Abstract
The telecare medicine information systems (TMIS) architecture is exceedingly paving the ways for convenient dispensing of patient-oriented healthcare services at remote distances. At the same time, with the growing convenience in healthcare delivery, the privacy for service seekers cannot be overlooked. Different authentication protocols have been presented in the last few years; nonetheless the recent attacks or identified limitations on those protocols make them ineffective for practical implementation. Lately, Zhang et al. proposed an anonymous TMIS-based authentication scheme. Nonetheless, Zhang et al.’s protocol has been found vulnerable to password guessing, biometric parameter extraction, and server spoofing threat. We have designed an enhanced model countering the identified threats and drawbacks of contemporary TMIS-based schemes. Our proposed scheme includes the proven security features under formal analysis with BAN logic which makes certain the resilience of the contributed scheme.
Similar content being viewed by others
References
Li, S.; Wang, C.; Lu, W.; Lin, Y.; Yen, D.: Design and implementation of a telecare information platform. J. Med. Syst. 36(3), 1629–1650 (2012)
Nguyen, L.; Bellucci, E.: Electronic health records implementation: an evaluation of information system impact and contingency factors. Int. J. Med. Inf. 83(11), 779–796 (2014)
Perera, G.; Holbrook, A.; Thabane, L.; Foster, G.; Willison, D.: Views on health information sharing and privacy from primary care practices using electronic medical records. Int. J. Med. Inf. 80(2), 94–101 (2011)
Hur, J.; Kang, K.: Dependable and secure computing in medical information systems. Comput. Commun. 36(1), 20–28 (2012)
Lee, C.D.; Ho, K.I.; Lee, W.B.: A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 15, 550–556 (2011)
Ludwig, W.; Wolf, K.H.; Duwenkamp, C.; Gusew, N.; Hellrung, N.; Marschollek, M.; Wagner, M.; Haux, R.: Health-enabling technologies for the elderly–an overview of services based on a literature review. Comput. Methods Progr. Biomed. 106(2), 70–78 (2012)
Irshad, A.; Chaudhry, S.A.: Comments on “A privacy preserving three-factor authentication protocol for e-health clouds”. J Supercomput 73(4), 1504–1508 (2017)
Irshad, A.; Sher, M.; Nawaz, O.; Chaudhry, S.A.; Khan, I.; Kumari, S.; : A secure and provable multi-server authenticated key agreement for TMIS based on Amin,; et al.: scheme. Multimed. Tools Appl. 76(15), 16463–16489 (2017)
Lee, T.F.; Liu, C.M.: A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3), 1–11 (2013)
Lee, T.F.: Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems. Comput. Methods Progr. Biomed. 117(3), 464–472 (2014)
Xu, X.; Zhu, P.; Wen, Q.Y.; Jin, Z.P.; Zhang, H.; He, L.: A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information system. J. Med. Syst. 38(1), 1–7 (2014)
Wen, F.T.; Guo, L.D.: An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(5), 1–8 (2014)
Farash, M.; Attari, M.: An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn. 77(1–2), 399–411 (2014)
Mishra, D.: Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems. J. Med. Syst. (2015). https://doi.org/10.1007/s10916-015-0193-7
Mishra, D.: On the security flaws in ID-based password authentication schemes for telecare medical information systems. J. Med. Syst. 39(1), 1–16 (2015)
Awasthi, A.; Srivastava, K.: A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5), 1–7 (2013)
Mishra, D.; Mukhopadhyay, S.; Kumari, S.; Khan, M.; Chaturvedi, A.: Security enhancement of a biometrics based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5), 1–11 (2014)
Tan, Z.: A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3), 1–9 (2014)
Arshad, H.; Nikooghadam, M.: Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(3), 1–9 (2014)
Yan, X.; Li, W.; Li, P.; Wang, J.; Hao, X.; Gong, P.: A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(5), 1–6 (2013)
Mishra, D.; Mukhopadhyay, S.; Chaturvedi, A.; Kumari, S.; Khan, M.: Cryptanalysis and improvement of Yan et al’.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6), 1–12 (2014)
Sarvabhatla, M.; Giri, M.; Vorugunti, C.S.: Cryptanalysis of cryptanalysis and improvement of Yan et al. biometric- based authentication scheme for TMIS, CoRR (2014). arXiv:1406.3943.
Amin, R.; Biswas, G.P.: A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8), 78 (2015)
Zhang, L.; Zhu, S.; Tang, S.: Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE J. Biomed. Health Inf. (2016). https://doi.org/10.1109/JBHI.2016.2517146
Ch, S.A.; Sher, M.; Ghani, A.; Naqvi, H.; Irshad, A.: An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimed. Tools Appl. 74(5), 1711–1723 (2015)
Zhang, L.P.; Zhu, S.H.: Robust ECC-based authenticated key agreement scheme with privacy protection for Telecare Medicine Information Systems. J. Med. Syst. 39(5), 1–13 (2015)
He, D.B.; Chen, Y.: Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn. 69(3), 1149–1157 (2012)
Zhao, F.; Gong, P.; Li, S.; Li, M.; Li, P.: Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dyn. 74(1–2), 419–427 (2013)
Lee, T.F.: An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 37(6), 1–9 (2013)
Chaudhry, S.A.; Mahmood, K.; Naqvi, H.; Khan, M.K.: An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. J. Med. Syst. 39(11), 1–12 (2015)
Mishra, D.; Srinivas, J.; Mukhopadhyay, S.: A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10), 1–10 (2014)
Lin, H.: Improved chaotic maps-based password authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 20(2), 482–488 (2015)
Baptista, M.: Cryptography with chaos. Phys. Lett. A. 24(1–2), 50–54 (1998)
Yau, W.; Phan, R.: Cryptanalysis of a chaotic map-based password-authenticated key agreement protocol using smart cards. Nonlinear Dyn. 79(2), 809–821 (2015)
Chaudhry, S.A.; Naqvi, H.; Shon, T.; Sher, M.; Farash, M.S.: Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6), 1–11 (2015)
Jiang, Q.; Wei, F.; Fu, S.; Ma, J.; Li, G.; Alelaiwi, A.: Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn. 83(4), 2085–2101 (2016)
Lumini, A.; Loris, N.: An improved bio-hashing for human authentication. Pattern Recognit. 40(3), 1057–1065 (2007)
Tan, Z.: Secure delegation-based authentication for telecare medicine information systems. IEEE Access 6, 26091–26110 (2018)
Li, X.; Niu, J.; Kumari, S.; Wu, F.; Choo, K.K.R.: A robust biometrics based three-factor authentication scheme for global mobility networks in smart city. Future Gener. Comput. Syst. 83, 607–618 (2018)
Irshad, A.; Sher, M.; Faisal, M.S.; Ghani, A.; Ul Hassan, M.; Ashraf, ChS: A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Secur. Commun. Netw. 7(8), 1210–1218 (2014)
Irshad, A.; Sher, M.; Chaudhary, S.A.; Naqvi, H.; Farash, M.S.: An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre. J. Supercomput 72(4), 1623–1644 (2016)
Chaudhry, S.A.; Naqvi, H.; Mahmood, K.; Ahmad, H.F.; Khan, M.K.: An improved remote user authentication scheme using elliptic curve cryptography. Wirel. Pers. Commun. 96(4), 5355–5373 (2017)
Chaudhry, S.A.; Khan, I.; Irshad, A.; Ashraf, M.U.; Khan, M.K.; Ahmad, H.F.: A provably secure anonymous authentication scheme for session initiation protocol. Secur. Commun. Netw. 9(18), 5016–5027 (2016)
Khan, I.; Chaudhry, S.A.; Sher, M.; Khan, J.I.; Khan, M.K.: An anonymous and provably secure biometric-based authentication scheme using chaotic maps for accessing medical drop box data. J. Supercomput. 1–19 (2016). https://doi.org/10.1007/s11227-016-1886-5
Chaudhry, S.A.; Naqvi, H.; Farash, M.S.; Shon, T.; Sher, M.: An improved and robust biometrics-based three factor authentication scheme for multiserver environments. J. Supercomput. 1–17 (2015). https://doi.org/10.1007/s11227-015-1601-y
Blanchet, B.; Cheval, V.; Allamigeon, X.; Smyth, B.: ProVerif: cryptographic protocol verifier in the formal model. http://prosecco.gforge.inria.fr/personal/bblanche/prover/. Accessed 10 Mar 2018
Burrow, M.; Abadi, M.; Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)
Kilinc, H.H.; Yanik, T.: A survey of SIP authentication and key agreement schemes. Commun. Surveys Tutor. IEEE 16(2), 1005–1023 (2014)
Lee, T.F.: Efficient and secure temporal credential-based authenticated key agreement using extended chaotic maps for wireless sensor networks. Sensors 15(7), 14960–14980 (2015)
Acknowledgements
This project was funded by the Deanship of Scientific Research (DSR), King Abdulaziz University, Jeddah, under grant no. (G-14-611-39). The authors, therefore, acknowledge with thanks DSR technical and financial support.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Alzahrani, B.A., Irshad, A. A Secure and Efficient TMIS-Based Authentication Scheme Improved Against Zhang et al.’s Scheme. Arab J Sci Eng 43, 8239–8253 (2018). https://doi.org/10.1007/s13369-018-3494-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13369-018-3494-6