Skip to main content
SpringerLink
Log in

An enhanced lightweight anonymous biometric based authentication scheme for TMIS

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

In recent past, Mir and Nikooghadam presented an enhanced biometrics based authentication scheme using lightweight symmetric key primitives for telemedicine networks. This scheme was introduced in an anticipation to the former biometrics based authentication system proposed by Yan et al. Mir and Nikooghadam declared that their scheme is invincible against potential attacks while providing user anonymity. Our study and in-depth analysis unveil that Mir and Nikooghadam’s authentication scheme is susceptible to smart card stolen attack, moreover anonymity violation is still possible despite the claim of Mir and Nikooghadam. We have utilized the random oracle model in order to perform security analysis. The analysis endorses that the proposed scheme is robust enough to provide protection against all potential attacks specially smart card stolen attack and user anonymity violation attack. Analysis is further substantiated through an automated software application ProVerif. The analysis also shows that proposed scheme is computationally efficient than Mir and Nikooghadam’s scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Anderson GF, Reinhardt UE, Hussey PS, Petrosyan V (2003) It’s the prices, stupid: why the United States is so different from other countries. Health Aff 22 (3):89–105

    Article  Google Scholar 

  2. Arshad H, Nikooghadam M (2014) Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J Med Syst 38(12):1–12

    Article  Google Scholar 

  3. Arshad H, Nikooghadam M (2015) Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol. J Supercomput 71(8):3163–3180. doi:10.1007/s11227-015-1434-8

    Article  Google Scholar 

  4. Arshad H, Nikooghadam M (2016) An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc. Multimedia Tools and Applications 75(1):181–197. doi:10.1007/s11042-014-2282-x

    Article  Google Scholar 

  5. Awasthi AK, Srivastava K (2013) A biometric authentication scheme for telecare medicine information systems with nonce. J Med Syst 37(5):1–4

    Article  Google Scholar 

  6. Chang YF, Tai WL, Chang HC (2014) Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int J Commun Syst 27(11):3430–3440

    Google Scholar 

  7. Chaudhry S, Naqvi H, Shon T, Sher M, Farash M (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst 39(6):66. doi:10.1007/s10916-015-0244-0

    Article  Google Scholar 

  8. Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks:1–13. doi:10.1002/sec.1299

  9. Chuang MC, Chen MC (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41(4):1411–1418

    Article  MathSciNet  Google Scholar 

  10. Das AK (2015) A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. Int J Commun Syst. doi:10.1002/dac.2933

    Google Scholar 

  11. He D, Kumar N, Lee JH, Sherratt R (2014) Enhanced three-factor security protocol for consumer usb mass storage devices. IEEE Trans Consum Electron 60(1):30–37. doi:10.1109/TCE.2014.6780922

    Article  Google Scholar 

  12. He D, Zeadally S (2015) Authentication protocol for an ambient assisted living system. IEEE Commun Mag 53(1):71–77. doi:10.1109/MCOM.2015.7010518

    Article  Google Scholar 

  13. Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ashraf Ch S (2014) A secure authentication scheme for session initiation protocol by using ecc on the basis of the Tang and Liu scheme. Security and Communication Networks 7(8):1210–1218

    Article  Google Scholar 

  14. Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2013) A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications:1–18

  15. Jin Z, Chen Y (2015) Telemedicine in the cloud era: Prospects and challenges. IEEE Pervasive Comput 14(1):54–61. doi:10.1109/MPRV.2015.19

    Article  Google Scholar 

  16. Khan MK, Kumari S (2013) An improved biometrics-based remote user authentication scheme with user anonymity. Biomed Res Int:2013

  17. Kilinc HH, Yanik T (2014) A survey of sip authentication and key agreement schemes. IEEE Commun Surv Tutorials 16(2):1005–1023

    Article  Google Scholar 

  18. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in cryptology, CRYPTO 99. Springer, pp 388–397

  19. Lal Das M, Saxena A, Gulati VP (2007) A dynamic id-based remote user authentication scheme. arXiv:0712.2235

  20. Lee T, Chang J, Chan C, Liu H (2010) Password-based mutual authentication scheme using smart cards. In: The e-learning and information technology symposium 2010 (EITS2010)

  21. Leu JS, Hsieh WB (2014) Efficient and secure dynamic id-based remote user authentication scheme for distributed systems using smart cards. IET Inf Secur 8(2):104–113

    Article  Google Scholar 

  22. Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5

    Article  Google Scholar 

  23. Li X, Ma J, Wang W, Xiong Y, Zhang J (2013) A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Math Comput Model 58(1):85–95

    Article  Google Scholar 

  24. Liu JY, Zhou AM, Gao MX (2008) A new mutual authentication scheme based on nonce and smart cards. Comput Commun 31(10):2205–2209

    Article  Google Scholar 

  25. Lu Y, Li L, Peng H, Yang X, Yang Y (2015) A lightweight id based authentication and key agreement protocol for multi-server architecture. Int J Distrib Sens N 11(3):635890

  26. Lu Y, Li L, Peng H, Yang Y (2015) An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J Med Syst 39(3):1–8

    Article  Google Scholar 

  27. Mehmood Z, Nizamuddin N, Ch S, Nasar W, Ghani A (2012) An efficient key agreement with rekeying for secured body sensor networks. In: Second international conference on digital information processing and communications (ICDIPC), 2012. IEEE, pp 164–167

  28. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  29. Mir O, Nikooghadam M (2015) A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wirel Pers Commun 83(4):2439–2461

    Article  Google Scholar 

  30. Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143

    Article  Google Scholar 

  31. Mishra D, Mukhopadhyay S, Chaturvedi A, Kumari S, Khan MK (2014) Cryptanalysis and improvement of Yan others.’s biometric-based authentication scheme for telecare medicine information systems. J Med Syst 38(6):1–12

    Article  Google Scholar 

  32. Nikooghadam M, Zakerolhosseini A, Moghaddam ME (2010) Efficient utilization of elliptic curve cryptosystem for hierarchical access control. J Syst Softw 83 (10):1917–1929. doi:10.1016/j.jss.2010.05.072. http://www.sciencedirect.com/science/article/pii/S0164121210001354

    Article  Google Scholar 

  33. Srivastava K, Awasthi AK, Kaul SD, Mittal R (2015) A hash based mutual rfid tag authentication protocol in telecare medicine information system. J Med Syst 39(1):1–5

    Article  Google Scholar 

  34. Tan Z (2013) An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3):200–204

    Google Scholar 

  35. Wang D, He D, Wang P, Chu C (2014) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Dependable Secure Comput PP(99):1–1. doi:10.1109/TDSC.2014.2355850

    Google Scholar 

  36. Wang D, Wang P (2014) On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions. Comput Netw 73:41–57

    Article  Google Scholar 

  37. Wang D, Wang P (2014) On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions. Comput Netw 73:41–57

    Article  Google Scholar 

  38. Witteman M (2002) Advances in smartcard security. Information Security Bulletin 7(2002):11–22

    Google Scholar 

  39. Xie Q, Dong N, Wong DS, Hu B (2014) Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol. Int J Commun Syst

  40. Xu X, Zhu P, Wen Q, Jin Z, Zhang H, He L (2013) A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J Med Syst 38(1):9994. doi:10.1007/s10916-013-9994-8

    Article  Google Scholar 

  41. Yan X, Li W, Li P, Wang J, Hao X, Gong P (2013) A secure biometrics-based authentication scheme for telecare medicine information systems. J Med Syst 37(5):9972. doi:10.1007/s10916-013-9972-1

    Article  Google Scholar 

  42. Zhang L, Tang S, Cai Z (2014) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst 27(11):2691–2702

    Google Scholar 

  43. Zhang M, Zhang J, Zhang Y (2015) Remote three-factor authentication scheme based on fuzzy extractors. Security and Communication Networks 8(4):682–693. doi:10.1002/sec.1016

    Article  Google Scholar 

Download references

Acknowledgments

Muhammad Khurram Khan extends his sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding the Prolific Research Group (PRG-1436-16) 2.

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan

    Shehzad Ashraf Chaudhry & Husnain Naqvi

  2. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

Authors
  1. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Husnain Naqvi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shehzad Ashraf Chaudhry.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chaudhry, S.A., Naqvi, H. & Khan, M.K. An enhanced lightweight anonymous biometric based authentication scheme for TMIS. Multimed Tools Appl 77, 5503–5524 (2018). https://doi.org/10.1007/s11042-017-4464-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-017-4464-9

Keywords

Search

Navigation