Skip to main content

Advertisement

SpringerLink
Log in

An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography

  • Mobile Systems
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient’s as well as TMIS server’s legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1–8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.’s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.’s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.’s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.’s scheme is also robust against known attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Jiang, Q., Ma, J., Ma, Z., and Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1), 2013. doi:10.1007/s10916-012-9897-0.

  2. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012. doi:10.1007/s10916-012-9835-1.

    Article  PubMed  Google Scholar 

  3. Wu, S., and Chen, K., An efficient key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 36(4):2325–2337, 2012.

    Article  PubMed  Google Scholar 

  4. Irshad, A., Sher, M., Rehman, E., Ch, S. A., Hassan, M. U., and Ghani, A., A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications 74(11): 3967–3984, 2015. doi:10.1007/s11042-013-1807-z.

    Article  Google Scholar 

  5. Mehmood, Z., uddin, N., Ch, S. A., Nasar, W., and Ghani, A., An efficient key agreement with rekeying for secured body sensor networks. In: Digital Information Processing and Communications (ICDIPC), 2012 Second International Conference on, IEEE, pp. 164–167, 2012.

  6. Liao, Y.-P., and Wang, S.-S., A new secure password authenticated key agreement scheme for sip using self-certified public keys on elliptic curves. Comput. Commun. 33(3):372–380, 2010.

    Article  Google Scholar 

  7. Chaudhry, S. A., Comment on ‘robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications’. IET Commun 9(1):1034–1034, 2015.

    Article  Google Scholar 

  8. Ul Amin, N., Asad, M., Din, N., and Ch, S. A., An authenticated key agreement with rekeying for secured body sensor networks based on hybrid cryptosystem. In: Networking, Sensing and Control (ICNSC), 2012 9th IEEE International Conference on, IEEE, pp. 118–121, 2012.

  9. Debiao, H., Jianhua, C., and Jin, H., An id-based client authentication with key agreement protocol for mobile client–server environment on ecc with provable security. Information Fusion 13(3):223–230, 2012.

    Article  Google Scholar 

  10. Islam, S., and Biswas, G., A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.

    Article  Google Scholar 

  11. Islam, S., and Khan, M., Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10), 2014. doi:10.1007/s10916-014-0135-9.

  12. Farash, M. S., Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Networking and Applications,1–10, 2014. doi:10.1007/s12083-014-0315-x.

  13. Farash, M. S., and Attari, M. A., A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J. Supercomput. 69(1):395–411, 2014.

    Article  Google Scholar 

  14. Giri, D., Maitra, T., Amin, R., and Srivastava, P., An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1), 2015. doi:10.1007/s10916-014-0145-7.

  15. Farash, M. S., and Attari, M. A., An enhanced and secure three-party password-based authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. Information Technology And Control 43 (2):143–150, 2014.

    Article  Google Scholar 

  16. Farash, M. S., An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int. J. Commun. Syst., 2014. doi:10.1002/dac.2879.

  17. Farash, M. S., and Attari, M. A., An efficient and provably secure three-party password-based authenticated key exchange protocol based on chebyshev chaotic maps. Nonlinear Dyn. 77(1-2):399–411, 2014.

    Article  Google Scholar 

  18. Irshad, A., Sher, M., Faisal, M. S., Ghani, A., Ul Hassan, M., and Ch, S. A., A secure authentication scheme for session initiation protocol by using ecc on the basis of the tang and liu scheme. Secur. Commun. Netw. 7(8):1210–1218, 2014. doi:10.1002/sec.834.

    Article  Google Scholar 

  19. Farash, M. S., Chaudhry, S. A., Heydari, M., Sajad Sadough, S. M., Kumari, S., and Khan, M. K., A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int. J. Commun. Syst., 2015. doi:10.1002/dac.3019.

  20. Ch, S. A., Uddin, N., Sher, M., Ghani, A., Naqvi, H., and Irshad, A., An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimedia Tools and Applications 74(5):1711–1723, 2015. doi:10.1007/s11042-014-2283-9.

    Article  Google Scholar 

  21. Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012. doi:10.1007/s10916-010-9614-9.

    Article  PubMed  Google Scholar 

  22. Debiao, H., Jianhua, C., and Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012. doi:10.1007/s10916-011-9658-5.

    Article  PubMed  Google Scholar 

  23. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012. doi:10.1007/s10916-012-9856-9.

    Article  PubMed  Google Scholar 

  24. Wen, F., and Guo, D., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 36(5):1–11, 2015. doi:10.1007/s10916-015-0244-0.

    Google Scholar 

  25. Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., and He, L., A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(1):1–7, 2013.

    Google Scholar 

  26. Chaudhry, S. A., Naqvi, H., Shon, T., Sher, M., and Farash, M. S., Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6).

  27. Kumari, S., Khan, M. K., and Kumar, R., Cryptanalysis and improvement of a privacy enhanced scheme for telecare medical information systems. J. Med. Syst. 37(4), 2013. doi:10.1007/s10916-013-9952-5.

  28. Khan, M. K., and Kumari, S., Cryptanalysis and improvement of an efficient and secure dynamic id-based authentication scheme for telecare medical information systems. Secur. Commun. Netw. 7(2):399–408, 2014. doi:10.1002/sec.791.

    Article  Google Scholar 

  29. Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  Google Scholar 

  30. Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. In: Advances in Cryptology CRYPTO 99, Springer, pp. 388–397 (1999)

  31. Li, C.-T., and Hwang, M.-S., An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.

    Article  Google Scholar 

  32. He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 4(1):253–264, 2014.

    Google Scholar 

  33. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., and Khan, M. K., Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38 (6):1–12, 2014.

    Article  Google Scholar 

  34. Li, X., Wen, Q., Li, W., Zhang, H., and Jin, Z., Secure privacy-preserving biometric authentication scheme for telecare medicine information systems. J. Med. Syst. 38(11):1–8, 2014.

    Article  CAS  Google Scholar 

  35. Khan, M. K., Fingerprint biometric-based self-authentication and deniable authentication schemes for the electronic world. IETE Tech. Rev. 26(3):191–195, 2009.

    Article  Google Scholar 

  36. Khan, M. K., and Zhang, J., An efficient and practical fingerprint-based remote user authentication scheme with smart cards. In: Information Security Practice and Experience, Springer, pp. 260–268 (2006)

  37. Amin, R., and Biswas, G., A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8):1–19, 2015.

    Google Scholar 

  38. Amin, R., and Biswas, G., An improved RSA based user authentication and session key agreement protocol usable in TMIS. J. Med. Syst. 39(8):1–14, 2015.

    Google Scholar 

  39. Amin, R., and Biswas, G., A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS. J. Med. Syst. 39(3):1–17, 2015.

    Article  Google Scholar 

  40. Awasthi, A. K., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):1–4, 2013.

    Article  Google Scholar 

  41. Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3):1–9, 2014.

    Article  Google Scholar 

  42. Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):1–12, 2014.

    Article  Google Scholar 

  43. Lu, Y., Li, L., Peng, H., and Yang, Y., An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J. Med. Syst. 39(3):1–8, 2015.

    Article  Google Scholar 

  44. Jin, A. T. B., Ling, D. N. C., and Goh, A., Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.

    Article  Google Scholar 

  45. Lumini, A., and Nanni, L., An improved biohashing for human authentication. Pattern Recogn. 40(3): 1057–1065 , 2007.

    Article  Google Scholar 

  46. Leng, L., Teoh, A. B. J., Li, M., and Khan, M. K., A remote cancelable palmprint authentication protocol based on multi-directional two-dimensional palmphasor-fusion. Secur. Commun. Netw. 7(11):1860–1871, 2014.

    Article  Google Scholar 

  47. Leng, L., and Teoh, A. B. J., Alignment-free row-co-occurrence cancelable palmprint fuzzy vault. Pattern Recogn. 48(7):2290–2303, 2015.

    Article  Google Scholar 

  48. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., and Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5):1–11, 2014.

    Article  Google Scholar 

  49. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., and Shalmani, M., On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Wagner, D. (Ed.) Advances in Cryptology, CRYPTO 2008, Vol. 5157 of Lecture Notes in Computer Science, pp. 203–220. Berlin Heidelberg: Springer, 2008. doi:10.1007/978-3-540-85174-5_12

    Google Scholar 

  50. Chaudhry, S. A., Naqvi, H., Sher, M., Farash, M. S., and ul Hassan, M., An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Networking and Applications, 2015. doi:10.1007/s12083-015-0400-9.

  51. Kumari, S., Chaudhry, S. A., Wu, F., Li, X., Farash, M. S., and Khan, M. K., An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Networking and Applications, 2015. doi:10.1007/s12083-015-0409-0.

  52. Dolev, D., and Yao, A. C., On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198–208, 1983.

    Article  Google Scholar 

  53. Cao, X., and Zhong, S., Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun. Lett. 10(8):580–581, 2006.

    Article  Google Scholar 

  54. Abadi, M., Blanchet, B., and Comon-Lundh, H., Models and proofs of protocol security: A progress report. In: Computer Aided Verification, Springer, pp. 35–49, 2009.

  55. Chaudhry, S. A., Farash, M. S., Naqvi, H., and Sher, M., A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron. Commer. Res., 1–27, 2015. doi:10.1007/s10660-015-9192-5.

  56. Chaudhry, S. A., Farash, M. S., Naqvi, H., Kumari, S., and Khan, M. K., An enhanced privacy preserving remote user authentication scheme with provable security. Secur. Commun. Netw., 1–13, 2015. doi:10.1002/sec.1299.

  57. Xie, Q., Hu, B., Dong, N., and Wong, D. S., Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems. PloS one 9(7):e102747, 2014.

    Article  PubMed Central  PubMed  Google Scholar 

Download references

Acknowledgments

Authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16) 2. Authors would also like to thank Prof. Muhammad Arshad Zia, anonymous reviewers and the guest editor Prof. Mu-Yen Chen for their valuable and constructive comments.

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan

    Shehzad Ashraf Chaudhry, Khalid Mahmood & Husnain Naqvi

  2. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

Authors
  1. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Khalid Mahmood
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Husnain Naqvi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shehzad Ashraf Chaudhry.

Additional information

This article is part of the Topical Collection on Smart Living in Healthcare and Innovations

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chaudhry, S.A., Mahmood, K., Naqvi, H. et al. An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography. J Med Syst 39, 175 (2015). https://doi.org/10.1007/s10916-015-0335-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0335-y

Keywords

Search

Navigation