Skip to main content

Advertisement

SpringerLink
Log in

A Secure and Efficient TMIS-Based Authentication Scheme Improved Against Zhang et al.’s Scheme

  • Research Article - Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

The telecare medicine information systems (TMIS) architecture is exceedingly paving the ways for convenient dispensing of patient-oriented healthcare services at remote distances. At the same time, with the growing convenience in healthcare delivery, the privacy for service seekers cannot be overlooked. Different authentication protocols have been presented in the last few years; nonetheless the recent attacks or identified limitations on those protocols make them ineffective for practical implementation. Lately, Zhang et al. proposed an anonymous TMIS-based authentication scheme. Nonetheless, Zhang et al.’s protocol has been found vulnerable to password guessing, biometric parameter extraction, and server spoofing threat. We have designed an enhanced model countering the identified threats and drawbacks of contemporary TMIS-based schemes. Our proposed scheme includes the proven security features under formal analysis with BAN logic which makes certain the resilience of the contributed scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Li, S.; Wang, C.; Lu, W.; Lin, Y.; Yen, D.: Design and implementation of a telecare information platform. J. Med. Syst. 36(3), 1629–1650 (2012)

    Article  Google Scholar 

  2. Nguyen, L.; Bellucci, E.: Electronic health records implementation: an evaluation of information system impact and contingency factors. Int. J. Med. Inf. 83(11), 779–796 (2014)

    Article  Google Scholar 

  3. Perera, G.; Holbrook, A.; Thabane, L.; Foster, G.; Willison, D.: Views on health information sharing and privacy from primary care practices using electronic medical records. Int. J. Med. Inf. 80(2), 94–101 (2011)

    Article  Google Scholar 

  4. Hur, J.; Kang, K.: Dependable and secure computing in medical information systems. Comput. Commun. 36(1), 20–28 (2012)

    Article  Google Scholar 

  5. Lee, C.D.; Ho, K.I.; Lee, W.B.: A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 15, 550–556 (2011)

    Article  Google Scholar 

  6. Ludwig, W.; Wolf, K.H.; Duwenkamp, C.; Gusew, N.; Hellrung, N.; Marschollek, M.; Wagner, M.; Haux, R.: Health-enabling technologies for the elderly–an overview of services based on a literature review. Comput. Methods Progr. Biomed. 106(2), 70–78 (2012)

    Article  Google Scholar 

  7. Irshad, A.; Chaudhry, S.A.: Comments on “A privacy preserving three-factor authentication protocol for e-health clouds”. J Supercomput 73(4), 1504–1508 (2017)

    Article  Google Scholar 

  8. Irshad, A.; Sher, M.; Nawaz, O.; Chaudhry, S.A.; Khan, I.; Kumari, S.; : A secure and provable multi-server authenticated key agreement for TMIS based on Amin,; et al.: scheme. Multimed. Tools Appl. 76(15), 16463–16489 (2017)

  9. Lee, T.F.; Liu, C.M.: A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3), 1–11 (2013)

    Google Scholar 

  10. Lee, T.F.: Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems. Comput. Methods Progr. Biomed. 117(3), 464–472 (2014)

    Article  Google Scholar 

  11. Xu, X.; Zhu, P.; Wen, Q.Y.; Jin, Z.P.; Zhang, H.; He, L.: A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information system. J. Med. Syst. 38(1), 1–7 (2014)

    Article  Google Scholar 

  12. Wen, F.T.; Guo, L.D.: An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(5), 1–8 (2014)

    Google Scholar 

  13. Farash, M.; Attari, M.: An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn. 77(1–2), 399–411 (2014)

    Article  MathSciNet  Google Scholar 

  14. Mishra, D.: Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems. J. Med. Syst. (2015). https://doi.org/10.1007/s10916-015-0193-7

    Article  Google Scholar 

  15. Mishra, D.: On the security flaws in ID-based password authentication schemes for telecare medical information systems. J. Med. Syst. 39(1), 1–16 (2015)

    Article  Google Scholar 

  16. Awasthi, A.; Srivastava, K.: A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5), 1–7 (2013)

    Article  Google Scholar 

  17. Mishra, D.; Mukhopadhyay, S.; Kumari, S.; Khan, M.; Chaturvedi, A.: Security enhancement of a biometrics based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5), 1–11 (2014)

    Article  Google Scholar 

  18. Tan, Z.: A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3), 1–9 (2014)

    Article  Google Scholar 

  19. Arshad, H.; Nikooghadam, M.: Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(3), 1–9 (2014)

    Google Scholar 

  20. Yan, X.; Li, W.; Li, P.; Wang, J.; Hao, X.; Gong, P.: A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(5), 1–6 (2013)

    Article  Google Scholar 

  21. Mishra, D.; Mukhopadhyay, S.; Chaturvedi, A.; Kumari, S.; Khan, M.: Cryptanalysis and improvement of Yan et al’.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6), 1–12 (2014)

    Article  Google Scholar 

  22. Sarvabhatla, M.; Giri, M.; Vorugunti, C.S.: Cryptanalysis of cryptanalysis and improvement of Yan et al. biometric- based authentication scheme for TMIS, CoRR (2014). arXiv:1406.3943.

  23. Amin, R.; Biswas, G.P.: A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8), 78 (2015)

    Article  Google Scholar 

  24. Zhang, L.; Zhu, S.; Tang, S.: Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE J. Biomed. Health Inf. (2016). https://doi.org/10.1109/JBHI.2016.2517146

    Article  Google Scholar 

  25. Ch, S.A.; Sher, M.; Ghani, A.; Naqvi, H.; Irshad, A.: An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimed. Tools Appl. 74(5), 1711–1723 (2015)

    Article  Google Scholar 

  26. Zhang, L.P.; Zhu, S.H.: Robust ECC-based authenticated key agreement scheme with privacy protection for Telecare Medicine Information Systems. J. Med. Syst. 39(5), 1–13 (2015)

    Article  Google Scholar 

  27. He, D.B.; Chen, Y.: Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn. 69(3), 1149–1157 (2012)

    Article  MathSciNet  Google Scholar 

  28. Zhao, F.; Gong, P.; Li, S.; Li, M.; Li, P.: Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dyn. 74(1–2), 419–427 (2013)

    Article  MathSciNet  Google Scholar 

  29. Lee, T.F.: An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 37(6), 1–9 (2013)

    Article  Google Scholar 

  30. Chaudhry, S.A.; Mahmood, K.; Naqvi, H.; Khan, M.K.: An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. J. Med. Syst. 39(11), 1–12 (2015)

    Article  Google Scholar 

  31. Mishra, D.; Srinivas, J.; Mukhopadhyay, S.: A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10), 1–10 (2014)

    Article  Google Scholar 

  32. Lin, H.: Improved chaotic maps-based password authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 20(2), 482–488 (2015)

    Article  Google Scholar 

  33. Baptista, M.: Cryptography with chaos. Phys. Lett. A. 24(1–2), 50–54 (1998)

    Article  MathSciNet  Google Scholar 

  34. Yau, W.; Phan, R.: Cryptanalysis of a chaotic map-based password-authenticated key agreement protocol using smart cards. Nonlinear Dyn. 79(2), 809–821 (2015)

    Article  MathSciNet  Google Scholar 

  35. Chaudhry, S.A.; Naqvi, H.; Shon, T.; Sher, M.; Farash, M.S.: Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6), 1–11 (2015)

    Article  Google Scholar 

  36. Jiang, Q.; Wei, F.; Fu, S.; Ma, J.; Li, G.; Alelaiwi, A.: Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn. 83(4), 2085–2101 (2016)

    Article  MathSciNet  Google Scholar 

  37. Lumini, A.; Loris, N.: An improved bio-hashing for human authentication. Pattern Recognit. 40(3), 1057–1065 (2007)

    Article  Google Scholar 

  38. Tan, Z.: Secure delegation-based authentication for telecare medicine information systems. IEEE Access 6, 26091–26110 (2018)

    Article  Google Scholar 

  39. Li, X.; Niu, J.; Kumari, S.; Wu, F.; Choo, K.K.R.: A robust biometrics based three-factor authentication scheme for global mobility networks in smart city. Future Gener. Comput. Syst. 83, 607–618 (2018)

    Article  Google Scholar 

  40. Irshad, A.; Sher, M.; Faisal, M.S.; Ghani, A.; Ul Hassan, M.; Ashraf, ChS: A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Secur. Commun. Netw. 7(8), 1210–1218 (2014)

    Article  Google Scholar 

  41. Irshad, A.; Sher, M.; Chaudhary, S.A.; Naqvi, H.; Farash, M.S.: An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre. J. Supercomput 72(4), 1623–1644 (2016)

    Article  Google Scholar 

  42. Chaudhry, S.A.; Naqvi, H.; Mahmood, K.; Ahmad, H.F.; Khan, M.K.: An improved remote user authentication scheme using elliptic curve cryptography. Wirel. Pers. Commun. 96(4), 5355–5373 (2017)

    Article  Google Scholar 

  43. Chaudhry, S.A.; Khan, I.; Irshad, A.; Ashraf, M.U.; Khan, M.K.; Ahmad, H.F.: A provably secure anonymous authentication scheme for session initiation protocol. Secur. Commun. Netw. 9(18), 5016–5027 (2016)

    Article  Google Scholar 

  44. Khan, I.; Chaudhry, S.A.; Sher, M.; Khan, J.I.; Khan, M.K.: An anonymous and provably secure biometric-based authentication scheme using chaotic maps for accessing medical drop box data. J. Supercomput. 1–19 (2016). https://doi.org/10.1007/s11227-016-1886-5

    Article  Google Scholar 

  45. Chaudhry, S.A.; Naqvi, H.; Farash, M.S.; Shon, T.; Sher, M.: An improved and robust biometrics-based three factor authentication scheme for multiserver environments. J. Supercomput. 1–17 (2015). https://doi.org/10.1007/s11227-015-1601-y

    Article  Google Scholar 

  46. Blanchet, B.; Cheval, V.; Allamigeon, X.; Smyth, B.: ProVerif: cryptographic protocol verifier in the formal model. http://prosecco.gforge.inria.fr/personal/bblanche/prover/. Accessed 10 Mar 2018

  47. Burrow, M.; Abadi, M.; Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)

    Article  Google Scholar 

  48. Kilinc, H.H.; Yanik, T.: A survey of SIP authentication and key agreement schemes. Commun. Surveys Tutor. IEEE 16(2), 1005–1023 (2014)

    Article  Google Scholar 

  49. Lee, T.F.: Efficient and secure temporal credential-based authenticated key agreement using extended chaotic maps for wireless sensor networks. Sensors 15(7), 14960–14980 (2015)

    Article  Google Scholar 

Download references

Acknowledgements

This project was funded by the Deanship of Scientific Research (DSR), King Abdulaziz University, Jeddah, under grant no. (G-14-611-39). The authors, therefore, acknowledge with thanks DSR technical and financial support.

Author information

Authors and Affiliations

  1. Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, Saudi Arabia

    Bander A. Alzahrani

  2. Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan

    Azeem Irshad

Authors
  1. Bander A. Alzahrani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Azeem Irshad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Azeem Irshad.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alzahrani, B.A., Irshad, A. A Secure and Efficient TMIS-Based Authentication Scheme Improved Against Zhang et al.’s Scheme. Arab J Sci Eng 43, 8239–8253 (2018). https://doi.org/10.1007/s13369-018-3494-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-018-3494-6

Keywords

Search

Navigation