Skip to main content

Advertisement

SpringerLink
Log in

A Secure User Anonymity and Authentication Scheme Using AVISPA for Telecare Medical Information Systems

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Telecare medicine information systems (TMIS) have been known as an effective mechanism to increase quality and security of healthcare services. In other to the protection of patient privacy, several authentication schemes have been proposed in TMIS, however, most of them have a security problems. Recently, Das proposed a secure and robust password-based remote user authentication scheme for the integrated EPR information system. However, in this paper, we show that his scheme have some security flaws. Then, we shall propose a secure authentication scheme to overcome their weaknesses. We prove the proposed scheme with random oracle and also use the BAN logic to prove the correctness of the proposed scheme. Furthermore, we simulate our scheme for the formal security analysis using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):9954, 2013.

    Article  PubMed  Google Scholar 

  2. Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  Google Scholar 

  3. Khan, M. K., and Kumari, S., Cryptanalysis and improvement of “An efficient and secure dynamic ID-based authentication scheme for Telecare medical information systems”. Secur. Commun. Netw. 7(2):399–408, 2014.

    Article  Google Scholar 

  4. Witteman, M., Advances in smartcard security. Inf. Secur. Bull. 7:11–22, 2002.

    Google Scholar 

  5. Lee, N. Y., and Chen, J. C., Improvement of one-time password authentication scheme using smart card. IEICE Trans. Commun. E88-B(9):3765–3769, 2005.

    Article  Google Scholar 

  6. Chen, T. H., Hsiang, H. C., and Shih, W. K., Security enhancement on an improvement on two remote user authentication schemes using smart cards. Futur. Gener. Comput. Syst. 27(4):377–380, 2011.

    Article  Google Scholar 

  7. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  PubMed  Google Scholar 

  8. He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36:1989–1995, 2012.

    Article  Google Scholar 

  9. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  PubMed  Google Scholar 

  10. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36:3833–3838, 2012.

    Article  PubMed  Google Scholar 

  11. Das, M. L., Saxana, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.

    Article  Google Scholar 

  12. Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  PubMed  Google Scholar 

  13. Khan, M. K., et al., Cryptanalysis and security enhancement of a more efficient and secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.

    Article  Google Scholar 

  14. Lin, H. Y., On the security of a dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 37:9929, 2013.

    Article  PubMed  Google Scholar 

  15. Cao, T., and Zhai, J., Improved dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 37:9912, 2013.

    Article  PubMed  Google Scholar 

  16. Sood, S. K., Sarjee, A. K., and Singh, K., An improvement of Liao et al.’s authentication scheme using smart card. IEEE 2nd International Advance Computing Conference (IACC2010), Patiala, India, pp. 240–245, 2010.

  17. He, D., Kumar, N., Lee, J. H., and Sherratt, R. S., Enhanced three factor security protocol for consumer USB mass storage devices. IEEE Trans. Consum. Electron. 60(1):30–37, 2014.

    Article  Google Scholar 

  18. Maitra, T., and Giri, D., An efficient biometric and password based remote user authentication using smart card for telecare medical information systems in multi-server environment. J. Med. Syst. 38(12):142, 2014.

    Article  PubMed  Google Scholar 

  19. He, D., Kumar, N., Chilamkurti, N., and Lee, J. H., Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J. Med. Syst. 38(10):1–6, 2014.

    Article  Google Scholar 

  20. Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1):28–30, 2000.

    Article  Google Scholar 

  21. Wen, F., and Li, X., An improved dynamic ID-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2):381–387, 2011.

    Article  Google Scholar 

  22. Chen, C., He, D., Chan, S., Bu, S. J., Gao, Y., and Fan, R., Lightweight and provably secure user authentication with anonymity for the global mobility network. Int. J. Commun. Syst. 24(3):347–362, 2011.

    Article  Google Scholar 

  23. Lee, T. F., Chang, J. B., Chan, C. W., and Liu, H. C., Password-based mutual authentication scheme using smart cards. The E-learning and Information Technology Symposium (EITS2010), Tainan, Taiwan, 2010.

  24. Das, A., A secure and robust password-based remote user authentication scheme using smart cards for the integrated EPR information system. J. Med. Syst. 39:25, 2015.

    Article  PubMed  Google Scholar 

  25. Li, C. T., Lee, C. C., Weng, C. Y., and Fan, C. I., An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Trans. Internet Inf. Syst. 7:119–131, 2013.

    Article  CAS  Google Scholar 

  26. Li, C. T., A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Inf. Secur. 7:3–10, 2013.

    Article  Google Scholar 

  27. Wen, F., A more secure anonymous user authentication scheme for the integrated EPR information system. J. Med. Syst. 38(5):42, 2014.

    Article  PubMed  Google Scholar 

  28. Wen, F. T., and Guo, D. L., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(5):26, 2014.

    Article  PubMed  Google Scholar 

  29. Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38:136, 2014.

    Article  PubMed  Google Scholar 

  30. Das, A., A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems. J. Med. Syst. 39:218, 2015.

    Google Scholar 

  31. Guo, D., Wen, Q., Li, W., Zhang, H., and Jin, Z., An improved biometrics-based authentication scheme for telecare medical information systems. J. Med. Syst. 39:20, 2015.

    Article  PubMed  Google Scholar 

  32. Burrows, M., Abadi, M., and Needham, R., A logic of authentication. ACM Trans. Comput. Syst. 8(1):18–36, 1990.

    Article  Google Scholar 

  33. He, D., and Zeadally, S., An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J. 2(1):72–83, 2015.

    Article  Google Scholar 

  34. Sarkar, P., A Simple and generic construction of authenticated encryption with associated data. ACM Trans. Inf. Syst. Secur. 13(4):33, 2010.

    Article  Google Scholar 

  35. Chang, Y. F., Yu, S. H., and Shiao, D. R., An uniqueness-and anonymity preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.

    Article  PubMed  Google Scholar 

  36. The AVISPA Project, HLPSL tutorial: a beginner’s guide to modelling and analysing Internet security protocols. Available at URL: www.avispa-project.org, 2005.

  37. AVISPA. Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed on January 2013.

  38. Mishraa, D., Das, A. K., and Mukhopadhyay, S., A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst. Appl. 41(18):8129–8143, 2014.

    Article  Google Scholar 

  39. Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37:9933, 2013.

    Article  PubMed  Google Scholar 

  40. Stallings, W., Cryptography and network security: principles and practices, 3rd edition. Englewood Cliffs, Prentice Hall, 2003.

    Google Scholar 

  41. Li, C. T., Lee, C. C., and Weng, C. Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):77, 2014.

    Article  PubMed  Google Scholar 

  42. He, D., Kumar, N., and Chilamkurti, N., A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci. 2015. doi:10.1016/j.ins.2015.02.010.

    Google Scholar 

  43. He, D., and Zeadally, S., Authentication protocol for ambient assisted living system. IEEE Commun. Mag. 35(1):71–77, 2015.

    Article  Google Scholar 

  44. Chen, C. L., Yang, T. T., Chiang, M. L., and Shih, T. F., A privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 38(11):143, 2014.

    Article  PubMed  Google Scholar 

  45. Arshad, H., and Nikooghadam, M., An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimedia Tool Appl. 2014. doi:10.1007/s11042-014-2282-x.

    Google Scholar 

  46. Mir, O., and Nikooghadam, M., A secure biometrics based authentication with key agreement scheme in telemedicine networks for E-health services. Wirel. Pers. Commun. 2015. doi:10.1007/s11277-015-2538-4.

    Google Scholar 

  47. He, D., Zhang, Y., and Chen, J., Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wirel. Pers. Commun. 74(2):229–243, 2014.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Computing and Information Sciences, Radboud University Nijmegen, Nijmegen, The Netherlands

    Omid Mir & Theo van der Weide

  2. Department of Library and Information Science, Fu Jen Catholic University, New Taipei City, Taiwan

    Cheng-Chi Lee

  3. Department of Photonics & Communication Engineering, Asia University, Taichung, Taiwan

    Cheng-Chi Lee

Authors
  1. Omid Mir
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Theo van der Weide
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cheng-Chi Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cheng-Chi Lee.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mir, O., van der Weide, T. & Lee, CC. A Secure User Anonymity and Authentication Scheme Using AVISPA for Telecare Medical Information Systems. J Med Syst 39, 89 (2015). https://doi.org/10.1007/s10916-015-0265-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0265-8

Keywords

Search

Navigation