Skip to main content

Advertisement

SpringerLink
Log in

Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System

  • Patient Facing Systems
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

In order to access remote medical server, generally the patients utilize smart card to login to the server. It has been observed that most of the user (patient) authentication protocols suffer from smart card stolen attack that means the attacker can mount several common attacks after extracting smart card information. Recently, Lu et al.’s proposes a session key agreement protocol between the patient and remote medical server and claims that the same protocol is secure against relevant security attacks. However, this paper presents several security attacks on Lu et al.’s protocol such as identity trace attack, new smart card issue attack, patient impersonation attack and medical server impersonation attack. In order to fix the mentioned security pitfalls including smart card stolen attack, this paper proposes an efficient remote mutual authentication protocol using smart card. We have then simulated the proposed protocol using widely-accepted AVISPA simulation tool whose results make certain that the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. Moreover, the rigorous security analysis proves that the proposed protocol provides strong security protection on the relevant security attacks including smart card stolen attack. We compare the proposed scheme with several related schemes in terms of computation cost and communication cost as well as security functionalities. It has been observed that the proposed scheme is comparatively better than related existing schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Amin, R., and Biswas, G., Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arab. J. Sci. Eng.,1–15, 2015. doi:10.1007/s13369-015-1743-5.

  2. Amin, R., and Biswas, G., Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel. Pers. Commun., 1–24, 2015. doi:10.1007/s11277-015-2616-7.

  3. Amin, R., and Biswas, G., An improved rsa based user authentication and session key agreement protocol usable in tmis. J. Med. Syst. 39(8):79, 2015. doi:10.1007/s10916-015-0262-y.

  4. Amin, R., and Biswas, G., A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Networks (0)–(2015). doi:10.1016/j.adhoc.2015.05.020.

  5. Amin, R., and Biswas, G., A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8):78, 2015. doi:10.1007/s10916-015-0258-7.

  6. Amin, R., and Biswas, G.P., A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J. Med. Syst. 39(3):33, 2015. doi:10.1007/s10916-015-0217-3.

  7. Amin, R., and Biswas, G.P.: Remote access control mechanism using rabin public key cryptosystem. In: Information Systems Design and Intelligent Applications. Advances in Intelligent Systems and Computing, vol 339, pp. 525–533. Springer, India (2015), doi:10.1007/978-81-322-2250-7_52

  8. Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):136, 2014. doi:10.1007/s10916-014-0136-8.

    Article  PubMed  Google Scholar 

  9. Awasthi, A., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):9964, 2013. doi:10.1007/s10916-013-9964-1.

    Article  PubMed  Google Scholar 

  10. Chang, Y.F., Yu, S.H., Shiao, D.R., A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(2):9902, 2013. doi:10.1007/s10916-012-9902-7.

  11. Das, A.K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9948, 2013. doi:10.1007/s10916-013-9948-1.

    Article  PubMed  Google Scholar 

  12. Dolev, D., and Yao, A.C., On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198–208, 1983.

    Article  Google Scholar 

  13. Giri, D., Maitra, T., Amin, R., Srivastava, P., An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1):145, 2014. doi:10.1007/s10916-014-0145-7.

    Article  PubMed  Google Scholar 

  14. Guo, P., Wang, J., Li, B., Lee, S., A variable thresholdvalue authentication architecture for wireless mesh networks. J. Internet Technol. 15(6):929–936, 2014.

    Google Scholar 

  15. He, D., Jianhua, C., Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  16. He, D., and Khan, M.K., Cryptanalysis of a key agreement protocol based on chaotic hash. Int. J. Electron. Secur. Digit. Forensics 5(3-4):172–177, 2013. doi:10.1504/IJESDF.2013.058650.

    Article  Google Scholar 

  17. He, D., Khan, M.K., Kumar, N., A new handover authentication protocol based on bilinear pairing functions for wireless networks. Int. J. Ad Hoc Ubiquitous Comput. 18(1-2):67–74, 2015. doi:10.1504/IJAHUC.2015.067774.

    Article  Google Scholar 

  18. He, D., Kumar, N., Chilamkurti, N., Lee, J.H., Lightweight ecc based rfid authentication integrated with an id verifier transfer protocol. J. Med. Syst. 38(10):116, 2014. doi:10.1007/s10916-014-0116-z.

    Article  PubMed  Google Scholar 

  19. He, D., Kumar, N., Khan, M., Lee, J.H., Anonymous two-factor authentication for consumer roaming service in global mobility networks. IEEE Trans. Consum. Electron. 59(4):811–817, 2013. doi:10.1109/TCE.2013.6689693.

    Article  Google Scholar 

  20. Huang, B., Khan, M., Wu, L., Muhaya, F., He, D., An efficient remote user authentication with key agreement scheme using elliptic curve cryptography. Wirel. Pers. Commun., 1–16, 2015. doi:10.1007/s11277-015-2735-1.

  21. Islam, S.H., Design and analysis of an improved smartcard based remote user password authentication scheme. Int. J. Commun. Syst., 2014. doi:10.1002/dac.2793.

  22. Islam, S.H., rovably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps. Nonlinear Dyn. 78(3):2261–2276, 2014. doi:10.1007/s11071-014-1584-x.

    Article  Google Scholar 

  23. Islam, S.H., A provably secure id-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wirel. Pers. Commun. 79(3):1975–1991, 2014. doi:10.1007/s11277-014-1968-8.

    Article  Google Scholar 

  24. Islam, S.H., Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inform. Sci. 312(0):104–130, 2015. doi:10.1016/j.ins.2015.03.050.

    Article  Google Scholar 

  25. Islam, S.H., and Biswas Gosta Pada, C.K.K.R., Cryptanalysis of an improved smartcard-based remote password authentication scheme. Inform. Sci. Lett. 3(1):35–40, 2014.

    Article  Google Scholar 

  26. Islam, S.H., and Biswas, G.P., A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.

    Article  Google Scholar 

  27. Islam, S.H., and Biswas, G.P., An improved id-based client authentication with key agreement scheme on ecc for mobile client-server environments. Theor. Appl.Inform. 24(4):293–312, 2012.

    Article  Google Scholar 

  28. Islam, S.H., and Biswas, G.P., Design of improved password authentication and update scheme based on elliptic curve cryptography. Information System Security and Performance Modeling and Simulation for Future Mobile Networks. Math. Comput. Model. 57(1112):2703–2717, 2013. doi:10.1016/j.mcm.2011.07.001.

    Article  Google Scholar 

  29. Islam, S.H., and Biswas, G.P., An efficient and secure strong designated verifier signature scheme without bilinear pairings. J. Appl. Math.Inform. 31(3-4):425–441, 2013.

    Article  Google Scholar 

  30. Islam, S.H., and Biswas, G.P., Dynamic id-based remote user mutual authentication scheme with smartcard using elliptic curve cryptography. J. Electron.(China) 31(5):473–488, 2014. doi:10.1007/s11767-014-4002-0.

    Article  Google Scholar 

  31. Islam, S.H., and Biswas, G.P., A provably secure identity-based strong designated verifier proxy signature scheme from bilinear pairings. J. King Saud Univer. Comput. Inform. Sci. 26(1):55–67, 2014. doi:10.1016/j.jksuci.2013.03.004.

    Google Scholar 

  32. Islam, S.H., and Biswas, G.P., Cryptanalysis and improvement of a password-based user authentication scheme for the integrated EPR information system. J. King Saud Univer. Comput. Inform. Sci. 27(2):211–221, 2015. doi:10.1016/j.jksuci.2014.03.018.

    Google Scholar 

  33. Islam, S.H., and Khan, M.K., Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10):135, 2014. doi:10.1007/s10916-014-0135-9.

    Article  PubMed  Google Scholar 

  34. Islam, S.H., Khan, M.K., Obaidat, M.S., Muhaya, F.T.B., Provably secure and anonymous password authentication protocol for roaming service in global mobility networks using extended chaotic maps. Wirel. Pers. Commun.,1–22, 2015. doi:10.1007/s11277-015-2542-8.

  35. Jiang, Q., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):9897, 2013. doi:10.1007/s10916-012-9897-0.

  36. Jina, A.T.B., Ling, D.N.C., Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.

    Article  Google Scholar 

  37. Khan, M., and He, D.: Weaknesses of a security analysis and enhancement for three-party password-based authenticated key exchange protocol. In: Xiang, Y., Pathan, M., Tao, X., Wang, H. (Eds.) Data and Knowledge Engineering, Lecture Notes in Computer Science, vol 7696, pp. 243–249. Springer, Berlin (2012)

  38. Khan, M., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):9954, 2013. doi:10.1007/s10916-013-9954-3.

    Article  PubMed  Google Scholar 

  39. Khan, M.K., Chaturvedi, A., Mishra, D., Kumari, S., On the security enhancement of integrated electronic patient records information systems. Comput. Sci. Inform. Syst. 12(2):857872, 2015.

    Google Scholar 

  40. Khan, M.K., and He, D., A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography. Sec. Commun. Netw. 5(11):1260–1266, 2012. doi:10.1002/sec.573.

    Google Scholar 

  41. Khan, M.K., and Kumari, S., Cryptanalysis and improvement of an efficient and secure dynamic id-based authentication scheme for telecare medical information systems. Sec. Commun. Netw. 7(2):399–408, 2014. doi:10.1002/sec.791.

    Article  Google Scholar 

  42. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology CRYPTO 99, Lecture Notes in Computer Science, vol 1666, pp. 388–397 (1999)

  43. Kumari, S., and Khan, M.K., More secure smart card based remote user password authentication scheme with user anonymity. Sec.Commun. Netw. 7:2039–2053, 2013. doi:10.1002/sec.916.

    Article  Google Scholar 

  44. Kumari, S., and Khan, M.K., Cryptanalysis and improvement of ’a robust smart-card-based remote user password authentication scheme. Int. J. Commun. Syst. 27 :3939–3955, 2014. doi:10.1002/dac.2590..

    Article  Google Scholar 

  45. Kumari, S., Khan, M.K., Li, X., An improved remote user authentication scheme with key agreement. Comput. Electr. Eng. 40(6):1997–2012, 2014. doi:10.1016/j.compeleceng.2014.05.007.

    Article  Google Scholar 

  46. Kumari, S., Khan, M.K., Li, X., Wu, F., Design of a user anonymous password authentication scheme without smart card. Int. J. Commun. Syst. 27(10):609–618, 2014. 10.1002/dac.2853.

    Google Scholar 

  47. Lee, T.F., and Liu, C.M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3):9933, 2013. doi:10.1007/s10916-013-9933-8.

    Article  PubMed  Google Scholar 

  48. Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.

    Article  CAS  Google Scholar 

  49. Lu, Y., Li, L., Peng, H., Yang, Y., An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J. Med. Syst. 39(3):32, 2015. doi:10.1007/s10916-015-0221-7.

    Article  PubMed Central  PubMed  Google Scholar 

  50. Lumini, A., and Nanni, L., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 40(3):1057–1065, 2007.

    Article  Google Scholar 

  51. Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput 51(5):541–552, 2002.

    Article  Google Scholar 

  52. Mishra, D., On the security flaws in id-based password authentication schemes for telecare medical information systems. J. Med. Syst. 39(1):154, 2014. doi:10.1007/s10916-014-0154-6.

    Article  PubMed  Google Scholar 

  53. Mishra, D., Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems. J. Med. Syst. 39(3):19, 2015. doi:10.1007/s10916-015-0193-7.

    Article  PubMed  Google Scholar 

  54. Mishra, D., Chaturvedi, A., Mukhopadhyay, S., An improved biometric-based remote user authentication scheme for connected healthcare. Int. J. Ad Hoc Ubiquitous Comput. 18 (1/2): 75–84, 2015. doi:10.1504/IJAHUC.2015.067794.

    Article  Google Scholar 

  55. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M.K., Cryptanalysis and improvement of yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):24, 2014. doi:10.1007/s10916-014-0024-2.

    Article  PubMed  Google Scholar 

  56. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M., Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5):41, 2014 . doi:10.1007/s10916-014-0041-1.

    Article  PubMed  Google Scholar 

  57. Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10): 120, 2014. doi:10.1007/s10916-014-0120-3.

    Article  PubMed  Google Scholar 

  58. Qu, J., and Tan, X.L., Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem. J. Electr. Comput. Eng., 2014. doi:10.1155/2014/423930.

    Google Scholar 

  59. Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3):16, 2014. doi:10.1007/s10916-014-0016-2.

    Article  PubMed  Google Scholar 

  60. Tool, A.W.: http://www.avispa-project.org/web-interface/ (2015)

  61. Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  PubMed  Google Scholar 

  62. Wen, F., and Guo, D., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(5):26, 2014. doi:10.1007/s10916-014-0026-0.

    Article  PubMed  Google Scholar 

  63. Wu, F., and Xu, L., Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst 37(4):1–9, 2012. doi:10.1007/s10916-013-9958-z.

    Google Scholar 

  64. Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  PubMed  Google Scholar 

  65. Xia, Z., Wang, X., Sun, X., Wang, Q., A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. PP(99):1–1, 2015. doi:10.1109/TPDS.2015.2401003.

    Google Scholar 

  66. Xu, L., and Wu, F., Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J. Med. Syst. 39(2):10, 2015. doi:10.1007/s10916-014-0179-x.

    Article  PubMed  Google Scholar 

  67. Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., He, L., A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(1):9994, 2013. doi:10.1007/s10916-013-9994-8.

    Article  PubMed  Google Scholar 

  68. Yang, J.H., and Chang, C.C., An id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Comput. Secur. 28(34):138–143, 2009. doi:10.1016/j.cose.2008.11.008.

    Article  Google Scholar 

  69. Yongjun Ren Jian Shen, J.W.J.H.S.L., Mutual verifiable provable data auditing in public cloud storage. J. Internet Technol. 16(2):317–323, 2014.

    Google Scholar 

  70. Zhang, L., and Zhu, S., Robust ecc-based authenticated key agreement scheme with privacy protection for telecare medicine information systems. J. Med. Syst. 39(5):49, 2015. doi:10.1007/s10916-015-0233-3.

    Article  PubMed  Google Scholar 

  71. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012. doi:10.1007/s10916-012-9856-9.

    Article  PubMed  Google Scholar 

Download references

Acknowledgments

The second author is supported by the Outstanding Potential for Excellence in Research and Academics (OPERA) award, Birla Institute of Technology and Science (BITS) Pilani, Pilani Campus, Rajasthan, India. The authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16).

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian School of Mines, Dhanbad-826004, Jharkhand, India

    Ruhul Amin & G. P. Biswas

  2. Department of Computer Science and Information Systems, Birla Institute of Technology and Science, Pilani Campus, Rajasthan, 333031, India

    SK Hafizul Islam

  3. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

  4. Department of Computer and Information Science, Fordham University, 441 East Fordham Road, JMH 340, Bronx, NY, 10458, USA

    Mohammad S. Obaidat

Authors
  1. Ruhul Amin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. SK Hafizul Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. G. P. Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohammad S. Obaidat
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to SK Hafizul Islam.

Additional information

Conflict of interests

The authors of this paper declare that the do not have any conflict of interest.

This article is part of the Topical Collection on Patient Facing Systems

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Amin, R., Islam, S.H., Biswas, G.P. et al. Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System. J Med Syst 39, 137 (2015). https://doi.org/10.1007/s10916-015-0307-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0307-2

Keywords

Search

Navigation