Abstract
Nowadays people can get many services including health-care services from distributed information systems remotely via public network. By considering that these systems are built on public network, they are vulnerable to many malicious attacks. Hence it is necessary to introduce an effective mechanism to protect both users and severs. Recently many two-factor authentication schemes have been proposed to achieve this goal. In 2016, Li et al. demonstrated that Lee et al.’s scheme was not satisfactory to be deployed in practice because of its security weaknesses and then proposed a security enhanced scheme to overcome these drawbacks. In this paper, we analyze Li et al.’s scheme is still not satisfactory to be applied in telecare medicine information systems (TMIS) because it fails to withstand off-line dictionary attack and known session-specific temporary information attack. Moreover, their scheme cannot provide card revocation services for lost smart card. In order to solve these security problems, we propose an improved scheme. Then we analyze our scheme by using BAN-logic model and compare the improved scheme with related schemes to prove that our scheme is advantageous to be applied in practice.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Rashvand, H., Salcedo, V., Sanchez, E., Iliescu, D., Ubiquitous wireless telemedicine. Commun., IET 2(2):237–254, 2008.
Kumar, B., Singh, S. P., and Mohan, A., Emerging mobile communication technologies for health. Computer and Communication Technology (ICCCT), 2010 International Conference on. IEEE, 828–832 (2010)
Istepanian, R. S., and Lacal, J. C., Emerging mobile communication technologies for health: some imperative notes on m-health. Engineering in Medicine and Biology Society, 2003 Proceedings of the 25th Annual International Conference of the IEEE. IEEE 2:1414–1416, 2003.
Kyriacou, E., Pavlopoulos, S., Berler, A., Neophytou, M., Bourka, A., Georgoulas, A., Anagnostaki, A., Karayiannis, D., Schizas, C., Pattichis, C., Andreou, A., Koutsouris, D., Multi-purpose HealthCare Telemedicine Systems with mobile communication link support. Biomed. Eng. Online 2(7):1–12, 2003.
Tachakra, S., Wang, X. H., Istepanian, R. S., Song, Y. H., Mobile e-health: the unwired evolution of telemedicine. Telemedicine J. E-health 9(3):247–257, 2003.
Rialle, V., Duchene, F., Noury, N., Bajolle, L., Demongeot, J., Health smart home: information technology for patients at home. Telemedicine J. E-Health 8(4):395–409, 2002.
Pattichis, C. S., Kyriacou, E., Voskaride, S., Pattichis, M., Istepanian, R., and Schizas, C., Wireless telemedicine systems: an overview. Antennas and Propagation Magazine. IEEE 44(2):143–153, 2002.
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.
Lamport, L., Password authentication with insecure communication. Commun. ACM 21(11):770–772, 1981.
Jiang, Q., Ma, J., Li, G., Li, X., Improvement of robust smart-card-based password authentication scheme. Int. J. Commun. Syst. 28(2):383–393, 2015.
Jiang, Q., Wei, F., Fu, S., Ma, J., Li, G., Alelaiwi, A., Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn. 83(4):2085–2101, 2016.
Jiang, Q., Ma, J., Lu, X., Tian, Y., An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw. Appl. 8(6):1070–1081, 2015.
Jiang, Q., Ma, J., Wei, F.: On the security of a Privacy-Aware authentication scheme for distributed mobile cloud computing services IEEE systems journal. doi:10.1109/JSYST.2016.2574719 (2016)
Odelu, V., Das, A. K., Goswami, A., A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensics Secur. 10(9):1953–1966, 2015.
Huang, X., Chen, X., Li, J., Xiang, Y., Xu, L., Further observations on smart-card-based password-authenticated key agreement in distributed systems. IEEE Trans. Parallel Distrib. Syst. 25(7):1767–1775, 2014.
Das, M., Two-factor user authentication in wireless sensor networks. IEEE Trans. Wirel. Commun. 8(3): 1086–1090, 2009.
Huang, X., Xiang, Y., Bertino, E., Zhou, J., Xu, L., Robust multi-factor authentication for fragile communications. IEEE Trans. Dependable Secure Comput. 11(6):568–581, 2014.
He, D., Zeadally, S., Kumar, N., and Lee, J. H., Anonymous authentication for wireless body area networks with provable security, IEEE Systems Journal. doi:10.1109/JSYST.2016.2544805 (2016)
He, D., Zeadally, S., Wu, L., Certificateless public auditing scheme for cloud-assisted wireless body area networks, IEEE Systems Journal. doi:10.1109/JSYST.2015.2428620 (2015)
He, D., Kumar, N., Wang, H., Wang, L., Choo, K. R., Vinel, A., A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network, IEEE Transactions on Dependable and Secure Computing. doi:10.1109/TDSC.2016.2596286 (2016)
Li, H., Lin, I., Hwang, M., A remote password authentication scheme for multiserver architecture using neural networks. IEEE Trans. Neural Netw. 12(6):1498–1504, 2001.
Lin, I., Hwang, M., Li, H., A new remote user authentication scheme for multi-server architecture. Futur. Gener. Comput. Syst. 19(1):13–22, 2003.
Juang, M., Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans. Consum. Electron. 50(1):251–255, 2004.
Chang, C. C., and Lee, J. S., An Efficient and Secure Multi-server Password Authentication Scheme Using Smart Cards. Proceedings of the 2004 International Conference on Cyberworlds, 417–422
Tsaur, W. J., Wu, C. C., Lee, W. B., A smart card-based remote scheme for password authentication in multi-server Internet services. Comput. Standards Interfaces 27(1):39–51, 2004.
Tsai, J. L., Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput. Secur. 27(3):115–121, 2008.
Chen, Y., Huang, C. H., and Chou, J. S., Comments on two multi-server authentication protocols. IACR Cryptology ePrint Archive, 2008(544) (2008)
Lee, S. G., Cryptanalysis of Multiple-Server Password-Authenticated key agreement schemes using smart cards. J. Inf. Commun. Convergence Eng. 9(4):431–434 , 2011.
Zhu, F., Carpenter, S., Kulkarni, A., Understanding identity exposure in pervasive computing environments. Pervasive Mob. Comput. 8(5):777–794, 2012.
Liao, Y. P., and Wang, S. S., A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Standards and Interfaces 31(1):24–29, 2009.
Hsiang, H. C., and Shih, W. K., Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Standards and Interfaces 31(6):1118–1123, 2009.
Sood, S. K., Sarje, A. K., Singh, K. A., A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2):609–618, 2011.
Lee, C. C., Lin, T. H., Chang, R. X., A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst. Appl. 38(11):13863–13870, 2011.
Tsaur, W. J., Li, J. H., Lee, W. B., An efficient and secure multi-server authentication scheme with key agreement. J. Syst. Softw. 85(4):876–882, 2012.
Lee, C. C., Lou, D. C., Li, C. T., Hsu, C. W., An extended chaotic-maps-based protocol with key agreement for multiserver environments. Nonlinear Dyn. 76(1):876–882, 2014.
Li, X., Niu, J., Kumari, S., Islam, S. H., Wu, F., Khan, M. K., and Das, A. K., A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security, Wireless Personal Communications, 1–29 (2016)
Wang, D., He, D., Wang, P., Chu, C., Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12(4):428–442, 2015.
Kim, T. H., Kim, C., Park, I., Side channel analysis attacks using am demodulation on commercial smart cards with seed. J. Syst. Softw. 85(12):2899–2908, 2012.
Barenghi, A., Breveglieri, L., Naccache, D., Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11):3056–3076, 2012.
Cheng, Z., Nistazakis, M., Comley, R., and Vasiu, L., On the Indistinguishability-Based security model of key agreement Protocols-Simple cases. IACR Cryptology ePrint Archive, 129 (2005)
Bonneau, J., The science of guessing: Analyzing an anonymized corpus of 70 million passwords. 2012 IEEE Symposium on Security and Privacy 538-552 (2012)
Wang, D., and Wang, P., Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw. 20:1–15, 2014.
Burrows, M., Abadi, M., Needham, R., A logic of authentication. ACM Trans. Comput. Syst. 8(1):18–36, 1990.
Xue, K., and Hong, P., Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 17(1):2969–2977, 2012.
Acknowledgments
This work is partially supported by National Natural Science Foundation of China under Grant Nos. 61003230 and 61370026.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Mobile & Wireless Health
Rights and permissions
About this article
Cite this article
Xiong, H., Tao, J. & Chen, Y. A Robust and Anonymous Two Factor Authentication and Key Agreement Protocol for Telecare Medicine Information Systems. J Med Syst 40, 228 (2016). https://doi.org/10.1007/s10916-016-0590-6
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-016-0590-6