Skip to main content
SpringerLink
Log in

Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems

  • PATIENT FACING SYSTEMS
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Remote user authentication is desirable for a Telecare Medicine Information System (TMIS) for the safety, security and integrity of transmitted data over the public channel. In 2013, Tan presented a biometric based remote user authentication scheme and claimed that his scheme is secure. Recently, Yan et al. demonstrated some drawbacks in Tan’s scheme and proposed an improved scheme to erase the drawbacks of Tan’s scheme. We analyze Yan et al.’s scheme and identify that their scheme is vulnerable to off-line password guessing attack, and does not protect anonymity. Moreover, in their scheme, login and password change phases are inefficient to identify the correctness of input where inefficiency in password change phase can cause denial of service attack. Further, we design an improved scheme for TMIS with the aim to eliminate the drawbacks of Yan et al.’s scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Leng, L., Teoh, A.B.J., Li, M., Khan, and M.K., A remote cancelable palmprint authentication protocol based on multi-directional two-dimensional palmphasor-fusion. Sec. Commun. Netw., 2013. doi:10.1002/sec.900

  2. Khan, M.K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):1–12, 2012

  3. Kumari, S., Khan, M.K., and Kumar, R., Cryptanalysis and improvement of a privacy enhanced scheme for telecare medical information systems. J. Med. Syst. 37(4):1–11, 2012

  4. Cao, T., and Zhai, J., Improved dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–7, 2013

  5. Chen, H.M., Lo, J.W., and Yeh, C.K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012

  6. Debiao, H., Jianhua, C., and Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012

  7. Lin, H.Y., On the security of a dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–5, 2013

  8. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012

  9. Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012

  10. Xie, Q., Zhang, J., and Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–8, 2013

  11. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012

  12. Leng, L., Zhang, J., Khan, M.K., Chen, X., Ji, M., and Alghathbar, K., Cancelable palmcode generated from randomized gabor filters for palmprint template protection. Sci. Res. Ess. 6(4):784–792. 2011

  13. Leng, L., and Zhang, J., Palmhash code vs. palmphasor code. Neurocomput., 2012

  14. Khan, M.K., Zhang, J., and Alghathbar, K., Challenge-response-based biometric image scrambling for secure personal identification. Futur. Gener. Comput. Syst. 27(4):411–418, 2011

  15. Khan, M.K., Zhang, J., and Tian, L., Protecting biometric data for personal identification. In: Advances in Biometric Person Authentication: Springer, 629–638, 2005

  16. Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3):200–204, 2013

  17. Yan, X., Li, W., Li, P., Wang, J., Hao, X., and Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(5):1–6, 2013

  18. Jin, A.T.B., Ling, D.N.C., and Goh, A., Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004

  19. Belguechi, R., Rosenberger, C., and Ait-Aoudia, S., Biohashing for securing minutiae template. In: 20th International Conference on Pattern Recognition (ICPR), 1168–1171, 2010

  20. Lumini, A., and Nanni, L., An improved biohashing for human authentication. Pattern Recogn. 40(3):1057–1065, 2007

  21. Yang, C., Integration of Biometrics and Pin Pad on Smart Card. PhD thesis: University of Newcastle Upon Tyne, 2011

  22. Brier, E., Clavier, C., and Olivier, F., Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems-CHES: Springer, 16–29, 2004

  23. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., and Shalmani, M.T.M., On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Advances in Cryptology–CRYPTO: Springer, 203–220, 2008

  24. Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. In: Advances in CryptologyCRYPTO99: Springer, 388–397, 1999

  25. Messerges, T.S., Dabbish, E.A., and Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002

  26. Boyd, C., and Mathuria, A., Protocols for Authentication and Key Establishment: Springer, 2003

  27. Yang, C.C., Yang, H.W., and Wang, R.C., Cryptanalysis of security enhancement for the timestamp-based password authentication scheme using smart cards. IEEE Trans. Consum. Electron. 50(2):578–579, 2004

  28. Juang, W.S., Lei, C.L., and Chang, C.Y., Anonymous channel and authentication in wireless communications. Comput. Commun. 22(15):1502–1511, 1999

  29. Khan, M.K., Kim, S.K., and Alghathbar, K., Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2011

  30. Xu, J., Zhu, W.T., and Feng, D.G., An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks. Comput. Commun. 34(3):319–325, 2011

  31. Li, C.T., and Hwang, M.S., An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010

  32. Li, X., Niu, J.W., Ma, J., Wang, W.D., and Liu, C.L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011

  33. Truong, T.T., Tran, M.T., and Duong, A.D., Robust biometrics-based remote user authentication scheme using smart cards. In: 15th International Conference on Network-Based Information Systems (NBiS), 384–391, 2012

  34. Chang, Y.F., Yu, S.H., and Shiao, D.R., A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(2):1–9, 2013

  35. Lee, C.C., and Hsu, C.W., A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. Nonlinear Dyn. 71(1–2):201–211, 2013

  36. Potlapally, N.R., Ravi, S., Raghunathan, A., and Jha, N.K., A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Trans. Mobile Comput. 5(2):128–143, 2006

  37. Wong, D.S., Fuentes, H.H., and Chan, A.H., The performance measurement of cryptographic primitives on palm devices. In: 17th Annual Computer Security Applications Conference (ACSAC-2001), 92–101, 2001

Download references

Acknowledgments

The authors thank the anonymous referees for their valuable comments that helped to improve the presentation of the paper. Third author (Dr. Ankita Chaturvedi) is thankful to National Board for Higher Mathematics (NBHM), Mumbai, India, for their financial support. One co-author (Dr. Muhammad Khurram Khan) research was partially funded by National Natural Science Foundation of China (NSFC) under Grant no. 61300220 and 61371098.

Author information

Authors and Affiliations

  1. Department of Mathematics, Indian Institute of Technology Kharagpur, Kharagpur, 721 302, India

    Dheerendra Mishra, Sourav Mukhopadhyay & Ankita Chaturvedi

  2. Department of Mathematics, Agra College, Agra, Dr. B. R. A. University, Agra, Uttar Pradesh, India

    Saru Kumari

  3. Center of Excellence in Information Assurance, King Saud University, Riyadh, Kingdom of Saudi Arabia

    Muhammad Khurram Khan

Authors
  1. Dheerendra Mishra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sourav Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ankita Chaturvedi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ankita Chaturvedi.

Additional information

Conflict of interests

The authors declare that they have no conflict of interest.

This article is part of the Topical Collection on Patient Facing Systems

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mishra, D., Mukhopadhyay, S., Chaturvedi, A. et al. Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems. J Med Syst 38, 24 (2014). https://doi.org/10.1007/s10916-014-0024-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0024-2

Keywords

Search

Navigation