Cryptanalysis and Biometric-Based Enhancement of a Remote User Authentication Scheme for E-Healthcare System

In recent years, E-healthcare system is quite popular and the easiest medium to avail high-quality healthcare services from the specialized medical professions. In this system, the security is one of the major concern issues since during diagnosis process the patient’s medical-related documents are sensitive and it is always desirable that the authorized users can avail this facility in a secure way. Several remote user authentication schemes are reported to make E-healthcare system secure. Recently, Li et al. proposed a user authentication scheme for E-healthcare system and claimed that their scheme is able to withstand most of the common security attacks. However, we have reviewed their scheme and pointed out some vulnerabilities like identity and password guessing attacks; privileged insider attack; user impersonation attack; and smartcard theft attack. In order to overcome these security vulnerabilities, a biometric-based remote user authentication scheme is proposed for improving the security in E-healthcare system. The proposed scheme is validated using well-accepted Burrows–Abadi–Needham (BAN) logic and random oracle model. The informal security analysis ensures that the proposed scheme is able to resist several types of malicious cryptography attacks. Further, the proposed scheme is simulated using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and the simulation results reveal that the scheme is secure against active and passive attacks. The proposed scheme is also compared with the existing schemes in terms of evaluation parameters like smartcard storage cost, communication cost, computation cost, and estimated time.