nach oben

Journal of Medical Systems

Erschienen in:

01.12.2016 | Systems-Level Quality Improvement

Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications

verfasst von: Xiong Li, Jianwei Niu, Marimuthu Karuppiah, Saru Kumari, Fan Wu

Erschienen in: Journal of Medical Systems | Ausgabe 12/2016

Einloggen, um Zugang zu erhalten

Abstract

Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.

Xia, Z., Wang, X., Sun, X., and Wang, Q., A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 27(2):340–352, 2016.CrossRef

Fu, Z., Ren, K., Shu, J., Sun, X., and Huang, F., Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Trans. Parallel Distrib. Syst. 27(9):2546–2559, 2016.CrossRef

Fu, Z., Sun, X., Liu, Q., Zhou, L., and Shu, J., Achieving effocient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans. Commun. 98(1):190–200, 2015.CrossRef

Ren, Y., Shen, J., Wang, J., Han, J., and Lee, S., Mutual verifiable provable data auditing in public cloud storage. J. Internet Technol. 16(2):317–323, 2015.

Xu, J., Zhu, W. T., and Feng, D. G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.CrossRef

Wang, Y. Y., Liu, J. Y., Xiao, F. X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009.CrossRef

Song, R., Advanced smart card based password authentication protocol. Comput. Stand. Interfaces 32(5):321–325, 2010.CrossRef

Sood, S. K., Sarje, A. K., and Singh, K., An improvement of Xu et al.’s authentication scheme using smart cards. In: Proceedings of the Third Annual ACM Bangalore Conference, p. 15. ACM, (2010)

Khan, M. K., Kim, S. K., and Alghathbar, K., Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’. Comput. Commun. 34(3):305–309, 2011.CrossRef

10.

Chen, B. L., Kuo, W. C., and Wuu, L. C., Robust smart-card-based remote user password authentication scheme. Int. J. Commun. Syst. 27(2):377–389, 2014.CrossRef

11.

Kumari, S., and Khan, M. K., Cryptanalysis and improvement of ‘a robust smart-card-based remote user password authentication scheme’. Int. J. Commun. Syst. 27(12):3939–3955, 2014.CrossRef

12.

Li, X., Niu, J., Khan, M. K., and Liao, J., An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5):1365–1371, 2013.CrossRef

13.

An, Y. H., Security improvements of dynamic id-based remote user authentication scheme with session key agreement. In: 15th International Conference on Advanced Communication Technology (ICACT), 2013, pp. 1072–1076. IEEE (2013)

14.

Amin, R., Islam, S. H., Biswas, G., Khan, M. K., and Li, X., Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J. Med. Syst. 39(11):1–21, 2015.

15.

Sood, S. K., Secure dynamic identity-based authentication scheme using smart cards. Information Security Journal: A Global Perspective 20(2):67–77, 2011.

16.

He, D., and Wu, S., Security flaws in a smart card based authentication scheme for multi-server environment. Wirel. Pers. Commun. 70(1):323–329, 2013.CrossRef

17.

Wang, D., Wang, N., Wang, P., and Qing, S., Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity. Inf. Sci. 321:162–178, 2015.CrossRef

18.

Ma, C. G., Wang, D., and Zhao, S. D., Security flaws in two improved remote user authentication schemes using smart cards. Int. J. Commun. Syst. 27(10):2215–2227, 2014.CrossRef

19.

Wang, D., He, D., Wang, P., and Chu, C. H., Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12(4):428–442, 2015.CrossRef

20.

Guo, P., Wang, J., Geng, X. H., Kim, C. S., and Kim, J. U., A variable threshold-value authentication architecture for wireless mesh networks. J. Internet Technol. 15(6):929–935, 2014.

21.

Karuppiah, M., and Saravanan, R., A secure authentication scheme with user anonymity for roaming service in global mobility networks. Wirel. Pers. Commun. 84(3):2055–2078, 2015.CrossRef

22.

Li, X., Niu, J., Wang, Z., and Chen, C., Applying biometrics to design three-factor remote user authentication scheme with key agreement. Security and Communication Networks 7(10):1488–1497, 2014.

23.

Kumari, S., Khan, M. K., and Li, X., An improved remote user authentication scheme with key agreement. Comput. Electr. Eng. 40(6):1997–2012, 2014.CrossRef

24.

Islam, S., Obaidat, M. S., and Amin, R., An anonymous and provably secure authentication scheme for mobile user. Int. J. Commun. Syst. 29(9):1529–1544, 2016.CrossRef

25.

Islam, S. H., Khan, M. K., and Li, X., Security analysis and improvement of ‘a more secure anonymous user authentication scheme for the integrated EPR information system’. PloS one 10(8):e0131368, 2015.CrossRefPubMedPubMedCentral

26.

Li, X., Niu, J., Liao, J., and Liang, W., Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 28(2):374–382, 2015.CrossRef

27.

He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 9(3):816–823, 2015.CrossRef

28.

He, D., Kumar, N., and Chilamkurti, N., A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci. 321:263–277, 2015.CrossRef

29.

Jiang, Q., Ma, J., and Wei, F., On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst. J., 2016. doi:10.1109/JSYST.2016.2574719.

30.

Jiang, Q., Wei, F., Fu, S., Ma, J., Li, G., and Alelaiwi, A., Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn. 83(4):2085–2101, 2016.CrossRef

31.

Jiang, Q., Ma, J., Lu, X., and Tian, Y., An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Networking and Applications 8(6):1070–1081, 2015.CrossRef

32.

Li, X., Niu, J. W., Ma, J., Wang, W. D., and Liu, C. L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.CrossRef

33.

Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology—CRYPTO’ 99, pp. 388–397. Springer (1999)

34.

Messerges, T. S., Dabbish, E., Sloan, R. H., et al., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRef

35.

Kargl, A., Pyka, S., and Seuschek, H., Fast Arithmetic on ATmega128 for Elliptic Curve Cryptography. IACR Cryptology ePrint Archive 2008:442, 2008.

36.

Burrows, J. H., Secure hash standard. DTIC Document, 16, 1995.

Titel: Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications
verfasst von: Xiong Li
Jianwei Niu
Marimuthu Karuppiah
Saru Kumari
Fan Wu
Publikationsdatum: 01.12.2016
Verlag: Springer US
Erschienen in: Journal of Medical Systems / Ausgabe 12/2016
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-016-0629-8

Springer Medizin

Abstract

Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten

Weitere Artikel der Ausgabe 12/2016

Clinical Data Visualization: The Current State and Future Needs

Activity Recognition for Diabetic Patients Using a Smartphone

Security Attacks and Solutions in Electronic Health (E-health) Systems

Estimation of Temporal Gait Events from a Single Accelerometer Through the Scale-Space Filtering Idea

A Two-Step Approach for Longitudinal Registration of Retinal Images

An IoT-cloud Based Wearable ECG Monitoring System for Smart Healthcare