Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende
Erweiterte Suche
Anmelden
nach oben
Journal of Medical Systems
Erschienen in: Journal of Medical Systems 11/2015

01.11.2015 | Systems-Level Quality Improvement

Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems

verfasst von: Ruhul Amin, SK Hafizul Islam, G. P. Biswas, Muhammad Khurram Khan, Xiong Li

Erschienen in: Journal of Medical Systems | Ausgabe 11/2015

Einloggen, um Zugang zu erhalten

Abstract

The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.’s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.’s scheme and additionally achieves extra security requirements.
Literatur
1.
Amin, R, Cryptanalysis and an efficient secure id-based remote user authentication using smart card. Int. J. Comput. Appl. 75(13):43–48, 2013.
2.
Amin, R, and Biswas, GP, Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arab. J. Sci. Eng.,1–15, 2015. doi:10.​1007/​s13369-015-1743-5.
3.
Amin, R, and Biswas, GP, Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel. Pers. Commun., 1–24, 2015. doi:10.​1007/​s11277-015-2616-7.
4.
Amin, R, and Biswas, GP, An improved rsa based user authentication and session key agreement protocol usable in tmis. J. Med. Syst. 39(8):79, 2015. doi:10.​1007/​s10916-015-0262-y.
5.
Amin, R, and Biswas, GP, A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J. Med. Syst. 39(3):33, 2015. doi:10.​1007/​s10916-015-0217-3.
6.
Amin, R, and Biswas, GP, Remote access control mechanism using rabin public key cryptosystem. In: Information Systems Design and Intelligent Applications, Advances in Intelligent Systems and Computing. Vol. 339, pp. 525–533. Springer, India. 2015. doi:10.​1007/​978-81-322-2250-7_​52.
7.
8.
9.
Amin, R, Islam, SH, Biswas, GP, Khan, MK: An efficient remote mutual authentication scheme using smart mobile phone over insecure networks. In: Cyber Situational Awareness, 2015 International Conference on Data Analytics and Assessment (CyberSA). pp. 1–7, 2015, doi:10.​1109/​CyberSA.​2015.​7166114
10.
Amin, R, Maitra, T, Rana, SP, An improvement of Wang et. al.’s remote user authentication scheme against smart card security breach. Int. J. Comput. Appl. 75(13):37–42, 2013.
11.
An, Y, Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. J. Biomed. Biotechnol. 6, 2012. doi:10.​1155/​2012/​519723.
12.
An, YH: Security improvements of dynamic id-based remote user authentication scheme with session key agreement. In: 2013 15th International Conference on Advanced Communication Technology (ICACT), pp. 1072–1076 (2013)
13.
Arshad, H, and Nikooghadam, M, Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):1–12, 2014. doi:10.​1007/​s10916-014-0136-8.
14.
15.
Chang, YF, Tai, WL, Chang, HC, Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 27(11):3430–3440, 2014. doi:10.​1002/​dac.​2552.
16.
17.
Chaudhry, SA, Farash, MS, Naqvi, H, Kumari, S, Khan, MK, An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks, 2015. doi:10.​1002/​sec.​1299.
18.
Chaudhry, SA, Naqvi, H, Shon, T, Sher, M, Farash, MS, Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6):66, 2015. doi:10.​1007/​s10916-015-0244-0.CrossRefPubMed
19.
Chaudhry, SA, Uddin, N, Sher, M, Ghani, A, Naqvi, H, Irshad, A, An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimedia Tools and Applications 74(5):1711–1723, 2015. doi:10.​1007/​s11042-014-2283-9.CrossRef
20.
Chou, JS, Huang, CH, Huang, YS, Chen4, Y: Efficient two-pass anonymous identity authentication using smart card. Cryptology ePrint Archive, Report 2013/402 (2013)
21.
22.
Das, AK, Cryptanalysis and further improvement of a biometric-based remote user authentication scheme using smart cards. International Journal of Network Security and Its Applications 3(2):13–28, 2011.CrossRef
23.
24.
Dolev, D, and Yao, AC, On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198–208, 1983.CrossRef
25.
Farash, MS, Chaudhry, SA, Heydari, M, Sajad Sadough, SM, Kumari, S, Khan, MK, A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int. J. Commun. Syst., 2015. doi:10.​1002/​dac.​3019.
26.
Fu, Z, Sun, X, Liu, Q, Zhou, L, Shu, J, Achieving efficient cloud search services: Multikeyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans. Commun. E98B(1):190–200, 2015.CrossRef
27.
28.
Guo, P, Wang, J, Li, B, Lee, S, A variable threshold-value authentication architecture for wireless mesh networks. J. Internet Technol. 15(6):929–936, 2014.
29.
Islam, S H, and Biswas, GP, Dynamic id-based remote user mutual authentication scheme with smartcard using elliptic curve cryptography. J. Electron. (China) 31(5):473–488, 2014. doi:10.​1007/​s11767-014-4002-0.CrossRef
30.
He, D, Jianhua, C, Rui, Z, A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef
31.
32.
33.
He, D, Kumar, N, Chen, J, Lee, CC, Chilamkurti, N, Yeo, SS, Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems. 21(1):49–60, 2015. doi:10.​1007/​s00530-013-0346-9.CrossRef
34.
35.
36.
37.
38.
Islam, S H, Khan, MK, Obaidat, MS, Muhaya, F.T.B, Provably secure and anonymous password authentication protocol for roaming service in global mobility networks using extended chaotic maps. Wirel. Pers. Commun.,1–22, 2015. doi:10.​1007/​s11277-015-2542-8.
39.
Islam, SH, Design and analysis of an improved smartcard based remote user password authentication scheme. Int. J. Commun. Syst., 2014. doi:10.​1002/​dac.​2793.
40.
Islam, SH, A provably secure id-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wirel. Pers. Commun. 79(3):1975–1991, 2014. doi:10.​1007/​s11277-014-1968-8.CrossRef
41.
42.
Islam, SH, and Biswas, GP, A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.CrossRef
43.
Islam, SH, and Biswas, GP, Design of improved password authentication and update scheme based on elliptic curve cryptography. Math. Comput. Model. 57(1112):2703–2717, 2013. doi:10.​1016/​j.​mcm.​2011.​07.​001. Information System Security and Performance Modeling and Simulation for Future Mobile Networks.CrossRef
44.
45.
Jina, A.T.B, Ling, D.N.C, Goh, A, Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.CrossRef
46.
Khan, MK, and He, D, A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography. Sec. and Commun. Netw. 5(11):1260–1266, 2012. doi:10.​1002/​sec.​573.
47.
Khan, MK, and Kumari, S, An improved biometrics-based remote user authentication scheme with user anonymity. BioMed Res. Int.,9, 2013. doi:10.​1155/​2013/​491289.
48.
49.
Kocher, P, Jaffe, J, Jun, B: Differential power analysis. In: Advances in Cryptology CRYPTO 99, Lecture Notes in Computer Science, Vol. 1666, pp. 388–397 (1999)
50.
Kumari, S, and Khan, MK, More secure smart card-based remote user password authentication scheme with user anonymity. Secur. Commun. Netw. 7(11):2039–2053, 2014. doi:10.​1002/​sec.​916.
51.
52.
53.
Kumari, S, Khan, MK, Li, X, Wu, F, Design of a user anonymous password authentication scheme without smart card. Int. J. Commun. Syst. 27(10):609–618, 2014. doi:10.​1002/​dac.​2853.
54.
Lee, JK, Ryu, SR, Yoo, KY, Fingerprint-based remote user authentication scheme using smart cards. Electron. Lett. 38(12):554–555, 2002.CrossRef
55.
Li, CT, and Hwang, MS, An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.CrossRef
56.
57.
58.
Li, X, Niu, JW, Ma, J, Wang, WD, Liu, CL, Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.CrossRef
59.
60.
61.
Lumini, A, and Nanni, L, An improved biohashing for human authentication. Pattern Recogn. 40(3): 1057–1065, 2007.CrossRef
62.
Messerges, TS, Dabbish, EA, Sloan, RH, Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRef
63.
64.
Mishra, D, Mukhopadhyay, S, Chaturvedi, A, Kumari, S, Khan, MK, Cryptanalysis and improvement of yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6): 24, 2014. doi:10.​1007/​s10916-014-0024-2.CrossRefPubMed
65.
Mishra, D, Mukhopadhyay, S, Kumari, S, Khan, M, Chaturvedi, A, Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5):41, 2014. doi:10.​1007/​s10916-014-0041-1.CrossRefPubMed
66.
Ren, Y, Shen, J, Wang, J, Han, J, Lee, S, Mutual verifiable provable data auditing in public cloud storage. J. Internet Technol. 16(2):317–323, 2014.
67.
68.
69.
70.
Wei, J, Hu, X, Liu, W, An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.CrossRefPubMed
71.
72.
Wu, ZY, Lee, YC, Lai, F, Lee, HC, Chung, Y, A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRefPubMed
73.
Xu, X, Zhu, P, Wen, Q, Jin, Z, Zhang, H, He, L, A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(6):24, 2014. doi:10.​1007/​s10916-013-9994-8.​.CrossRef
74.
75.
Metadaten
Titel
Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems
verfasst von
Ruhul Amin
SK Hafizul Islam
G. P. Biswas
Muhammad Khurram Khan
Xiong Li
Publikationsdatum
01.11.2015
Verlag
Springer US
Erschienen in
Journal of Medical Systems / Ausgabe 11/2015
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-015-0318-z

Weitere Artikel der Ausgabe 11/2015

Journal of Medical Systems 11/2015 Zur Ausgabe

Systems-Level Quality Improvement

Enabling Better Interoperability for HealthCare: Lessons in Developing a Standards Based Application Programing Interface for Electronic Medical Record Systems

Mobile Systems

Experiences and Results of Applying Tools for Assessing the Quality of a mHealth App Named Heartkeeper

Systems-Level Quality Improvement

New Authentication Scheme for Wireless Body Area Networks Using the Bilinear Pairing

Systems-Level Quality Improvement

User Interface Requirements for Web-Based Integrated Care Pathways: Evidence from the Evaluation of an Online Care Pathway Investigation Tool

Patient Facing Systems

Human Identification Using Compressed ECG Signals

Systems-Level Quality Improvement

Automatic Identification of Human Erythrocytes in Microscopic Fecal Specimens