Skip to main content

Advertisement

Log in

A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems

  • Research Article
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The telecare medicine information system enables the patients gain health monitoring at home and access medical services over internet or mobile networks. In recent years, the schemes based on cryptography have been proposed to address the security and privacy issues in the telecare medicine information systems. However, many schemes are insecure or they have low efficiency. Recently, Awasthi and Srivastava proposed a three-factor authentication scheme for telecare medicine information systems. In this paper, we show that their scheme is vulnerable to the reflection attacks. Furthermore, it fails to provide three-factor security and the user anonymity. We propose a new three-factor authentication scheme for the telecare medicine information systems. Detailed analysis demonstrates that the proposed scheme provides mutual authentication, server not knowing password and freedom of password, biometric update and three-factor security. Moreover, the new scheme provides the user anonymity. As compared with the previous three-factor authentication schemes, the proposed scheme is more secure and practical.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. He, D. B., An efficient remote user authentication and key exchange protocol for mobile client–server environment from pairings. Ad Hoc Netw. 10(6):1009–1016, 2012.

    Article  Google Scholar 

  2. Chen, T. H., and Lee, W. B., A new method for using hash function to solve remote user authentication. Comput. Electr. Eng. 34(1):53–62, 2008.

    Article  MATH  MathSciNet  Google Scholar 

  3. Sandirigama, M., Shimizu, A., and Noda, M. T., Simple and secure password authentication protocol. IEICE Trans. Commun. B(6)(E83):1363–1365, 2000.

    Google Scholar 

  4. He, D. B., Chen, Y. T., and Chen, J. H., Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn. 69(3):1149–1157, 2012.

    Article  MATH  MathSciNet  Google Scholar 

  5. He, D. B., Chen, J. H., and Hu, J., An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inf. Fusion 13(3):223–230, 2012.

    Article  Google Scholar 

  6. Lamport, L., Password authentication with insecure communication. Commun. ACM 24:28–30, 1981.

    Article  Google Scholar 

  7. Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1):28–30, 2000.

    Article  Google Scholar 

  8. Li, L., Lin, I., and Hwang, M., A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans. Neural. Netw 12(6):1498–1504, 2001.

    Article  Google Scholar 

  9. Das, M. L., Saxena, A., and Gulati, V. P., A dynamic id-based remote user authentication scheme. IEEE Trans. Consum. Electron 50(2):629–631, 2004.

    Article  Google Scholar 

  10. Yoon, E. J., Ryu, E. K., and Yoo, K. Y., Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron 50(2):612–614, 2004.

    Article  Google Scholar 

  11. Fan, C. I., and Lin, Y. H., Provably secure remote truly three-factor authentication scheme with privacy protection on biometric. IEEE T. Inf. Forensic Secur. 4(4):933–945, 2009.

    Article  Google Scholar 

  12. Bhargav-Spantzel, A., Squicciarini, A. C., Bertino, E., Modi, S., Young, M., and Elliott, S. J., Privacy preserving multi-factor authentication with biometric. J. Comput. Secur 15(5):529–560, 2007.

    Google Scholar 

  13. Pointcheval, D., and Zimmer, S., Multi-factor authenticated key exchange. ACNS 2008 LNCS. 5037:277–295, 2008.

    Google Scholar 

  14. Li, C. T., and Hwang, M.-S., An efficient biometric-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.

    Article  Google Scholar 

  15. He, D. B., Kumar, N., and Lee, J.-H., Enhanced three-factor security protocol for USB Consumer Storage Devices. IEEE Trans. Consum. Electron. 59(4):8111–817, 2013.

    Article  Google Scholar 

  16. Lee, J. K., Ryu, S. R., and Yoo, K. Y., Fingerprint-based remote user authentication scheme using smart cards. Electron. Lett. 38(12):554–555, 2002.

    Article  Google Scholar 

  17. Lin, C. H., and Lai, Y. Y., A flexible biometric remote user authentication scheme. Comput. Stand. Interfaces 27(1):19–23, 2004.

    Article  Google Scholar 

  18. Khan, M. K., and Zhang, J., Improving the security of ‘a flexible biometric remote user authentication scheme. Comput. Stand. Interfaces 29(1):82–85, 2007.

    Article  Google Scholar 

  19. Das, A. K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.

    Article  Google Scholar 

  20. Lee, C.-C., and Hsu, C.-W., A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. Nonlinear Dyn 71:201–211, 2013.

    Article  MathSciNet  Google Scholar 

  21. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2010. doi:10.1007/s10916-010-9614-9.

    Google Scholar 

  22. He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2011. doi:10.1007/s10916-011-9658-5.

    Google Scholar 

  23. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9835-1.

    Google Scholar 

  24. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9856-9.

    Google Scholar 

  25. Wang, R.-C., Juang, W.-S., and Lei, C.-L., Provably secure and efficient identification and key agreement protocol with user anonymity. J. Comput. Syst. Sci. 77(4):790–798, 2011. doi:10.1016/j.jcss.2010.07.004. 2010.

    Article  MATH  MathSciNet  Google Scholar 

  26. Khan, M. K., Kim, S.-K., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.

    Article  Google Scholar 

  27. Chen, H.-M., Lo, J.-W., and Yeh, C.-K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9862-y.

    Google Scholar 

  28. Tan, Z. W., An efficient biometric-based authentication scheme for telecare medicine information systems. Przegl. Elektrotech. 89(5):200–204, 2013.

    Google Scholar 

  29. Awasthi, A. K., Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37, 2013. doi:10.1007/s10916-013-9964-1.

  30. Liao, I.-E., Lee, C.-C., and Hwang, M.-S., A password scheme over insecure networks. J. Comput. Syst. Sci. 72(4):727–740, 2006.

    Article  MATH  MathSciNet  Google Scholar 

  31. Yang, G. M., Duncan, S. W., Wang, H. X., and Deng, X. T., Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74(7):1160–1172, 2008.

    Article  MATH  Google Scholar 

  32. Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  MathSciNet  Google Scholar 

  33. Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology-CRYPTO'99, Santa Barbara, California, USA, August 15–19, 1999. Lecture Notes in Computer Science, Vol. 1666, Springer, ISBN 3-540-66347-9, pages. 388–397, 1999.

Download references

Acknowledgments

This work is partially supported by the National Natural Science Foundation of China under Grant No.61163053, the Scholarship Program by China Scholarship Council (No.201208360050), the Open Project Program of Key Laboratory of Mathematics and Interdisciplinary Sciences of Guangdong Higher Education Institutes, Guangzhou University (No.2012-02-02-01), Natural Science Foundation of Jiangxi Province (20122BAB201035), and Foundation of Jiangxi Educational Committee under Grant GJJ13301.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Zuowen Tan.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Tan, Z. A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems. J Med Syst 38, 16 (2014). https://doi.org/10.1007/s10916-014-0016-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0016-2

Keywords

Navigation