nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

01.09.2016

Cryptanalysis and improvement of ‘a secure authentication scheme for telecare medical information system’ with nonce verification

verfasst von: Zeeshan Siddiqui, Abdul Hanan Abdullah, Muhammad Khurram Khan, Abdullah Sharaf Alghamdi

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 5/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In 2009, Xu et al. presented an improved smartcard based authentication scheme while using a security model previously applied by Bellare et al. to prove the security of their authentication methods. Later on, in 2012, Wu et al. pointed out number of authentication attacks in Xu et al. scheme. To address these issues, Wu et al. presented a Smartcard based Two-Factor Authentication (2FA) scheme for Telecare Medical Information System (TMIS) facility. In this study, we prove that authentication scheme of Wu et al. is still vulnerable to impersonation attack, offline password guessing attack, forgery attack and many other attacks. Moreover, number of performance and verification issues are also outlined in the authentication scheme of Wu et al. To overcome these issues, an improved and enhanced 3FA Smartphone based authentication method is proposed on a Cloud Computing environment. The proposed scheme is further corroborated using Burrows-Abadi-Needham logic (BAN logic) nonce verification. The detailed BAN logic verification and further security analysis shows that the proposed authentication protocol is highly reliable and secure in terms of message verifications, message freshness and trustworthiness of its origin. Moreover, the comparative security, performance and feature analysis shows that the proposed work yields an even more improved and enhanced authentication framework as compared to Wu et al. authentication scheme.

Vorheriger Artikel An intelligent RFID-enabled authentication scheme for healthcare applications in vehicular mobile cloud

Nächster Artikel Efficient data integrity auditing for storage security in mobile health cloud

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Alghamdi AS, Siddiqui Z, Quadri, SSA (2010) A common information exchange model for multiple C4I architectures. Computer Modelling and Simulation (UKSim), 2010 12th International Conference on. 24–26 March 2010 538–542

Alghamdi AS (2010) Common Information Framework b/w/ Defense Architectures, A Wen Semantics Approach

Siddiqui Z, Abdullah AH, Khan MK (2011) Qualified Analysis b/w ESB(s) Using Analytical Hierarchy Process (AHP) Method. Intelligent Systems, Modelling and Simulation (ISMS), 2011 Second International Conference on. 25–27 Jan 2011 100–104

Siddiqui Z, Khan MK, Alghamdi AS (2010) Node level information security in Common Information Exchange Model (CIEM). Sci Int 21:221–230

Siddiqui Z, Khan MK, Alghathbar K (2011) Analysis of enterprise service buses on information security, interoperability and high-availability using Analytical Hierarchy Process (AHP). J Phys Sci 6:35–42

Chen H-M, Lo J-W, Yeh C-K (2012) An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J Med Syst 36(6):3907–3915CrossRef

Jiang Q, Ma J, Ma Z, Li G (2013) A privacy enhanced authentication scheme for telecare medical information systems. J Med Syst 37(1):1–8MathSciNetCrossRef

Siddiqui Z, Abdullah A, Khan M, Alghamdi AS (2013) Smart environment as a service: three factor cloud based user authentication for telecare medical information system. J Med Syst 38(1):1–14

Wei J, Hu X, Liu W (2012) An improved authentication scheme for telecare medicine information systems. J Med Syst 36(6):3597–3604CrossRef

10.

Eldefrawy MH, Khan MK, Alghathbar K, Kim T-H, Elkamchouchi H (2012) Mobile one-time passwords: two-factor authentication using mobile phones. Secur Commun Netw 5(5):508–516CrossRef

11.

Incorporation A (2013) Medical Application Built for iPhone Users

12.

Jucheng Y, Naixue X, Vasilakos AV, Zhijun F, Dongsun P, Xianghua X, Sook Y, Shanjuan X, Yong Y (2011) A fingerprint recognition scheme based on assembling invariant moments for cloud computing communications. Syst J IEEE 5(4):574–583CrossRef

13.

Smith A (2013) Smartphone ownership–2013 update. Pew Research Center, Washington

14.

Siddiqui Z, Alghamdi AS (2014) SOA based C4I common-view interoperability model. J Sci Int 26(1):175–180

15.

Siddiqui Z, Alghamdi AS (2014) A universal view SOA interoperability framework for multiple C4I applications. J Sci Int 26(1):97–100

16.

Hao X, Wang J, Yang Q, Yan X, Li P (2013) A chaotic map-based authentication scheme for telecare medicine information systems. J Med Syst 37(2):1–7CrossRef

17.

Yan X, Li W, Li P, Wang J, Hao X, Gong P (2013) A secure biometrics-based authentication scheme for telecare medicine information systems. J Med Syst 37(5):1–6CrossRef

18.

Xu J, Zhu W-T, Feng D-G (2009) An improved smart card based password authentication scheme with provable security. Comput Stand Interfaces 31(4):723–728CrossRef

19.

Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. Advances in Cryptology—Eurocrypt 2000. Springer 139–155

20.

Wu Z-Y, Lee Y-C, Lai F, Lee H-C, Chung Y (2012) A secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1529–1535CrossRef

21.

Burrows M, Abadi M, Needham RM (1871) A logic of authentication. Proc R Soc Lond A Math Phys Sci 1989(426):233–271MathSciNetMATH

22.

Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Advances in Cryptology—CRYPTO’99. Springer 388–397

23.

Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. Comp IEEE Trans 51(5):541–552MathSciNetCrossRef

Titel: Cryptanalysis and improvement of ‘a secure authentication scheme for telecare medical information system’ with nonce verification
verfasst von: Zeeshan Siddiqui
Abdul Hanan Abdullah
Muhammad Khurram Khan
Abdullah Sharaf Alghamdi
Publikationsdatum: 01.09.2016
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 5/2016
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-015-0364-9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 5/2016

Novel power control and collision resolution schemes for device-to-device discovery

Optimization of resource allocation for underlay device-to-device communications in cellular networks

A semi-supervised privacy-preserving clustering algorithm for healthcare

Privacy preserving secure data exchange in mobile P2P cloud healthcare environment

Device-to-device resource allocation in LTE-advanced networks by hybrid particle swarm optimization and genetic algorithm

Providing security and fault tolerance in P2P connections between clouds for mHealth services