A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS

被引:0
作者
Ashok Kumar Das
Vanga Odelu
Adrijit Goswami
机构
[1] International Institute of Information Technology,Center for Security, Theory and Algorithmic Research
[2] Indian Institute of Technology,Department of Mathematics
来源
Journal of Medical Systems | 2015年 / 39卷
关键词
Telecare medicine information systems; Authentication; Key agreement; Multi-medical servers; Fuzzy extractor; Biometrics; User anonymity; AVISPA;
D O I
暂无
中图分类号
学科分类号
摘要
The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas’s scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to other related schemes. As a result, our scheme is very appropriate for practical applications in TMIS.
引用
收藏
相关论文
共 113 条
  • [1] Amin R(2015)A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS J. Med. Syst. 39 1-17
  • [2] Biswas GP(2005)A symbolic model checker for security protocols Int. J. Inf. Secur. 4 181-208
  • [3] Basin D(2007)A Biometric Identity Based Signature Scheme Int. J. Netw. Secur. 5 317-326
  • [4] Modersheim S(1990)A logic of authentication ACM Trans. Comput. Syst. 8 18-36
  • [5] OFMC LV(2015)An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks Secur. Commun. Netw. 8 1752-1771
  • [6] Burnett A(2014)A novel and efficient user access control scheme for wireless body area sensor networks J. King Saud Univ.-Comput. Inf. Sci. 26 181-201
  • [7] Byrne F(2014)An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics Expert Syst. Appl. 41 1411-1418
  • [8] Dowling T(2010)An efficient dynamic group key agreement protocol for imbalanced wireless networks Int. J. Netw. Manag. 20 167-180
  • [9] Duffy A(2011)Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards IET Inf. Secur. 5 145-151
  • [10] Burrows M(2015)A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems J. Med. Syst. 39 1-20
12345678910