A Secure User Anonymity-Preserving Three-Factor Remote User Authentication Scheme for the Telecare Medicine Information Systems

被引:20
作者
Das, Ashok Kumar [1 ]
机构
[1] Int Inst Informat Technol, Ctr Secur Theory & Algorithm Res, Hyderabad 500032, Andhra Pradesh, India
来源
JOURNAL OF MEDICAL SYSTEMS | 2015年 / 39卷 / 03期
关键词
Telecare medicine information systems; Fuzzy extractor; Biometrics; Password; User anonymity; AVISPA; Security; ACCESS-CONTROL SCHEME; KEY AGREEMENT; EFFICIENT; CRYPTANALYSIS; IMPROVEMENT; BIOMETRICS; PROTOCOL;
D O I
10.1007/s10916-015-0218-2
中图分类号
R19 [保健组织与事业(卫生事业管理)];
学科分类号
摘要
Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan's scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan's scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan's scheme and then presented an improvement on Tan's s scheme. However, we show that Arshad and Nikooghadam's scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan's scheme, and Arshad and Nikooghadam's scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.
引用
收藏
页数:20
相关论文
共 55 条
[1]  
[Anonymous], 2012, J BIOMED BIOTECHNOL, V2012, P1
[2]  
[Anonymous], 2013, J. Med. Syst.
[3]   Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems [J].
Arshad, Hamed ;
Nikooghadam, Morteza .
JOURNAL OF MEDICAL SYSTEMS, 2014, 38 (12)
[4]  
Basin D., 2004, Int. J. Inf. Secur, V4, P181, DOI [10.1007/s10207-004-0055-7, DOI 10.1007/S10207-004-0055-7]
[5]  
BURNETT A., 2007, International Journal of Network Security, V5, P317
[6]   An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks [J].
Chatterjee, Santanu ;
Das, Ashok Kumar .
SECURITY AND COMMUNICATION NETWORKS, 2015, 8 (09) :1752-1771
[7]  
Chatterjee S, 2014, AD HOC SENS WIREL NE, V21, P121
[8]   Robust smart-card-based remote user password authentication scheme [J].
Chen, Bae-Ling ;
Kuo, Wen-Chung ;
Wuu, Lih-Chyau .
INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2014, 27 (02) :377-389
[9]   An efficient dynamic group key agreement protocol for imbalanced wireless networks [J].
Chuang, Yun-Hsin ;
Tseng, Yuh-Min .
INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, 2010, 20 (04) :167-180
[10]   Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards [J].
Das, A. K. .
IET INFORMATION SECURITY, 2011, 5 (03) :145-151
123456