Abstract
In the last few years, numerous remote user authentication and session key agreement schemes have been put forwarded for Telecare Medical Information System, where the patient and medical server exchange medical information using Internet. We have found that most of the schemes are not usable for practical applications due to known security weaknesses. It is also worth to note that unrestricted number of patients login to the single medical server across the globe. Therefore, the computation and maintenance overhead would be high and the server may fail to provide services. In this article, we have designed a medical system architecture and a standard mutual authentication scheme for single medical server, where the patient can securely exchange medical data with the doctor(s) via trusted central medical server over any insecure network. We then explored the security of the scheme with its resilience to attacks. Moreover, we formally validated the proposed scheme through the simulation using Automated Validation of Internet Security Schemes and Applications software whose outcomes confirm that the scheme is protected against active and passive attacks. The performance comparison demonstrated that the proposed scheme has lower communication cost than the existing schemes in literature. In addition, the computation cost of the proposed scheme is nearly equal to the exiting schemes. The proposed scheme not only efficient in terms of different security attacks, but it also provides an efficient login, mutual authentication, session key agreement and verification and password update phases along with password recovery.
Similar content being viewed by others
References
Amin, R., and Biswas, G. P., Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel. Pers. Commun. 1–24, 2015. doi:10.1007/s11277-015-2616-7.
Amin, R., and Biswas, G. P., An improved rsa based user authentication and session key agreement protocol usable in tmis. J. Med. Syst. 39(8):79, 2015. doi:10.1007/s10916-015-0262-y.
Amin, R., and Biswas, G. P., A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J. Med. Syst. 39(3):33, 2015. doi:10.1007/s10916-015-0217-3.
Amin, R., and Biswas, G. P.: Remote access control mechanism using rabin public key cryptosystem. In: Information Systems Design and Intelligent Applications, Advances in Intelligent Systems and Computing, vol. 339, pp. 525–533. India: Springer, 2015. doi:10.1007/978-81-322-2250-7_52
Amin, R., and Biswas, G. P., A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks: Ad Hoc Networks, 2015.
Amin, R., and Biswas, G. P., A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8):78, 2015. doi:10.1007/s10916-015-0258-7.
Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., An efficient remote mutual authentication scheme using smart mobile phone over insecure networks. In: 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–7 (2015), doi:10.1109/CyberSA.2015.7166114
Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., Li, X., Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J. Med. Syst. 2015. doi:10.1007/s10916-015-0318-z.
Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., Obaidat, M. S., Design and analysis of an enhanced patient-server mutual authentication protocol for telecare medical information system. J. Med. Technol. 39(11):137, 2015. doi:10.1007/s10916-015-0307-2.
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P. H., Héam, P. C., Kouchnarenko, O., Mantovani, J., et al., The avispa tool for the automated validation of internet security protocols and applications. In: Computer Aided Verification, pp. 281–285: Springer, 2005
Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–7, 2013.
Chaudhry, S. A., Farash, M. S., Naqvi, H., Kumari, S., Khan, M. K., An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks, 2015. doi:10.1002/sec.1299.
Chen, H. M., Lo, J. W., Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.
Dolev, D., and Yao, A. C., On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198–208, 1983.
Farash, M. S., Chaudhry, S. A., Heydari, M., Sajad Sadough, S. M., Kumari, S., Khan, M. K., A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int. J. Commun. Syst. 2015. doi:10.1002/dac.3019.
Giri, D., Maitra, T., Amin, R., Srivastava, P., An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1):145, 2014. doi:10.1007/s10916-014-0145-7.
Guo, P., Wang, J., Li, B., Lee, S., A variable thresholdvalue authentication architecture for wireless mesh networks. Journal of Internet Technology 15(6):929–936, 2014.
He, D., Jianhua, C., Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.
He, D., Kumar, N., Chen, J., Lee, C. C., Chilamkurti, N., Yeo, S. S., Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems 21(1):49–60, 2015. doi:10.1007/s00530-013-0346-9.
He, D., Kumar, N., Chilamkurti, N., A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci. 321:263–277, 2015. doi:10.1016/j.ins.2015.02.010. http://www.sciencedirect.com/science/article/pii/S0020025515001012.
He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 9(3):816–823, 2015. doi:10.1109/JSYST.2014.2301517.
Hsu, C. L., Chuang, Y. H., Kuo, C.l., A novel remote user authentication scheme from bilinear pairings via internet. Wirel. Pers. Commun. 1–12, 2015.
Islam, SH, Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inf. Sci. 312(0):104–130, 2015. doi:10.1016/j.ins.2015.03.050.
Islam, S. H., and Biswas, G. P., An efficient and secure strong designated verifier signature scheme without bilinear pairings. Journal of Applied Mathematics and Informatics 31(3–4):425–441, 2013.
Islam, S. H., Khan, M. K., Obaidat, M. S., Muhaya, F.T.B., Provably secure and anonymous password authentication protocol for roaming service in global mobility networks using extended chaotic maps. Wirel. Pers. Commun. 1–22, 2015. doi:10.1007/s11277-015-2542-8.
Jiang, Q., Ma, J., Lu, X., Tian, Y., Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J. Med. Syst. 38(2):1–8, 2014.
Kalra, S., and Sood, S., Advanced remote user authentication protocol for multi-server architecture based on ecc. Journal of Information Security and Applications 18(2):98–107, 2013.
Kim, H., Jeon, W., Lee, K., Lee, Y., Won, D., Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme. In: Computational Science and Its Applications–ICCSA 2012, pp. 391–406: Springer, 2012.
Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology CRYPTO 99, Lecture Notes in Computer Science, vol. 1666, pp. 388–397 (1999)
Lee, C. C., Hsu, C. W., Lai, Y. M., Vasilakos, A., An enhanced mobile-healthcare emergency system based on extended chaotic maps. J. Med. Syst. 37(5):1–12, 2013.
Lee, T. F., Chang, I. P., Lin, T. H., Wang, C. C., A secure and efficient password-based user authentication scheme using smart cards for the integrated epr information system. J. Med. Syst. 37(3):1–7, 2013.
Li, C. T., Lee, C. C., Weng, C. Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):1–11, 2014.
Li, X., Ma, J., Wang, W., Xiong, Y., Zhang, J., A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Math. Comput. Model. 58(1):85–95, 2013.
Li, X., Niu, J., Khan, M. K., Liao, J., An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5):1365–1371, 2013.
Li, X., Niu, J. W., Ma, J., Wang, W. D., Liu, C. L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.
Li, X., Xiong, Y., Ma, J., Wang, W., An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2):763–769, 2012.
Lin, H. Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9929, 2013. doi:10.1007/s10916-013-9929-4.
Lin, H. Y., Chaotic map based mobile dynamic id authenticated key agreement scheme. Wirel. Pers. Commun. 78(2):1487–1494, 2014.
Messerges, T. S., Dabbish, E. A., Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M. K., Cryptanalysis and improvement of yan et al.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):1–12, 2014.
Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10):1–10, 2014.
Odelu, V., Das, A. K., Goswami, A., Cryptanalysis on robust biometrics-based authentication scheme for multiserver environment. Tech. rep., Cryptology ePrint Archive, eprint. iacr.org/2014/715.pdf (2014)
Shen, J., Tan, H., Wang, J., Wang, J., Lee, S., A novel routing protocol providing good transmission reliability in underwater sensor networks. Journal of Internet Technology 16(1):171–178, 2015.
Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3):200–204, 2013.
Wang, Z., Huo, Z., Shi, W., A dynamic identity based authentication scheme using chaotic maps for telecare medicine information systems. Journal of medical systems 39(1):1–8, 2015.
Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. Journal of Medical Systems 36(6):3597–3604, 2012.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., Chung, Y., A secure authentication scheme for telecare medicine information systems. Journal of medical systems 36(3):1529–1535, 2012.
Xie, Q., Liu, W., Wang, S., Han, L., Hu, B., Wu, T., Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care. Journal of medical systems 38(9):1–10, 2014.
Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. Journal of medical systems 37(2):1–8, 2013.
Xu, L., and Wu, F., Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. Journal of medical systems 39(2):1–9, 2015.
Yan, X., Li, W., Li, P., Wang, J., Hao, X., Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. Journal of Medical Systems 37(5):9972, 2013. doi:10.1007/s10916-013-9972-1.
Ren, Y., Shen, J., Wang, J., Han, J., and Lee, S., Mutual verifiable provable data auditing in public cloud storage. Journal of Internet Technology 16(2):317–323, 2014.
Yoon, EJ, and Yoo, KY, Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. The Journal of Supercomputing 63(1):235–255, 2013.
Zhu, Z, An efficient authentication scheme for telecare medicine information systems. Journal of Medical Systems 36(6):3833–3838, 2012. doi:10.1007/s10916-012-9856-9.
Acknowledgments
The authors extend their sincere appreciations to the Outstanding Potential for Excellence in Research and Academics (OPERA) award, BITS Pilani, Rajasthan, India, and the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16).
Conflict of interests
The authors of this article declare that they do not have any conflict of interest.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Systems-Level Quality Improvement
Rights and permissions
About this article
Cite this article
Amin, R., Islam, S.H., Biswas, G.P. et al. An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography. J Med Syst 39, 180 (2015). https://doi.org/10.1007/s10916-015-0351-y
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-015-0351-y