An anonymous and provably secure biometric-based authentication scheme using chaotic maps for accessing medical drop box data

Telecare medicine information systems (TMISs) provides a platform to the participating medical entities to share medical data over an insecure public channel. Medical drop box (MDB) is used for the said purpose, where electronic health record (EHR) is maintained for national health information exchange (NHIX). EHR is a crucial part of MDB. Therefore, the main challenge in NHIX is to restrict MDB access to only the authenticated entities. Very Recently, Moon et al. introduced a biometrics-based authentication scheme using chaotic maps for TMISs. The authors claimed that their scheme is efficient and robust in terms of its usage and implementation. However, this paper unveils that due to storage of verifier table on server, their scheme is having scalability and efficiency issues. Furthermore, the use of the same parameters and during different login requests makes the scheme traceable. Therefore, an improved scheme using chaotic maps has been proposed in this paper, which provides user anonymity and untraceability along with computational efficiency. The security of the proposed scheme is evaluated in detail through the random oracle model. The analysis reveals that the proposed scheme is robust and secure against the known attacks. Moreover, analysis is further verified through popular automated tool ProVerif.