Skip to main content

Advertisement

SpringerLink
Log in

Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.’s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.’s scheme and additionally achieves extra security requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Amin, R, Cryptanalysis and an efficient secure id-based remote user authentication using smart card. Int. J. Comput. Appl. 75(13):43–48, 2013.

    Google Scholar 

  2. Amin, R, and Biswas, GP, Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arab. J. Sci. Eng.,1–15, 2015. doi:10.1007/s13369-015-1743-5.

  3. Amin, R, and Biswas, GP, Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel. Pers. Commun., 1–24, 2015. doi:10.1007/s11277-015-2616-7.

  4. Amin, R, and Biswas, GP, An improved rsa based user authentication and session key agreement protocol usable in tmis. J. Med. Syst. 39(8):79, 2015. doi:10.1007/s10916-015-0262-y.

  5. Amin, R, and Biswas, GP, A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J. Med. Syst. 39(3):33, 2015. doi:10.1007/s10916-015-0217-3.

  6. Amin, R, and Biswas, GP, Remote access control mechanism using rabin public key cryptosystem. In: Information Systems Design and Intelligent Applications, Advances in Intelligent Systems and Computing. Vol. 339, pp. 525–533. Springer, India. 2015. doi:10.1007/978-81-322-2250-7_52.

  7. Amin, R, and Biswas, GP, A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Netw., 2015. doi:10.1016/j.adhoc.2015.05.020.

  8. Amin, R, and Biswas, GP, A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8):78, 2015. doi:10.1007/s10916-015-0258-7.

    Article  PubMed  Google Scholar 

  9. Amin, R, Islam, SH, Biswas, GP, Khan, MK: An efficient remote mutual authentication scheme using smart mobile phone over insecure networks. In: Cyber Situational Awareness, 2015 International Conference on Data Analytics and Assessment (CyberSA). pp. 1–7, 2015, doi:10.1109/CyberSA.2015.7166114

  10. Amin, R, Maitra, T, Rana, SP, An improvement of Wang et. al.’s remote user authentication scheme against smart card security breach. Int. J. Comput. Appl. 75(13):37–42, 2013.

    Google Scholar 

  11. An, Y, Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. J. Biomed. Biotechnol. 6, 2012. doi:10.1155/2012/519723.

  12. An, YH: Security improvements of dynamic id-based remote user authentication scheme with session key agreement. In: 2013 15th International Conference on Advanced Communication Technology (ICACT), pp. 1072–1076 (2013)

  13. Arshad, H, and Nikooghadam, M, Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):1–12, 2014. doi:10.1007/s10916-014-0136-8.

  14. Burrows, M, Abadi, M, Needham, R, A logic of authentication. ACM Trans. Comput. Syst. 8(1):18–36, 1990. doi:10.1145/77648.77649 10.1145/77648.77649.

  15. Chang, YF, Tai, WL, Chang, HC, Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 27(11):3430–3440, 2014. doi:10.1002/dac.2552.

    Google Scholar 

  16. Chang, YF, Yu, SH, Shiao, DR, A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(2):9902, 2013. doi:10.1007/s10916-012-9902-7.

    Article  PubMed  Google Scholar 

  17. Chaudhry, SA, Farash, MS, Naqvi, H, Kumari, S, Khan, MK, An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks, 2015. doi:10.1002/sec.1299.

    Google Scholar 

  18. Chaudhry, SA, Naqvi, H, Shon, T, Sher, M, Farash, MS, Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6):66, 2015. doi:10.1007/s10916-015-0244-0.

    Article  PubMed  Google Scholar 

  19. Chaudhry, SA, Uddin, N, Sher, M, Ghani, A, Naqvi, H, Irshad, A, An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimedia Tools and Applications 74(5):1711–1723, 2015. doi:10.1007/s11042-014-2283-9.

    Article  Google Scholar 

  20. Chou, JS, Huang, CH, Huang, YS, Chen4, Y: Efficient two-pass anonymous identity authentication using smart card. Cryptology ePrint Archive, Report 2013/402 (2013)

  21. Das, A, Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. Inf. Secur., IET 5(3):145–151, 2011. doi:10.1049/iet-ifs.2010.0125.

    Article  Google Scholar 

  22. Das, AK, Cryptanalysis and further improvement of a biometric-based remote user authentication scheme using smart cards. International Journal of Network Security and Its Applications 3(2):13–28, 2011.

    Article  Google Scholar 

  23. Das, AK, and Goswami, A, A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9948, 2013. doi:10.1007/s10916-013-9948-1 10.1007/s10916-013-9948-1.

    Article  PubMed  Google Scholar 

  24. Dolev, D, and Yao, AC, On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198–208, 1983.

    Article  Google Scholar 

  25. Farash, MS, Chaudhry, SA, Heydari, M, Sajad Sadough, SM, Kumari, S, Khan, MK, A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int. J. Commun. Syst., 2015. doi:10.1002/dac.3019.

    Google Scholar 

  26. Fu, Z, Sun, X, Liu, Q, Zhou, L, Shu, J, Achieving efficient cloud search services: Multikeyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans. Commun. E98B(1):190–200, 2015.

    Article  Google Scholar 

  27. Giri, D, Maitra, T, Amin, R, Srivastava, PD, An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1):145, 2014. doi:10.1007/s10916-014-0145-7.

    Article  PubMed  Google Scholar 

  28. Guo, P, Wang, J, Li, B, Lee, S, A variable threshold-value authentication architecture for wireless mesh networks. J. Internet Technol. 15(6):929–936, 2014.

    Google Scholar 

  29. Islam, S H, and Biswas, GP, Dynamic id-based remote user mutual authentication scheme with smartcard using elliptic curve cryptography. J. Electron. (China) 31(5):473–488, 2014. doi:10.1007/s11767-014-4002-0.

    Article  Google Scholar 

  30. He, D, Jianhua, C, Rui, Z, A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  31. He, D, and Khan, MK, Cryptanalysis of a key agreement protocol based on chaotic hash. Int. J. Electron. Secur. Digit. Forensic. 5(3–4):172–177, 2013. doi:10.1504/IJESDF.2013.058650.

    Article  Google Scholar 

  32. He, D, Khan, MK, Kumar, N, A new handover authentication protocol based on bilinear pairing functions for wireless networks. Int. J. Ad Hoc Ubiquit. Comput. 18(1–2):67–74, 2015. doi:10.1504/IJAHUC.2015.067774.

    Article  Google Scholar 

  33. He, D, Kumar, N, Chen, J, Lee, CC, Chilamkurti, N, Yeo, SS, Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems. 21(1):49–60, 2015. doi:10.1007/s00530-013-0346-9.

    Article  Google Scholar 

  34. He, D, Kumar, N, Chilamkurti, N, A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci 321: 263–277, 2015. doi:10.1016/j.ins.2015.02.010.

    Article  Google Scholar 

  35. He, D, Kumar, N, Chilamkurti, N, Lee, JH, Lightweight ecc based rfid authentication integrated with an id verifier transfer protocol. J. Med. Syst. 38(10):116, 2014. doi:10.1007/s10916-014-0116-z 10.1007/s10916-014-0116-z.

    Article  PubMed  Google Scholar 

  36. He, D, Kumar, N, Lee, JH, Sherratt, R, Enhanced three-factor security protocol for consumer usb mass storage devices. IEEE Trans. Consum. Electron. 60(1):30–37, 2014. doi:10.1109/TCE.2014.6780922.

    Article  Google Scholar 

  37. He, D, and Zeadally, S, Authentication protocol for an ambient assisted living system. Commun. Mag. IEEE 53(1):71–77, 2015. doi:10.1109/MCOM.2015.7010518.

    Article  Google Scholar 

  38. Islam, S H, Khan, MK, Obaidat, MS, Muhaya, F.T.B, Provably secure and anonymous password authentication protocol for roaming service in global mobility networks using extended chaotic maps. Wirel. Pers. Commun.,1–22, 2015. doi:10.1007/s11277-015-2542-8.

  39. Islam, SH, Design and analysis of an improved smartcard based remote user password authentication scheme. Int. J. Commun. Syst., 2014. doi:10.1002/dac.2793.

  40. Islam, SH, A provably secure id-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wirel. Pers. Commun. 79(3):1975–1991, 2014. doi:10.1007/s11277-014-1968-8.

    Article  Google Scholar 

  41. Islam, SH, Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inf. Sci. 312:104–130, 2015. doi:10.1016/j.ins.2015.03.050.

    Article  Google Scholar 

  42. Islam, SH, and Biswas, GP, A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.

    Article  Google Scholar 

  43. Islam, SH, and Biswas, GP, Design of improved password authentication and update scheme based on elliptic curve cryptography. Math. Comput. Model. 57(1112):2703–2717, 2013. doi:10.1016/j.mcm.2011.07.001. Information System Security and Performance Modeling and Simulation for Future Mobile Networks.

    Article  Google Scholar 

  44. Islam, SH, and Khan, MK, Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10):135, 2014. doi:10.1007/s10916-014-0135-9.

    Article  PubMed  Google Scholar 

  45. Jina, A.T.B, Ling, D.N.C, Goh, A, Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.

    Article  Google Scholar 

  46. Khan, MK, and He, D, A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography. Sec. and Commun. Netw. 5(11):1260–1266, 2012. doi:10.1002/sec.573.

    Google Scholar 

  47. Khan, MK, and Kumari, S, An improved biometrics-based remote user authentication scheme with user anonymity. BioMed Res. Int.,9, 2013. doi:10.1155/2013/491289.

  48. Khan, MK, and Zhang, J, Improving the security of a flexible biometrics remote user authentication scheme. Comput. Stand. Interfaces. 29(1):82–85, 2007. doi:10.1016/j.csi.2006.01.002.

  49. Kocher, P, Jaffe, J, Jun, B: Differential power analysis. In: Advances in Cryptology CRYPTO 99, Lecture Notes in Computer Science, Vol. 1666, pp. 388–397 (1999)

  50. Kumari, S, and Khan, MK, More secure smart card-based remote user password authentication scheme with user anonymity. Secur. Commun. Netw. 7(11):2039–2053, 2014. doi:10.1002/sec.916.

  51. Kumari, S, Khan, MK, Atiquzzaman, M, User authentication schemes for wireless sensor networks: A review. Ad Hoc Netw. 27:159–194, 2015. doi:10.1016/j.adhoc.2014.11.018.

    Article  Google Scholar 

  52. Kumari, S, Khan, MK, Li, X, An improved remote user authentication scheme with key agreement. Comput. Electr. Eng. 40(6):1997–2012, 2014. doi:10.1016/j.compeleceng.2014.05.007.

    Article  Google Scholar 

  53. Kumari, S, Khan, MK, Li, X, Wu, F, Design of a user anonymous password authentication scheme without smart card. Int. J. Commun. Syst. 27(10):609–618, 2014. doi:10.1002/dac.2853.

    Google Scholar 

  54. Lee, JK, Ryu, SR, Yoo, KY, Fingerprint-based remote user authentication scheme using smart cards. Electron. Lett. 38(12):554–555, 2002.

    Article  Google Scholar 

  55. Li, CT, and Hwang, MS, An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.

    Article  Google Scholar 

  56. Li, X, Ma, J, Wang, W, Xiong, Y, Zhang, J, A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Math. Comput. Model. 58(12):85–95, 2013. doi:10.1016/j.mcm.2012.06.033.

    Article  Google Scholar 

  57. Li, X, Niu, J, Khan, MK, Liao, J, An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5):1365–1371, 2013. doi:10.1016/j.jnca.2013.02.034.

    Article  Google Scholar 

  58. Li, X, Niu, JW, Ma, J, Wang, WD, Liu, CL, Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.

    Article  CAS  Google Scholar 

  59. Li, X, Xiong, Y, Ma, J, Wang, W, An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2):763–769, 2012. doi:10.1016/j.jnca.2011.11.009.

    Article  CAS  Google Scholar 

  60. Lin, CH, and Lai, YY, A flexible biometrics remote user authentication scheme. Computer Standards & Interfaces 27(1):19–23, 2004. doi:10.1016/j.csi.2004.03.003.

    Article  Google Scholar 

  61. Lumini, A, and Nanni, L, An improved biohashing for human authentication. Pattern Recogn. 40(3): 1057–1065, 2007.

    Article  Google Scholar 

  62. Messerges, TS, Dabbish, EA, Sloan, RH, Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  Google Scholar 

  63. Mishra, D: A study on id-based authentication schemes for telecare medical information system. CoRR arXiv: http://arxiv.org/abs/1311.0151 (2013)

  64. Mishra, D, Mukhopadhyay, S, Chaturvedi, A, Kumari, S, Khan, MK, Cryptanalysis and improvement of yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6): 24, 2014. doi:10.1007/s10916-014-0024-2.

    Article  PubMed  Google Scholar 

  65. Mishra, D, Mukhopadhyay, S, Kumari, S, Khan, M, Chaturvedi, A, Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5):41, 2014. doi:10.1007/s10916-014-0041-1.

    Article  PubMed  Google Scholar 

  66. Ren, Y, Shen, J, Wang, J, Han, J, Lee, S, Mutual verifiable provable data auditing in public cloud storage. J. Internet Technol. 16(2):317–323, 2014.

    Google Scholar 

  67. Tool, AW: http://www.avispa-project.org/web-interface/expert.php/ use on febraury (2015)

  68. Wang, XM, Zhang, WF, Zhang, JS, Khan, MK, Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Computer Standards & Interfaces 29(5):507–512, 2007. doi:10.1016/j.csi.2006.11.005.

    Article  Google Scholar 

  69. Yan Wang, Y, Yong Liu, J, Xia Xiao, F, Dan, J, A more efficient and secure dynamic id-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009. doi:10.1016/j.comcom.2008.11.008.

    Article  Google Scholar 

  70. Wei, J, Hu, X, Liu, W, An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  PubMed  Google Scholar 

  71. Wen, F, and Li, X, An improved dynamic id-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2):381–387, 2012. doi:10.1016/j.compeleceng.2011.11.010.

    Article  Google Scholar 

  72. Wu, ZY, Lee, YC, Lai, F, Lee, HC, Chung, Y, A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  PubMed  Google Scholar 

  73. Xu, X, Zhu, P, Wen, Q, Jin, Z, Zhang, H, He, L, A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(6):24, 2014. doi:10.1007/s10916-013-9994-8..

    Article  Google Scholar 

  74. Zhang, L, and Zhu, S, Robust ecc-based authenticated key agreement scheme with privacy protection for telecare medicine information systems. J. Med. Syst. 39(5):49, 2015. doi:10.1007/s10916-015-0233-3.

    Article  PubMed  Google Scholar 

  75. Zhu, Z, An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012. doi:10.1007/s10916-012-9856-9.

    Article  PubMed  Google Scholar 

Download references

Acknowledgments

The second author is supported by the Outstanding Potential for Excellence in Research and Academics (OPERA) award, Birla Institute of Technology and Science (BITS) Pilani, Pilani Campus, Rajasthan, India. The authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16). This research is also partially supported by the National Natural Science Foundation of China under Grant No. 61300220.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian School of Mines, Dhanbad, 826004, Jharkhand, India

    Ruhul Amin & G. P. Biswas

  2. Department of Computer Science and Information Systems, Birla Institute of Technology and Science, Pilani Campus, Rajasthan, 333031, India

    SK Hafizul Islam

  3. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

  4. School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, 411201, China

    Xiong Li

Authors
  1. Ruhul Amin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. SK Hafizul Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. G. P. Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to SK Hafizul Islam.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Amin, R., Islam, S.H., Biswas, G. et al. Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems. J Med Syst 39, 140 (2015). https://doi.org/10.1007/s10916-015-0318-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0318-z

Keywords

Search

Navigation