarding a violation of the session-key security, a vulnerability to the user impersonation attack, and a lack of local verification. In this paper, however, we show that Lu et al.'s scheme is still insecure with respect to issues such as a violation of the session-key security, and that it is vulnerable to both the outsider attack and the impersonation attack. To overcome these drawbacks, we retain the useful properties of Lu et al.'s scheme to propose a new password authentication scheme that is based on smart card technology and requires the use of chaotic maps. Then, we show that our proposed scheme is more secure and efficient and supports security properties.
Collapse
Affiliation(s)
- Jongho Moon
- Information Security Group, Sungkyunkwan University, 2066 Seobu-ro, Suwon, 16419, Korea.
| | - Younsung Choi
- Information Security Group, Sungkyunkwan University, 2066 Seobu-ro, Suwon, 16419, Korea
| | - Jiye Kim
- Information Security Group, Sungkyunkwan University, 2066 Seobu-ro, Suwon, 16419, Korea
| | - Dongho Won
- Information Security Group, Sungkyunkwan University, 2066 Seobu-ro, Suwon, 16419, Korea.
| |
Collapse
|
11
|
An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards. PLoS One 2015; 10:e0145263. [PMID: 26709702 PMCID: PMC4699843 DOI: 10.1371/journal.pone.0145263] [Citation(s) in RCA: 34] [Impact Index Per Article: 3.8] [Reference Citation Analysis] [Abstract] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/02/2015] [Accepted: 11/30/2015] [Indexed: 11/19/2022] Open
Abstract
In multi-server environments, user authentication is a very important issue because it provides the authorization that enables users to access their data and services; furthermore, remote user authentication schemes for multi-server environments have solved the problem that has arisen from user's management of different identities and passwords. For this reason, numerous user authentication schemes that are designed for multi-server environments have been proposed over recent years. In 2015, Lu et al. improved upon Mishra et al.'s scheme, claiming that their remote user authentication scheme is more secure and practical; however, we found that Lu et al.'s scheme is still insecure and incorrect. In this paper, we demonstrate that Lu et al.'s scheme is vulnerable to outsider attack and user impersonation attack, and we propose a new biometrics-based scheme for authentication and key agreement that can be used in multi-server environments; then, we show that our proposed scheme is more secure and supports the required security properties.
Collapse
|
12
|
An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography. J Med Syst 2015; 39:175. [PMID: 26399937 DOI: 10.1007/s10916-015-0335-y] [Citation(s) in RCA: 36] [Impact Index Per Article: 4.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/27/2015] [Accepted: 08/26/2015] [Indexed: 10/23/2022]
Abstract
Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient's as well as TMIS server's legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1-8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.'s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.'s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.'s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.'s scheme is also robust against known attacks.
Collapse
|
13
|
Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System. J Med Syst 2015; 39:137. [PMID: 26324169 DOI: 10.1007/s10916-015-0307-2] [Citation(s) in RCA: 24] [Impact Index Per Article: 2.7] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/14/2015] [Accepted: 07/29/2015] [Indexed: 10/23/2022]
Abstract
In order to access remote medical server, generally the patients utilize smart card to login to the server. It has been observed that most of the user (patient) authentication protocols suffer from smart card stolen attack that means the attacker can mount several common attacks after extracting smart card information. Recently, Lu et al.'s proposes a session key agreement protocol between the patient and remote medical server and claims that the same protocol is secure against relevant security attacks. However, this paper presents several security attacks on Lu et al.'s protocol such as identity trace attack, new smart card issue attack, patient impersonation attack and medical server impersonation attack. In order to fix the mentioned security pitfalls including smart card stolen attack, this paper proposes an efficient remote mutual authentication protocol using smart card. We have then simulated the proposed protocol using widely-accepted AVISPA simulation tool whose results make certain that the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. Moreover, the rigorous security analysis proves that the proposed protocol provides strong security protection on the relevant security attacks including smart card stolen attack. We compare the proposed scheme with several related schemes in terms of computation cost and communication cost as well as security functionalities. It has been observed that the proposed scheme is comparatively better than related existing schemes.
Collapse
|
14
|
An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS. J Med Syst 2015; 39:79. [PMID: 26123833 DOI: 10.1007/s10916-015-0262-y] [Citation(s) in RCA: 32] [Impact Index Per Article: 3.6] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/15/2015] [Accepted: 06/02/2015] [Indexed: 10/23/2022]
Abstract
Recently, Giri et al.'s proposed a RSA cryptosystem based remote user authentication scheme for telecare medical information system and claimed that the protocol is secure against all the relevant security attacks. However, we have scrutinized the Giri et al.'s protocol and pointed out that the protocol is not secure against off-line password guessing attack, privileged insider attack and also suffers from anonymity problem. Moreover, the extension of password guessing attack leads to more security weaknesses. Therefore, this protocol needs improvement in terms of security before implementing in real-life application. To fix the mentioned security pitfalls, this paper proposes an improved scheme over Giri et al.'s scheme, which preserves user anonymity property. We have then simulated the proposed protocol using widely-accepted AVISPA tool which ensures that the protocol is SAFE under OFMC and CL-AtSe models, that means the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The informal cryptanalysis has been also presented, which confirmed that the proposed protocol provides well security protection on the relevant security attacks. The performance analysis section compares the proposed protocol with other existing protocols in terms of security and it has been observed that the protocol provides more security and achieves additional functionalities such as user anonymity and session key verification.
Collapse
|
15
|
A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity. J Med Syst 2015; 39:78. [DOI: 10.1007/s10916-015-0258-7] [Citation(s) in RCA: 56] [Impact Index Per Article: 6.2] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/25/2015] [Accepted: 06/02/2015] [Indexed: 11/30/2022]
|
16
|
Lu Y, Li L, Yang X, Yang Y. Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS One 2015; 10:e0126323. [PMID: 25978373 PMCID: PMC4433342 DOI: 10.1371/journal.pone.0126323] [Citation(s) in RCA: 54] [Impact Index Per Article: 6.0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/17/2014] [Accepted: 03/30/2015] [Indexed: 11/19/2022] Open
Abstract
Biometrics authenticated schemes using smart cards have attracted much attention in multi-server environments. Several schemes of this type where proposed in the past. However, many of them were found to have some design flaws. This paper concentrates on the security weaknesses of the three-factor authentication scheme by Mishra et al. After careful analysis, we find their scheme does not really resist replay attack while failing to provide an efficient password change phase. We further propose an improvement of Mishra et al.'s scheme with the purpose of preventing the security threats of their scheme. We demonstrate the proposed scheme is given to strong authentication against several attacks including attacks shown in the original scheme. In addition, we compare the performance and functionality with other multi-server authenticated key schemes.
Collapse
Affiliation(s)
- Yanrong Lu
- Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
- National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing 100876, China
| | - Lixiang Li
- Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
- National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing 100876, China
| | - Xing Yang
- Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
- National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing 100876, China
| | - Yixian Yang
- Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
- National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing 100876, China
| |
Collapse
|
17
|
Lu Y, Li L, Peng H, Xie D, Yang Y. Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 2015; 39:65. [PMID: 25900328 DOI: 10.1007/s10916-015-0229-z] [Citation(s) in RCA: 12] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/03/2014] [Accepted: 02/11/2015] [Indexed: 10/23/2022]
Abstract
The Telecare Medicine Information Systems (TMISs) provide an efficient communicating platform supporting the patients access health-care delivery services via internet or mobile networks. Authentication becomes an essential need when a remote patient logins into the telecare server. Recently, many extended chaotic maps based authentication schemes using smart cards for TMISs have been proposed. Li et al. proposed a secure smart cards based authentication scheme for TMISs using extended chaotic maps based on Lee's and Jiang et al.'s scheme. In this study, we show that Li et al.'s scheme has still some weaknesses such as violation the session key security, vulnerability to user impersonation attack and lack of local verification. To conquer these flaws, we propose a chaotic maps and smart cards based password authentication scheme by applying biometrics technique and hash function operations. Through the informal and formal security analyses, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Li et al.'s scheme. As compared with the previous authentication schemes, the proposed scheme is more secure and efficient and hence more practical for telemedical environments.
Collapse
Affiliation(s)
- Yanrong Lu
- Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China
| | | | | | | | | |
Collapse
|