nach oben

Journal of Medical Systems

Erschienen in:

01.06.2014 | TRANSACTIONAL PROCESSING SYSTEMS

An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function

verfasst von: Ashok Kumar Das, Adrijit Goswami

Erschienen in: Journal of Medical Systems | Ausgabe 6/2014

Einloggen, um Zugang zu erhalten

Abstract

Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava’s scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava’s scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava’s scheme.

AVISPA: Automated validation of internet security protocols and applications. http://www.avispa-project.org/. Accessed Jan 2013.

AVISPA: AVISPA Web Tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed Sept 2013.

Awasthi, A. K., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):1–4, 2013.

Basin, D., Modersheim, S., and Vigano, L., OFMC: A symbolic model checker for security protocols. Int. J. Inf. Sec. 4(3):181–208, 2005.

Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.

Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:1–9, 2013.

Das, A. K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Sec. 5(3):145–151, 2011.

Das, A. K., A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Netw. Sci. 2(1–2):12–27, 2013.

Das, A. K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.

10.

Das, A. K., Massand, A., and Patil, S., A novel proxy signature scheme based on user hierarchical access control policy. J. King Saud University - Comput. Inf. Sci. 25(2):219–228, 2013.

11.

Das, A. K., Paul, N. R., and Tripathy, L., Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf. Sci. 209:80–92, 2012.

12.

Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.

13.

Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.

14.

Dolev, D., and Yao, A., On the security of public key protocols. IEEE Trans. Inf. Theory. 29(2):198–208, 1983.

15.

Hwang, M.-S., and Li, L.-H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1): 28–30, 2000.

16.

Hwang, T., Chen, Y., and Laih, C.-S., Non-interactive password authentications without password tables. In: Proceedings of IEEE Region 10 Conference on Computer and Communication Systems (TENCON’90). Vol. 1, pp. 429–431, 1990.

17.

Jaspher, G., Kathrine, W., Kirubakaran, E., and Prakash, P., Smart card based remote user authentication schemes: A survey. Procedia Eng. 38:1318–1326, 2012.

18.

Jina, A. T. B., Linga, D. N. C., and Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.

19.

Khan, M. K., Kim, S.-K., and Alghathbar, K., Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’. Comput Commun. 34(3):305–309, 2011.

20.

Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. In: Proceedings of Advances in Cryptology - CRYPTO’99, LNCS. Vol. 1666, pp. 388–397, 1999.

21.

Lamport, L., Password authentification with insecure communication. Commun. ACM. 24(11):770–772, 1981.

22.

Li, C.-T., and Hwang, M.-S., An efficient biometric-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33:1–5, 2010.

23.

Li, C.-T., Lee, C.-C., Liu, C.-J., and Lee, C.-W., A robust remote user authentication scheme against smart card security breach. In: Proceedings of Data and Applications Security and Privacy XXV, LNCS. VOl. 6818, pp. 231–238, 2011.

24.

Li, X., Niu, J.-W., Ma, J., Wang, W.-D., and Liu, C.-L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34:73–79, 2011.

25.

Lumini, A., and Nanni, L., An improved BioHashing for human authentication. Pattern Recog. 40(3):1057–1065, 2007.

26.

Madhusudhan, R., and Mittal, R. C., Dynamic ID-based remote user password authentication schemes using smart cards: A review. J. Netw. Comput. Appl. 35(4):1235–1248, 2012.

27.

Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

28.

Odelu, V., Das, A. K., and Goswami, A., An effective and secure key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 37(2):1–18, 2013.

29.

Wang, Y.-Y., Liu, J.-Y., Xiao, F.-X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009.

30.

Xiao, D., Liao, X., and Deng, S., One-way hash function construction based on the chaotic map with changeable-parameter. Chaos, Solitons Fractals. 241:65–71, 2005.

Titel: An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function
verfasst von: Ashok Kumar Das
Adrijit Goswami
Publikationsdatum: 01.06.2014
Verlag: Springer US
Erschienen in: Journal of Medical Systems / Ausgabe 6/2014
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-014-0027-z

Springer Medizin

Abstract

Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten

Weitere Artikel der Ausgabe 6/2014

A usability framework for speech recognition technologies in clinical handover: A pre-implementation study

Design and Development of A Mobile-based System for Supporting Emergency Triage Decision Making

A Modular and Programmable Development Platform for Capsule Endoscopy System

Applying Cybernetic Technology to Diagnose Human Pulmonary Sounds

Analysis of the Integration of the Physician Rostering Problem and the Surgery Scheduling Problem

Development of a Decision Support Engine to Assist Patients with Hospital Selection