nach oben

The Journal of Supercomputing

Erschienen in:

18.08.2020

A secure three-factor-based authentication with key agreement protocol for e-Health clouds

verfasst von: Yulei Chen, Jianhua Chen

Erschienen in: The Journal of Supercomputing | Ausgabe 4/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The rapid development of electronic healthcare (e-Health) has brought great convenience to people’s life. In order to guarantee the security of users, a large number of identity authentication protocols have been put forward. Recently, Jiang et al. proposed a privacy preserving three-factor authentication protocol for e-Health clouds. However, we find that their protocol cannot resist the replay attack, the denial of service attack and the known session-specific temporary information attack. Then we propose a secure three-factor-based authentication with key agreement protocol. The analyses show our protocol overcomes the weaknesses of Jiang et al.’s protocol. Moreover, our protocol can resist replay attack, man-in-the-middle attack and provide the user anonymity, the user untraceability, the perfect forward secrecy, etc. In addition, we prove the security of the protocol by the well-known Burrows-Abadi-Needham (BAN) logic. By comparing with the related protocols, we find that our protocol has better security and performance. Therefore, we believe our protocol is more suitable for e-Health clouds.

Vorheriger Artikel An efficient management scheme of blockchain-based cloud user information using probabilistic weighting

Nächster Artikel SMOaaS: a Scalable Matrix Operation as a Service model in Cloud

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Pawar P, Jones VM, Van Beijnum B et al (2012) A framework for the comparison of mobile patient monitoring systems. J Biomed Inf 45(3):544–556

Abbas A, Khan SU (2014) A Review on the state-of-the-art privacy-preserving approaches in the e-health clouds. IEEE J Biomed Health Inform 18(4):1431–1441

Xia Z, Wang X, Sun X et al (2016) A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parallel Distrib Syst 27(2):340–352

Fu Z, Sun X, Liu Q et al (2015) Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. Ice Trans Commun 98(1):190–200

Li H, Yang Y, Luan TH et al (2016) Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data. IEEE Trans Dependable Secure Comput 13(3):312–325

Jiang Q, Ma J, Li G et al (2013) An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wirel Pers Commun 68(4):1477–1491

Zhao D, Peng H, Li L et al (2013) A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wirel Pers Commun 78(1):247–269

Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772MathSciNet

Fan CI, Chan YC, Zhang ZK (2005) Robust remote authentication scheme with smart cards. Comp Secur 24(8):619–628

10.

Juang WS, Chen ST, Liaw HT (2008) Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans Ind Electron 55(6):2551–2556

11.

Sun DZ, Huai JP, Sun JZ et al (2009) Improvements of Juang’s password-authenticated key agreement scheme using smart cards. IEEE Trans Ind Electron 56(6):2284–2291

12.

Jiang Q, Ma J, Li G et al (2013) An improved password-based remote user authentication protocol without smart cards. Inf Technol Control 42(2):113–123

13.

Chen TY, Lee CC, Hwang MS et al (2013) Towards secure and efficient user authentication scheme using smart card for multi-server environments. J Supercomput 66(2):1008–1032

14.

Arshad H, Nikooghadam M (2015) Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol. J Supercomput 71(8):3163–3180

15.

Wang D, He D, Wang P et al (2014) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Dependable Secure Comput 12(4):428–442

16.

Wang D, Wang N, Wang P et al (2015) Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity. Inf Sci 321:162–178MATH

17.

Chang CC, Lin IC (2004) Remarks on fingerprint-based remote user authentication scheme using smart cards. ACM SIGOPS Operat Syst Rev 38(4):91–96

18.

Lin CH, Yiyi Lai (2004) A flexible biometrics remote user authentication scheme. Comp Stand Interfaces 27(1):19–23

19.

Ku WC, Chang ST, Chiang MH (2005) Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards. Electron Lett 41(5):240–241

20.

Khan MK, Zhang J, Wang X (2008) Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos Solitons Fractals 35(3):519–524

21.

Fan CI, Yihui Lin (2009) Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE Trans Inf Forensics Secur 4(4):933–945

22.

Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Compur Appl 33(1):1–5

23.

Yipin Liao, S S Wang (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Comp Stand Interfaces 31(1):24–29

24.

Tsai JL (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Comp Secur 27(3–4):115–121

25.

Dodis Y, Reyzin L, Smith A, et al. (2004) Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In: Theory and Application of Cryptographic Techniques, pp 523-540

26.

Huang X, Xiang Y, Chonka A et al (2010) A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans Parall Distrib Syst 22(8):1390–1397

27.

Li X, Niu J, Wang Z et al (2014) Applying biometrics to design three-factor remote user authentication scheme with key agreement. Secur Commun Netw 7(10):1488–1497

28.

Li X, Niu J, Khan MK et al (2016) Robust three-factor remote user authentication scheme with key agreement for multimedia systems. Secur Commun Netw 9(13):1916–1927

29.

Mishra D, Kumari S, Khan MK et al (2017) An anonymous biometric-based remote user-authenticated key agreement scheme for multimedia systems. Int J Commun Syst 30(1):e2946

30.

He D, Wang D (2014) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823

31.

Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans Inf Forensics Securi 10(9):1953–1966

32.

Chen CL, Lee CC, Hsu CY (2012) Mobile device integration of a fingerprint biometric remote authentication scheme. Int J Commun Syst 25(5):585–597

33.

Truong T, Tran M T, Duong A, et al. (2012) Robust Mobile Device Integration of a Fingerprint Biometric Remote Authentication Scheme. In: Advanced Information Networking and Applications, pp 678-685

34.

Khan MK, Kumari S, Gupta MK (2014) More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816MathSciNet

35.

Yeh HL, Chen TH, Hu KJ et al (2013) Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data. IET Inf Secur 7(3):247–252

36.

Wu F, Xu L, Kumari S et al (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Comput Electr Eng 45:274–285

37.

Jiang Q, Khan MK, Lu X et al (2016) A privacy preserving three-factor authentication protocol for e-Health clouds. J Supercomput 72(10):3826–3849

38.

Burrows M, Martin Abadi, Needham RM (1989) A logic of authentication. Acm Trans Comp Syst 23(5):1–13MATH

39.

Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetMATH

40.

Wang Y (2012) Password protected smart card and memory stick authentication against off-line dictionary attacks//IFIP International Information Security Conference. Springer, Berlin, pp 489–500

41.

Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comp 51(5):541–552MathSciNetMATH

42.

Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual International Cryptology Conference. Springer, Berlin, Heidelberg, pp 388–397

43.

He D, Kumar N, Lee JH et al (2014) Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans Consum Electron 60(1):30–37

44.

He D, Wang D, Wu S (2013) Cryptanalysis and improvement of a password-based remote user authentication scheme without smart cards. Inf Technol Control 42(2):105–112

45.

Katz J, Menezes AJ, Van Oorschot PC et al (1996) Handbook of Applied Cryptography. CRC Press, Boca Raton

46.

He D, Wu S, Chen J (2012) Note on ’Design of improved password authentication and update scheme based on elliptic curve cryptography’. Math Comp Modell 3(55):1661–1664MathSciNetMATH

47.

Ostad-Sharif A, Abbasinezhad-Mood D, Nikooghadam M (2019) Efficient utilization of elliptic curve cryptography in design of a three-factor authentication protocol for satellite communications. Comp Commun 147:85–97

48.

Xu S, Liu X, Ma M et al (2020) An improved mutual authentication protocol based on perfect forward secrecy for satellite communications. Int J Sat Commun Netw 38(1):62–73

49.

Qi M, Chen J (2018) New robust biometrics-based mutual authentication scheme with key agreement using elliptic curve cryptography. Multimed Tools Appl 77(18):23335–23351

Titel: A secure three-factor-based authentication with key agreement protocol for e-Health clouds
verfasst von: Yulei Chen
Jianhua Chen
Publikationsdatum: 18.08.2020
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 4/2021
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-020-03395-8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 4/2021

Ultrasound image analysis technology under deep belief networks in evaluation on the effects of diagnosis and chemotherapy of cervical cancer

A novel enhanced region proposal network and modified loss function: threat object detection in secure screening using deep learning

Two-phase node deployment for target coverage in rechargeable WSNs using genetic algorithm and integer linear programming

Facilitating the learning process in parallel computing by using instant messaging

An efficient management scheme of blockchain-based cloud user information using probabilistic weighting

Suspicious activity detection using deep learning in secure assisted living IoT environments

Premium Partner