A biometrics-based mutual authentication and key agreement protocol for TMIS using elliptic curve cryptography

Telecare Medicine Information System (TMIS) refers to a medical model that uses communication and information technology to realize multiple medical functions such as remote disease diagnosis, treatment, and health care. Because TMIS is carried out on an insecure public Internet, a large number of mutual authentication and key agreement protocols for TMIS have been proposed to protect the privacy of patients. Recently, Ostad-Sharif et al. proposed a novel anonymous authentication and key agreement scheme for TMIS. In this work, we will demonstrate that Ostad-Sharif et al.'s scheme exists the problems of strong authentication and inefficient password change, and it cannot resist the off-line password guessing attack. To overcome the weaknesses found in Ostad-Sharif et al.'s scheme, we propose a biometrics-based mutual authentication and key agreement protocol for TMIS, making full use of the advantages of one-way hash function and elliptic curve cryptosystem (ECC). The security of the proposed scheme is formally proved under the widely used random oracle model (ROM), and various known malicious attack resistances also are presented by the heuristic discussion. Compared with the existing related schemes, the computation cost and communication overhead of our scheme are reduced by 74.5% and 27.3% respectively.