nach oben

Journal of Medical Systems

Erschienen in:

01.12.2013 | Original Paper

A Robust Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care

verfasst von: Fengtong Wen

Erschienen in: Journal of Medical Systems | Ausgabe 6/2013

Einloggen, um Zugang zu erhalten

Abstract

User authentication plays an important role to protect resources or services from being accessed by unauthorized users. In a recent paper, Das et al. proposed a secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. This scheme uses three factors, e.g. biometrics, password, and smart card, to protect the security. It protects user privacy and is believed to have many abilities to resist a range of network attacks, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Das et al.’s scheme, and show that the scheme is in fact insecure against the replay attack, user impersonation attacks and off-line guessing attacks. Then, we also propose a robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Compared with the existing schemes, our protocol uses a different user authentication mechanism to resist replay attack. We show that our proposed scheme can provide stronger security than previous protocols. Furthermore, we demonstrate the validity of the proposed scheme through the BAN (Burrows, Abadi, and Needham) logic.

Burrows, M., Abadi, M., and Needham, R., A logic of authentication. ACM Trans. Comput. Syst. 8(1):18–36, 1990.CrossRef

Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected healthcare. J. Med. Syst. 37:9902, 2013.CrossRef

Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for Telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.CrossRef

Das, A. K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.CrossRef

Das, A. K., and Goswami, A., A secure and efficient uniqueness -and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9948, 2013.CrossRef

Das, M. L., Two-factor user authentication in wireless sensor networks. IEEE Trans. Wirel. Commun. 8(3):1086–1090, 2009.CrossRef

Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1):28–30, 2000.CrossRef

Jina, A. T. B., Linga, D. N. C., and Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.CrossRef

Khan, M. K., Zhang, J., and Wang, X., Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos Solitons Fractals 35(3):519–524, 2008.CrossRef

10.

Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. In: Proceedings of Advances in Cryptology-CRYPTO’99. Vol. 1666, pp. 388–397. LNCS, 1999.

11.

Lee, N. Y., and Chiu, Y. C., Improved remote authentication scheme with smart card. Comput. Stand. Interfac. 27(2):177–180, 2005.CrossRef

12.

Li, C.-T., and Hwang, M.-S., An efficient biometric-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33:1–5, 2010.CrossRef

13.

Li, X., Niu, J.-W., Ma, J., Wang, W.-D., and Liu, C.-L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34:73–79, 2011.CrossRefMATH

14.

Lumini, A., and Nanni, L., An improved BioHashing for human authentication. Pattern Recogn. 40(3):1057–1065, 2007.CrossRefMATH

15.

Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.MathSciNetCrossRef

16.

Wen, F. T., Susilo, W., and Yang, G. M., A robust smart card-based anonymous user authentication protocol for wireless communications. Secur. Comm. Networks, 2013 doi:10.1002/sec.816.

17.

Wen, F. T., Susilo, W., and Yang, G. M., A secure effective anonymous user authentication scheme for roaming service in global mobility networks. Wirel. Pers. Commun., 2013. doi:10.1007/s11277-013-1243-4.

18.

Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y., A secure authentication scheme for Telecare medicine information systems. J. Med. Syst. 36(3):1529–35, 2010.CrossRef

19.

He, D.-B. H., Jianhua, C., and Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef

20.

Yang, G., Wong, D. S., Wang, H., Deng, X., Two-factor mutual authentication based on smart cards and passwords. J. Computer Syst. Sci. 74(7):1160–1172, 2008.MathSciNetCrossRefMATH

Titel: A Robust Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care
verfasst von: Fengtong Wen
Publikationsdatum: 01.12.2013
Verlag: Springer US
Erschienen in: Journal of Medical Systems / Ausgabe 6/2013
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-013-9980-1

Springer Medizin

Abstract

Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten

Weitere Artikel der Ausgabe 6/2013

Perceived Usefulness of Data Entry Tools in Medical Encounters: A Survey

A Patient Privacy Protection Scheme for Medical Information System

Challenges, Alternatives, and Paths to Sustainability for Health Information Exchange Efforts

An Efficient Chaotic Maps-Based Authentication and Key Agreement Scheme Using Smartcards for Telecare Medicine Information Systems

Designing an Intelligent Health Monitoring System and Exploring User Acceptance for the Elderly

RFID Authentication Protocol to Enhance Patient Medication Safety