|
1
|
Pergolizzi J, LeQuang JAK, Vasiliu-Feltes I, Breve F, Varrassi G. Brave New Healthcare: A Narrative Review of Digital Healthcare in American Medicine. Cureus 2023; 15:e46489. [PMID: 37927734 PMCID: PMC10623488 DOI: 10.7759/cureus.46489] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 07/18/2023] [Accepted: 09/30/2023] [Indexed: 11/07/2023] Open
Abstract
The digital revolution has had a profound effect on American and global healthcare, which was accelerated by the pandemic and telehealth applications. Digital health also includes popular and more esoteric forms of wearable monitoring systems and interscatter and other wireless technologies that facilitate their telemetry. The rise in artificial intelligence (AI) and machine learning (ML) may serve to improve interpretation from imaging technologies to electrocardiography or electroencephalographic tracings, and new ML techniques may allow these systems to scan data to discern and contextualize patterns that may have evaded human physicians. The necessity of virtual care during the pandemic has morphed into new treatment paradigms, which have gained patient acceptance but still raise issues with respect to privacy laws and credentialing. Augmented and virtual reality tools can facilitate surgical planning and "hands-on" clinical training activities. Patients are working with new frontiers in digital health in the form of "Dr. Google" and patient support websites to learn or share medical information. Patient-facing digital health information is both a blessing and curse, in that it can be a boon to health-literate patients who seek to be more active in their own care. On the other hand, digital health information can lead to false conclusions, catastrophizing, misunderstandings, and "cyberchondria." The role of blockchain, familiar from cryptocurrency, may play a role in future healthcare information and would serve as a disruptive, decentralizing, and potentially beneficial change. These important changes are both exciting and perplexing as clinicians and their patients learn to navigate this new system and how we address the questions it raises, such as medical privacy in a digital age. The goal of this review is to explore the vast range of digital health and how it may impact the healthcare system.
Collapse
Affiliation(s)
| | | | | | - Frank Breve
- Department of Pharmacy, Temple University, Philadelphia, USA
| | | |
Collapse
|
|
2
|
Jo HR, Pak KS, Kim CH, Zhang IJ. Cryptanalysis and improved mutual authentication key agreement protocol using pseudo-identity. PLoS One 2022; 17:e0271817. [PMID: 35901113 PMCID: PMC9333255 DOI: 10.1371/journal.pone.0271817] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/18/2022] [Accepted: 07/08/2022] [Indexed: 11/18/2022] Open
Abstract
The authentication key agreement is a scheme that generates a session key for encrypted communication between two participants. In the authentication key agreement, to provide the mutual authentication and the robust session key agreement is one of the important security requirements to enhance the security performance of key agreement. Recently Zhou et al. had proposed the key agreement protocol using pseudo-identifiers, but we found that there were weaknesses in their protocol. We have demonstrated that Zhou et al.’s protocol is vulnerable to replay attack, fails to provide mutual authentication, no key control, re-registration with the original identifier and efficiency in the verification of wrong password. We improved their scheme and proposed an improved authentication key agreement protocol that provides robust mutual authentication and the secure session key agreement. We analyzed its security performance using BAN logic and AVISPA tools and compared computational cost, communication overhead and security properties with other related schemes.
Collapse
Affiliation(s)
- Hyang-Rim Jo
- Faculty of Information Science, Kim Il Sung University, Pyongyang, the Democratic People’s Republic of Korea
| | - Kyong-Sok Pak
- Faculty of Information Science, Kim Il Sung University, Pyongyang, the Democratic People’s Republic of Korea
- * E-mail:
| | - Chung-Hyok Kim
- Faculty of Information Science, Kim Il Sung University, Pyongyang, the Democratic People’s Republic of Korea
| | - Il-Jin Zhang
- Faculty of Information Science, Kim Il Sung University, Pyongyang, the Democratic People’s Republic of Korea
| |
Collapse
|
|
3
|
Abstract
In the Internet of things (IoT) environment, many applications access services through remote methods. In this paper, we designed a new geometric authentication mechanism to enhance security. The solution is based on geometric characteristics to achieve rapid authentication at low computational cost. In addition, we use the user’s biometrics to improve the security level of the system. Our solution meets the following security features: anonymity, resistance to forgery attacks and replay attacks, fast error detection, resistance to offline password guessing attacks, resistance to server overload attacks, mutual authentication, session key agreement, and flexibility in users choosing and changing their passwords easily.
Collapse
|
|
4
|
A survey of authenticated key agreement protocols for multi-server architecture. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2020. [DOI: 10.1016/j.jisa.2020.102639] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/18/2022]
|
|
5
|
Lee H, Kang D, Ryu J, Won D, Kim H, Lee Y. A three-factor anonymous user authentication scheme for Internet of Things environments. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2020. [DOI: 10.1016/j.jisa.2020.102494] [Citation(s) in RCA: 18] [Impact Index Per Article: 4.5] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/27/2022]
|
|
6
|
A Secure Authentication and Key Agreement Scheme for IoT-Based Cloud Computing Environment. Symmetry (Basel) 2020. [DOI: 10.3390/sym12010150] [Citation(s) in RCA: 6] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/16/2022] Open
Abstract
The integration of Internet of things (IoT) and cloud computing technology has made our life more convenient in recent years. Cooperating with cloud computing, Internet of things can provide more efficient and practical services. People can accept IoT services via cloud servers anytime and anywhere in the IoT-based cloud computing environment. However, plenty of possible network attacks threaten the security of users and cloud servers. To implement effective access control and secure communication in the IoT-based cloud computing environment, identity authentication is essential. In 2016, He et al. put forward an anonymous authentication scheme, which is based on asymmetric cryptography. It is claimed that their scheme is capable of withstanding all kinds of known attacks and has good performance. However, their scheme has serious security weaknesses according to our cryptanalysis. The scheme is vulnerable to insider attack and DoS attack. For overcoming these weaknesses, we present an improved authentication and key agreement scheme for IoT-based cloud computing environment. The automated security verification (ProVerif), BAN-logic verification, and informal security analysis were performed. The results show that our proposed scheme is secure and can effectively resist all kinds of known attacks. Furthermore, compared with the original scheme in terms of security features and performance, our proposed scheme is feasible.
Collapse
|
|
7
|
Understanding security failures of multi-factor authentication schemes for multi-server environments. Comput Secur 2020. [DOI: 10.1016/j.cose.2019.101619] [Citation(s) in RCA: 31] [Impact Index Per Article: 7.8] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/22/2022]
|
|
8
|
Qiao H, Dong X, Shen Y. Authenticated Key Agreement Scheme with Strong Anonymity for Multi-Server Environment in TMIS. J Med Syst 2019; 43:321. [PMID: 31591653 DOI: 10.1007/s10916-019-1442-y] [Citation(s) in RCA: 8] [Impact Index Per Article: 1.6] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/27/2019] [Accepted: 08/28/2019] [Indexed: 11/27/2022]
Abstract
The technology of Internet of Things (IoT) has appealed to both professionals and the general public to its convenience and flexibility. As a crucial application of IoT, telecare medicine information system (TMIS) provides people a high quality of life and advanced level of medical service. In TMIS, smart card-based authenticated key agreement schemes for multi-server architectures have gathered momentum and positive impetus due to the conventional bound of a single server. However, we demonstrate that most of the protocols in the literatures can not implement strong security features in TMIS, such as Lee et al.'s and Shu's scheme. They store the identity information directly, which fail to provide strong anonymity and suffer from password guessing attack. Then we propose an extended authenticated key agreement scheme (short for AKAS) with strong anonymity for multi-server environment in TMIS, by enhancing the security of the correlation parameters stored in the smart cards and calculating patients' dynamic identities. Furthermore, the proposed chaotic map-based scheme provides privacy protection and is formally proved under Burrows-Abadi-Needham (BAN) logic. At the same, the informal security analysis attests that the AKAS scheme not only could resist the multifarious security attacks but also improve efficiency by 21% compared with Lee et al.'s and Shu's scheme.
Collapse
|
|
9
|
A New Enhanced Authentication Mechanism Using Session Key Agreement Protocol. CYBERNETICS AND INFORMATION TECHNOLOGIES 2018. [DOI: 10.2478/cait-2018-0048] [Citation(s) in RCA: 6] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/21/2022]
Abstract
Abstract
Cryptographic protocols are the backbone of information security. Unfortunately the security of several important components of these protocols can be neglected. This causes violation of personal privacy and threats to democracy. Integration of biometrics with cryptography can overcome this problem. In this paper an enhanced session key agreement protocol which uses the data derived from iris signature is suggested to improve the security of biometric based applications like e-Passport, e-Driving license, etc. The authenticity and security properties of the proposed protocol are analyzed using ProVerif tool and demonstrate it satisfies the intended properties.
Collapse
|
|
10
|
Qi M, Chen J, Chen Y. A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC. COMPUTER METHODS AND PROGRAMS IN BIOMEDICINE 2018; 164:101-109. [PMID: 30195418 DOI: 10.1016/j.cmpb.2018.07.008] [Citation(s) in RCA: 8] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 04/16/2018] [Revised: 06/15/2018] [Accepted: 07/16/2018] [Indexed: 06/08/2023]
Abstract
BACKGROUND AND OBJECTIVES Telecare Medicine Information System (TMIS) enables physicians to efficiently and conveniently make certain diagnoses and medical treatment for patients over the insecure public Internet. To ensure patients securely access to medicinal services, many authentication schemes have been proposed. Although numerous cryptographic authentication schemes for TMIS have been proposed with the aim to ensure data security, user privacy and authentication, various forms of attacks make these schemes impractical. METHODS To design a truly secure and practical authentication scheme for TMIS, a new biometrics-based authentication key exchange protocol for multi-server TMIS without sharing the system private key with distributed servers is presented in this work. RESULTS Our proposed protocol has perfect security features including mutual authentication, user anonymity, perfect forward secrecy and resisting various well-known attacks, and these security feathers are confirmed by the BAN logic and heuristic cryptanalysis, respectively. CONCLUSIONS A secure biometrics-based authentication key exchange protocol for multi-server TMIS is presented in this work, which has perfect security properties including perfect forward secrecy, supporting user anonymity, etc., and can withstand various attacks such as impersonation attack, off-line password guessing attack, etc.. Considering security is the most important factor for an authentication scheme, so our scheme is more suitable for multi-server TMIS.
Collapse
Affiliation(s)
- Mingping Qi
- School of Mathematics and Statistics, Wuhan University, Wuhan 430072, China.
| | - Jianhua Chen
- School of Mathematics and Statistics, Wuhan University, Wuhan 430072, China.
| | - Yitao Chen
- Wuhan Maritime Communication Research Institute, Hubei 430205, China.
| |
Collapse
|
|
11
|
Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments. PLoS One 2018. [PMID: 29534085 PMCID: PMC5849336 DOI: 10.1371/journal.pone.0194093] [Citation(s) in RCA: 9] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/19/2022] Open
Abstract
According to advancements in the wireless technologies, study of biometrics-based multi-server authenticated key agreement schemes has acquired a lot of momentum. Recently, Wang et al. presented a three-factor authentication protocol with key agreement and claimed that their scheme was resistant to several prominent attacks. Unfortunately, this paper indicates that their protocol is still vulnerable to the user impersonation attack, privileged insider attack and server spoofing attack. Furthermore, their protocol cannot provide the perfect forward secrecy. As a remedy of these aforementioned problems, we propose a biometrics-based authentication and key agreement scheme for multi-server environments. Compared with various related schemes, our protocol achieves the stronger security and provides more functionality properties. Besides, the proposed protocol shows the satisfactory performances in respect of storage requirement, communication overhead and computational cost. Thus, our protocol is suitable for expert systems and other multi-server architectures. Consequently, the proposed protocol is more appropriate in the distributed networks.
Collapse
|
|
12
|
Lee H, Lee D, Moon J, Jung J, Kang D, Kim H, Won D. An improved anonymous authentication scheme for roaming in ubiquitous networks. PLoS One 2018; 13:e0193366. [PMID: 29505575 PMCID: PMC5837109 DOI: 10.1371/journal.pone.0193366] [Citation(s) in RCA: 18] [Impact Index Per Article: 3.0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/07/2017] [Accepted: 01/29/2018] [Indexed: 11/18/2022] Open
Abstract
With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people's lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.'s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al's scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments.
Collapse
Affiliation(s)
- Hakjun Lee
- Department of Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seoburo, Suwon, Gyeonggido 16419, Korea
| | - Donghoon Lee
- Department of Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seoburo, Suwon, Gyeonggido 16419, Korea
| | - Jongho Moon
- Department of Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seoburo, Suwon, Gyeonggido 16419, Korea
| | - Jaewook Jung
- Department of Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seoburo, Suwon, Gyeonggido 16419, Korea
| | - Dongwoo Kang
- Department of Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seoburo, Suwon, Gyeonggido 16419, Korea
| | - Hyoungshick Kim
- Department of Computer Engineering, Sungkyunkwan University, 2066 Seoburo, Suwon, Gyeonggido 16419, Korea
| | - Dongho Won
- Department of Computer Engineering, Sungkyunkwan University, 2066 Seoburo, Suwon, Gyeonggido 16419, Korea
- * E-mail:
| |
Collapse
|
|
13
|
Guo H, Wang P, Zhang X, Huang Y, Ma F. A robust anonymous biometric-based authenticated key agreement scheme for multi-server environments. PLoS One 2017; 12:e0187403. [PMID: 29121050 PMCID: PMC5679566 DOI: 10.1371/journal.pone.0187403] [Citation(s) in RCA: 6] [Impact Index Per Article: 0.9] [Reference Citation Analysis] [Abstract] [MESH Headings] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/12/2017] [Accepted: 09/25/2017] [Indexed: 11/18/2022] Open
Abstract
In order to improve the security in remote authentication systems, numerous biometric-based authentication schemes using smart cards have been proposed. Recently, Moon et al. presented an authentication scheme to remedy the flaws of Lu et al.'s scheme, and claimed that their improved protocol supports the required security properties. Unfortunately, we found that Moon et al.'s scheme still has weaknesses. In this paper, we show that Moon et al.'s scheme is vulnerable to insider attack, server spoofing attack, user impersonation attack and guessing attack. Furthermore, we propose a robust anonymous multi-server authentication scheme using public key encryption to remove the aforementioned problems. From the subsequent formal and informal security analysis, we demonstrate that our proposed scheme provides strong mutual authentication and satisfies the desirable security requirements. The functional and performance analysis shows that the improved scheme has the best secure functionality and is computational efficient.
Collapse
Affiliation(s)
- Hua Guo
- Beijing Key Laboratory of Network Technology, Beihang University, Beijing 100191, China
| | - Pei Wang
- Beijing Key Laboratory of Network Technology, Beihang University, Beijing 100191, China
- National computer network and information security laboratory, National Computer network Emergency Response technical Team/Coordination Center, Beijing 100029, China
| | - Xiyong Zhang
- State Key Laboratory of Space-Ground Integrated Information Technology, Beijing 100020, China
- * E-mail:
| | - Yuanfei Huang
- National computer network and information security laboratory, National Computer network Emergency Response technical Team/Coordination Center, Beijing 100029, China
| | - Fangchao Ma
- Beijing information technology institute, Beijing 100094, China
| |
Collapse
|
|
14
|
Al‐Saggaf AA. Key binding biometrics‐based remote user authentication scheme using smart cards. IET BIOMETRICS 2017. [DOI: 10.1049/iet-bmt.2016.0146] [Citation(s) in RCA: 6] [Impact Index Per Article: 0.9] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/20/2022] Open
Affiliation(s)
- Alawi A Al‐Saggaf
- Dammam Community CollegeKing Fahd University of Petroleum and MineralsDhahran31261Saudi Arabia
| |
Collapse
|
|
15
|
Three-Factor-Based Confidentiality-Preserving Remote User Authentication Scheme in Multi-server Environment. ARABIAN JOURNAL FOR SCIENCE AND ENGINEERING 2017. [DOI: 10.1007/s13369-017-2665-1] [Citation(s) in RCA: 15] [Impact Index Per Article: 2.1] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/19/2022]
|
|
16
|
Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks. SENSORS 2016; 16:s16122123. [PMID: 27983616 PMCID: PMC5191103 DOI: 10.3390/s16122123] [Citation(s) in RCA: 27] [Impact Index Per Article: 3.4] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 10/19/2016] [Revised: 12/09/2016] [Accepted: 12/12/2016] [Indexed: 11/17/2022]
Abstract
Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.’s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment.
Collapse
|
|
17
|
Cryptanalysis and Extended Three-Factor Remote User Authentication Scheme in Multi-Server Environment. ARABIAN JOURNAL FOR SCIENCE AND ENGINEERING 2016. [DOI: 10.1007/s13369-016-2341-x] [Citation(s) in RCA: 16] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/20/2022]
|
|
18
|
Sutrala AK, Das AK, Odelu V, Wazid M, Kumari S. Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. COMPUTER METHODS AND PROGRAMS IN BIOMEDICINE 2016; 135:167-185. [PMID: 27586489 DOI: 10.1016/j.cmpb.2016.07.028] [Citation(s) in RCA: 12] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 03/07/2016] [Revised: 06/12/2016] [Accepted: 07/20/2016] [Indexed: 06/06/2023]
Abstract
BACKGROUND AND OBJECTIVES Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. METHODS Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property. RESULTS The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. CONCLUSIONS We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security verification of our scheme using the widely accepted AVISPA tool. High security and extra functionality features allow our proposed scheme to be applicable for telecare medicine information systems which is used for e-health care medical applications.
Collapse
Affiliation(s)
- Anil Kumar Sutrala
- Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India
| | - Ashok Kumar Das
- Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India.
| | - Vanga Odelu
- Department of Mathematics, Indian Institute of Technology, Kharagpur 721 302, India; Department of Computer Science and Engineering, Indian Institute of Information Technology, Sri City, Chittoor 517 588, Andhra Pradesh, India
| | - Mohammad Wazid
- Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India
| | - Saru Kumari
- Department of Mathematics, Ch. Charan Singh University, Meerut 250 005, Uttar Pradesh, India
| |
Collapse
|
|
19
|
Reddy AG, Das AK, Odelu V, Yoo KY. An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography. PLoS One 2016; 11:e0154308. [PMID: 27163786 PMCID: PMC4862638 DOI: 10.1371/journal.pone.0154308] [Citation(s) in RCA: 36] [Impact Index Per Article: 4.5] [Reference Citation Analysis] [Abstract] [MESH Headings] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/16/2016] [Accepted: 04/11/2016] [Indexed: 11/19/2022] Open
Abstract
Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.’s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.’s protocol and existing similar protocols.
Collapse
Affiliation(s)
| | - Ashok Kumar Das
- Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, India
| | - Vanga Odelu
- Department of mathematics, Indian Institute of Technology, Kharagpur, India
| | - Kee-Young Yoo
- School of Computer Science and Engineering, Kyungpook National University, Daegu, Korea
- * E-mail:
| |
Collapse
|
|
20
|
Wang C, Zhang X, Zheng Z. Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme. PLoS One 2016; 11:e0149173. [PMID: 26866606 PMCID: PMC4750975 DOI: 10.1371/journal.pone.0149173] [Citation(s) in RCA: 48] [Impact Index Per Article: 6.0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/02/2015] [Accepted: 12/28/2015] [Indexed: 11/19/2022] Open
Abstract
With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.’s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks.
Collapse
Affiliation(s)
- Chengqi Wang
- Key Laboratory of Mathematics, Informatics and Behavioral Semantics, Ministry of Education, and School of Mathematics and Systems Science, Beihang University, Beijing 100191, China
| | - Xiao Zhang
- Key Laboratory of Mathematics, Informatics and Behavioral Semantics, Ministry of Education, and School of Mathematics and Systems Science, Beihang University, Beijing 100191, China
- * E-mail: (XZ); (ZMZ)
| | - Zhiming Zheng
- Key Laboratory of Mathematics, Informatics and Behavioral Semantics, Ministry of Education, and School of Mathematics and Systems Science, Beihang University, Beijing 100191, China
- * E-mail: (XZ); (ZMZ)
| |
Collapse
|
|
21
|
An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards. PLoS One 2015; 10:e0145263. [PMID: 26709702 PMCID: PMC4699843 DOI: 10.1371/journal.pone.0145263] [Citation(s) in RCA: 34] [Impact Index Per Article: 3.8] [Reference Citation Analysis] [Abstract] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/02/2015] [Accepted: 11/30/2015] [Indexed: 11/19/2022] Open
Abstract
In multi-server environments, user authentication is a very important issue because it provides the authorization that enables users to access their data and services; furthermore, remote user authentication schemes for multi-server environments have solved the problem that has arisen from user's management of different identities and passwords. For this reason, numerous user authentication schemes that are designed for multi-server environments have been proposed over recent years. In 2015, Lu et al. improved upon Mishra et al.'s scheme, claiming that their remote user authentication scheme is more secure and practical; however, we found that Lu et al.'s scheme is still insecure and incorrect. In this paper, we demonstrate that Lu et al.'s scheme is vulnerable to outsider attack and user impersonation attack, and we propose a new biometrics-based scheme for authentication and key agreement that can be used in multi-server environments; then, we show that our proposed scheme is more secure and supports the required security properties.
Collapse
|