Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende

Live-Webinar: Aktuelle Leitlinien bei Herz-Kreislauf-Erkrankungen

Konkret geht es um den Diabetes-Patienten mit kardiovaskulären Erkrankungen oder Risiken, die Herzinsuffizienz sowie die kardiovaskuläre Primär- und Sekundärprävention. Sind Sie hier schon auf dem neuesten Stand? Unsere Experten beleuchten, wo und warum das bisherige Procedere geändert werden soll und was in der Praxis sinnvoll ist. Holen Sie sich Ihr Update und 2 CME-Punkte beim MMW-Webinar am 24. April von 17.30 bis 19 Uhr
Erweiterte Suche
Anmelden
nach oben
Journal of Medical Systems
Erschienen in: Journal of Medical Systems 11/2016

01.11.2016 | Mobile & Wireless Health

A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography

verfasst von: Shehzad Ashraf Chaudhry, Muhammad Tawab Khan, Muhammad Khurram Khan, Taeshik Shon

Erschienen in: Journal of Medical Systems | Ausgabe 11/2016

Einloggen, um Zugang zu erhalten

Abstract

Recently several authentication schemes are proposed for telecare medicine information system (TMIS). Many of such schemes are proved to have weaknesses against known attacks. Furthermore, numerous such schemes cannot be used in real time scenarios. Because they assume a single server for authentication across the globe. Very recently, Amin et al. (J. Med. Syst. 39(11):180, 2015) designed an authentication scheme for secure communication between a patient and a medical practitioner using a trusted central medical server. They claimed their scheme to extend all security requirements and emphasized the efficiency of their scheme. However, the analysis in this article proves that the scheme designed by Amin et al. is vulnerable to stolen smart card and stolen verifier attacks. Furthermore, their scheme is having scalability issues along with inefficient password change and password recovery phases. Then we propose an improved scheme. The proposed scheme is more practical, secure and lightweight than Amin et al.’s scheme. The security of proposed scheme is proved using the popular automated tool ProVerif.
Literatur
1.
Alizadeh, M., Zamani, M., Baharun, S., Manaf, A. A., Sakurai, K., Anada, H., Keshavarz, H., Chaudhry, S. A., Khan, M. K., Cryptanalysis and improvement of a secure password authentication mechanism for seamless handover in proxy mobile ipv6 networks. PloS one 10(11):e0142716, 2015.CrossRefPubMedPubMedCentral
2.
Mir, O., and Nikooghadam, M.: A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services
3.
He, D., Kumar, N., Chen, J., Lee, C.-C., Chilamkurti, N., Yeo, S.-S., Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimed. Syst. 21(1): 49–60, 2013.CrossRef
4.
Maitra, T., Obaidat, M. S., Islam, S. H., Giri, D., Amin, R.: Security analysis and design of an efficient ecc-based two-factor password authentication scheme. Security and Communication Networks (2016) n/a–n/aSec 1596 doi:10.​1002/​sec.​1596
5.
Wang, D., and Wang, P., On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions. Comput. Netw. 73:41–57, 2014.CrossRef
6.
Wang, D., He, D., Wang, P., Chu, C., Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Depend Secur Comput 99:1–1, 2014. doi:10.​1109/​TDSC.​2014.​2355850.
7.
8.
9.
Farash, M. S., Ahmadian-Attari, M., Bayat, M., A certificateless multiple-key agreement protocol based on bilinear pairings. IACR Crypt ePrint Arch 2012:393, 2012.
10.
Farash, M. S., Attari, M. A., Atani, R. E., Jami, M., A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Comput Elect Eng 39(2):530–541, 2013.CrossRef
11.
Amin, R., Islam, S. H., Biswas, G., Khan, M. K., Kumar, N., An efficient and practical smart card based anonymity preserving user authentication scheme for tmis using elliptic curve cryptography. J Med Syst 39 (11):1–18, 2015.
12.
Alizadeh, M., Baharun, S., Zamani, M., Khodadadi, T., Darvishi, M., Gholizadeh, S., Ahmadi, H., Anonymity and untraceability assessment of authentication protocols in proxy mobile ipv6. Jurnal Teknologi 72(5).
13.
He, D., Kumar, N., Chilamkurti, N.: A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci.
14.
Arshad, H., and Nikooghadam, M., An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc. Multimed Tools Appl.,1–17, 2014.
15.
He, D., Kumar, N., Shen, H., Lee, J.-H., One-to-many authentication for access control in mobile pay-tv systems. Sci. Chin. Inf. Sci.,1–14, 2015.
16.
17.
Jin, A. T. B., Ling, D. N. C., Goh, A., Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.CrossRef
18.
Lumini, A., and Nanni, L., An improved biohashing for human authentication. Pattern Recog. 40(3): 1057–1065, 2007.CrossRef
19.
Leng, L., Teoh, A. B. J., Li, M., Khan, M. K., A remote cancelable palmprint authentication protocol based on multi-directional two-dimensional palmphasor-fusion. Secur. Commun. Netw. 7(11):1860–1871, 2014.CrossRef
20.
Leng, L., and Teoh, A. B. J., Alignment-free row-co-occurrence cancelable palmprint fuzzy vault. Pattern Recog. 48(7):2290–2303, 2015.CrossRef
21.
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.: On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Wagner, D. (Ed.) Advances in Cryptology, CRYPTO 2008, Vol. 5157 of Lecture Notes in Computer Science, pp. 203–220. Springer, Berlin (2008), 10.​1007/​978-3-540-85174-5_​12
22.
23.
24.
Messerges, T. S., Dabbish, E. A., Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRef
25.
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology CRYPTO 99, pp. 388–397. Springer (1999)
26.
Xie, Q., A new authenticated key agreement for session initiation protocol. Int. J. Commun. Syst. 25(1):47–54, 2012.CrossRef
27.
Xie, Q., Hu, B., Dong, N., Wong, D. S., Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems. PloS one 9(7):e102747, 2014.CrossRefPubMedPubMedCentral
28.
Wu, F., Xu, L., Kumari, S., Li, X., An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw. Appl.,1–20, 2016.
29.
Chaudhry, S. A., Farash, M. S., Naqvi, H., Kumari, S., Khan, M. K., An enhanced privacy preserving remote user authentication scheme with provable security. Secur. Commun. Netw., 1–13, 2015. doi:10.​1002/​sec.​1299.
30.
Kalra, S., and Sood, S., Advanced remote user authentication protocol for multi-server architecture based on ecc. J. Inf. Secur. Appl. 18(2):98–107, 2013.
31.
Kim, H., Jeon, W., Lee, K., Lee, Y., Won, D.: Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme. In: Computational Science and Its Applications–ICCSA 2012, pp. 391–406. Springer (2012)
32.
Yoon, E.-J., and Yoo, K.-Y., Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J. Supercomput. 63(1):235–255, 2013.CrossRef
33.
Kilinc, H. H., and Yanik, T., A survey of sip authentication and key agreement schemes. IEEE Commun. Surveys Tutor. 16(2):1005–1023, 2014.CrossRef
Metadaten
Titel
A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography
verfasst von
Shehzad Ashraf Chaudhry
Muhammad Tawab Khan
Muhammad Khurram Khan
Taeshik Shon
Publikationsdatum
01.11.2016
Verlag
Springer US
Erschienen in
Journal of Medical Systems / Ausgabe 11/2016
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-016-0592-4

Weitere Artikel der Ausgabe 11/2016

Journal of Medical Systems 11/2016 Zur Ausgabe

Patient Facing Systems

A Provably Secure Aggregate Signature Scheme for Healthcare Wireless Sensor Networks

Mobile & Wireless Health

A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems

Systems-Level Quality Improvement

Implementation of a Novel Electronic Health Record-Embedded Physician Orders for Life-Sustaining Treatment System

Mobile Systems

m2-ABKS: Attribute-Based Multi-Keyword Search over Encrypted Personal Health Records in Multi-Owner Setting

Education & Training

The Impact of the Security Competency on “Self-Efficacy in Information Security” for Effective Health Information Security in Iran

Systems-Level Quality Improvement

Opportunities and Accountable Care Organizations