nach oben

Journal of Medical Systems

Erschienen in:

01.03.2014 | Research Article

A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems

verfasst von: Zuowen Tan

Erschienen in: Journal of Medical Systems | Ausgabe 3/2014

Einloggen, um Zugang zu erhalten

Abstract

The telecare medicine information system enables the patients gain health monitoring at home and access medical services over internet or mobile networks. In recent years, the schemes based on cryptography have been proposed to address the security and privacy issues in the telecare medicine information systems. However, many schemes are insecure or they have low efficiency. Recently, Awasthi and Srivastava proposed a three-factor authentication scheme for telecare medicine information systems. In this paper, we show that their scheme is vulnerable to the reflection attacks. Furthermore, it fails to provide three-factor security and the user anonymity. We propose a new three-factor authentication scheme for the telecare medicine information systems. Detailed analysis demonstrates that the proposed scheme provides mutual authentication, server not knowing password and freedom of password, biometric update and three-factor security. Moreover, the new scheme provides the user anonymity. As compared with the previous three-factor authentication schemes, the proposed scheme is more secure and practical.

He, D. B., An efficient remote user authentication and key exchange protocol for mobile client–server environment from pairings. Ad Hoc Netw. 10(6):1009–1016, 2012.CrossRef

Chen, T. H., and Lee, W. B., A new method for using hash function to solve remote user authentication. Comput. Electr. Eng. 34(1):53–62, 2008.CrossRefMATHMathSciNet

Sandirigama, M., Shimizu, A., and Noda, M. T., Simple and secure password authentication protocol. IEICE Trans. Commun. B(6)(E83):1363–1365, 2000.

He, D. B., Chen, Y. T., and Chen, J. H., Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn. 69(3):1149–1157, 2012.CrossRefMATHMathSciNet

He, D. B., Chen, J. H., and Hu, J., An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inf. Fusion 13(3):223–230, 2012.CrossRef

Lamport, L., Password authentication with insecure communication. Commun. ACM 24:28–30, 1981.CrossRef

Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1):28–30, 2000.CrossRef

Li, L., Lin, I., and Hwang, M., A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans. Neural. Netw 12(6):1498–1504, 2001.CrossRef

Das, M. L., Saxena, A., and Gulati, V. P., A dynamic id-based remote user authentication scheme. IEEE Trans. Consum. Electron 50(2):629–631, 2004.CrossRef

10.

Yoon, E. J., Ryu, E. K., and Yoo, K. Y., Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron 50(2):612–614, 2004.CrossRef

11.

Fan, C. I., and Lin, Y. H., Provably secure remote truly three-factor authentication scheme with privacy protection on biometric. IEEE T. Inf. Forensic Secur. 4(4):933–945, 2009.CrossRef

12.

Bhargav-Spantzel, A., Squicciarini, A. C., Bertino, E., Modi, S., Young, M., and Elliott, S. J., Privacy preserving multi-factor authentication with biometric. J. Comput. Secur 15(5):529–560, 2007.

13.

Pointcheval, D., and Zimmer, S., Multi-factor authenticated key exchange. ACNS 2008 LNCS. 5037:277–295, 2008.

14.

Li, C. T., and Hwang, M.-S., An efficient biometric-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.CrossRef

15.

He, D. B., Kumar, N., and Lee, J.-H., Enhanced three-factor security protocol for USB Consumer Storage Devices. IEEE Trans. Consum. Electron. 59(4):8111–817, 2013.CrossRef

16.

Lee, J. K., Ryu, S. R., and Yoo, K. Y., Fingerprint-based remote user authentication scheme using smart cards. Electron. Lett. 38(12):554–555, 2002.CrossRef

17.

Lin, C. H., and Lai, Y. Y., A flexible biometric remote user authentication scheme. Comput. Stand. Interfaces 27(1):19–23, 2004.CrossRef

18.

Khan, M. K., and Zhang, J., Improving the security of ‘a flexible biometric remote user authentication scheme. Comput. Stand. Interfaces 29(1):82–85, 2007.CrossRef

19.

Das, A. K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.CrossRef

20.

Lee, C.-C., and Hsu, C.-W., A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. Nonlinear Dyn 71:201–211, 2013.CrossRefMathSciNet

21.

Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2010. doi:10.1007/s10916-010-9614-9.

22.

He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2011. doi:10.1007/s10916-011-9658-5.

23.

Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9835-1.

24.

Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9856-9.

25.

Wang, R.-C., Juang, W.-S., and Lei, C.-L., Provably secure and efficient identification and key agreement protocol with user anonymity. J. Comput. Syst. Sci. 77(4):790–798, 2011. doi:10.1016/j.jcss.2010.07.004. 2010.CrossRefMATHMathSciNet

26.

Khan, M. K., Kim, S.-K., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.CrossRef

27.

Chen, H.-M., Lo, J.-W., and Yeh, C.-K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9862-y.

28.

Tan, Z. W., An efficient biometric-based authentication scheme for telecare medicine information systems. Przegl. Elektrotech. 89(5):200–204, 2013.

29.

Awasthi, A. K., Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37, 2013. doi:10.1007/s10916-013-9964-1.

30.

Liao, I.-E., Lee, C.-C., and Hwang, M.-S., A password scheme over insecure networks. J. Comput. Syst. Sci. 72(4):727–740, 2006.CrossRefMATHMathSciNet

31.

Yang, G. M., Duncan, S. W., Wang, H. X., and Deng, X. T., Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74(7):1160–1172, 2008.CrossRefMATH

32.

Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRefMathSciNet

33.

Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology-CRYPTO'99, Santa Barbara, California, USA, August 15–19, 1999. Lecture Notes in Computer Science, Vol. 1666, Springer, ISBN 3-540-66347-9, pages. 388–397, 1999.

Titel: A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems
verfasst von: Zuowen Tan
Publikationsdatum: 01.03.2014
Verlag: Springer US
Erschienen in: Journal of Medical Systems / Ausgabe 3/2014
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-014-0016-2

Springer Medizin

Abstract

Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten

Weitere Artikel der Ausgabe 3/2014

A Comparative Study on Classification of Sleep Stage Based on EEG Signals Using Feature Selection and Classification Algorithms

Radio Frequency Identification (RFID) in Health Care: Privacy and Security Concerns Limiting Adoption

Quantitative Analysis for Breast Density Estimation in Low Dose Chest CT Scans

Impact of Technological Innovation on a Nursing Home Performance and on the Medication-use Process Safety