Abstract
Telecare medicine information system (TMIS) has provided an efficient and convenient way for communications of patients at home and medical staffs at clinical centers. To make these communications secure, user authentication by medical servers is considered as a crucial requirement. For this purpose, many user authentication and key agreement protocols have been put forwrad in order to fulfil this vital necessity. Recently, Arshad and Rasoolzadegan have revealed that not only the authentication and key agreement protocols suggested by Amin and Biswas and Giri et al. are defenseless against the replay attack and do not support the perfect forward secrecy, but also Amin and Biswas’s protocol is susceptible to the offline password guessing attack. Nonetheless, in this paper, we demonstrate that Arshad and Rasoolzadegan’s and the other existing schemes still fail to resist a well-known attack. Therefore, to cover this security gap, a new user authentication and session key agreement protocol is recommended that can be employed effectively for offering secure communication channels in TMIS. Our comparative security and performance analyses reveal that the proposed scheme can both solve the existing security drawback and, same as Arshad and Rasoolzadegan’s scheme, has low communication and computational overheads.
Similar content being viewed by others
References
Chaudhry, S. A., Mahmood, K., Naqvi, H., and Khan, M. K., An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. J. Med. Syst. 39(11):175, 2015.
Jindal, A., Dua, A., Kumar, N., Das, A. K., Vasilakos, A. V., and Rodrigues, J. J., Providing Healthcare-as-a-Service Using Fuzzy Rule Based Big Data Analytics in Cloud Computing. IEEE Journal of Biomedical and Health Informatics 22(5):1605–1618, 2018.
Lee, T. F., Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems. Comput. Methods Prog. Biomed. 117(3):464–472, 2014.
Chaudhry, S. A., Naqvi, H., and Khan, M. K., An enhanced lightweight anonymous biometric based authentication scheme for TMIS. Multimedia Tools and Applications 77(5):5503–5524, 2018.
Amin, R., and Biswas, G. P., A novel user authentication and key agreement for accessing multi-medical server usable in TMIS. J. Med. Syst. 39(3):33, 2015.
Zhang, K., Yang, K., Liang, X., Su, Z., Shen, X., and Luo, H. H., Security and privacy for mobile healthcare networks. IEEE Wirel. Commun. 22(4):104–112, 2015.
Li, C. T., Shih, D. H., and Wang, C. C., Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems. Comput. Methods Prog. Biomed. 157:191–203, 2018.
Irshad, A., Sher, M., Nawaz, O., Chaudhry, S. A., Khan, I., and Kumari, S., A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme. Multimedia Tools and Applications 76(15):16463–16489, 2017.
Sutrala, A. K., Das, A. K., Odelu, V., Wazid, M., and Kumari, S., Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Comput. Methods Prog. Biomed. 135:167–185, 2016.
Wazid, M., Zeadally, S., Das, A. K., and Odelu, V., Analysis of security protocols for mobile healthcare. J. Med. Syst. 40(11):229, 2016.
Wu, F., Xu, L., Kumari, S., Li, X., Das, A. K., and Shen, J., A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications. J. Ambient. Intell. Humaniz. Comput. 9(4):919–930, 2018.
Chaudhary, R., Jindal, A., Aujla, G. S., Kumar, N., Das, A. K., and Saxena, N., LSCSH: Lattice-Based Secure Cryptosystem for Smart Healthcare in Smart Cities Environment. IEEE Commun. Mag. 56(4):24–32, 2018.
J. Srinivas, A. K. Das, N. Kumar and J. Rodrigues, Cloud centric authentication for wearable healthcare monitoring system. IEEE Transactions on Dependable and Secure Computing, 2018.
S. Roy, A. K. Das, S. Chatterjee, N. Kumar, S. Chattopadhyay and J. J. Rodrigues, Provably secure fine-grained data access control over multiple cloud servers in mobile cloud computing based healthcare applications. IEEE Transactions on Industrial Informatics, 2018.
Chaudhry, S. A., Khan, M. T., Khan, M. K., and Shon, T., A multiserver biometric authentication scheme for TMIS using elliptic curve cryptography. J. Med. Syst. 40(11):230, 2016.
Arshad, H., and Rasoolzadegan, A., Design of a secure authentication and key agreement scheme preserving user privacy usable in telecare midicine information systems. J. Med. Syst. 40(11):237, 2016.
Giri, D., Maitra, T., Amin, R., and Srivastava, P. D., An efficient and robust RSA-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1):145, 2015.
Amin, R., and Biswas, G. P., An improved RSA based user authentication and session key agreement protocol usable in TMIS. J. Med. Syst. 39(8):79, 2015.
R. Canetti and H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels. Advances in Cryptology, pp. 453–474, 2001.
Hwang, M. S., and Li, L. H., A new remote user authentication scheme user smart cards. IEEE Transactions on Consumers Electronics 46(1):28–30, 2000.
Sun, H. M., An efficient user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(4):958–961, 2000.
Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3):200–204, 2013.
Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):136, 2014.
Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3):16, 2014.
Das, A. K., and Goswami, A., An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function. J. Med. Syst. 38(6):27, 2014.
Awasthi, A. K., and Sirvastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):9964, 2013.
Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., and Khan, M. K., Cryptoanalysis and improvment of Yen et al.;s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):24, 2014.
Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):9954, 2013.
Chaudhry, S. A., Naqvi, H., Shon, T., Sher, M., and Farash, M. S., Cryptoanalysis and improvment of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6):66, 2015.
Islam, S. H., and Khan, M. K., Cryptoanalysis and improvment of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10):135, 2014.
Arshad, H., Teymoori, V., Nikooghadam, M., and Abbassi, H., On the security of a two-factor authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 39(8):76, 2015.
Bin Muhaya, F. T., Cryptoanalysis and security enhancement of Zhau's authentication scheme for telecare midicine information systems. Security and Communication Networks 8(2):149–158, 2015.
Amin, R., and Biswas, G. P., A secure three-factor user authentication and key agreement protocol for TMIS with user anonymity. J. Med. Syst. 39(8):78, 2015.
Xu, X., Jin, Z. P., Zhang, H., and Zhu, P., A dynamic ID-based authentication scheme based on ECC for telecare medicine information systems. Appl. Mech. Mater. 457:861–866, 2014.
Tseng, C. H., Wang, S. H., and Tsaur, W. J., Hierarchical and dynamic elliptic curve cryptosystem based self-certified public key scheme for medical data protection. IEEE Trans. Reliab. 64(3):1078–1085, 2015.
Amin, R., Islam, S. H., Biswas, G., Khan, M. K., and Kumar, N., An efficient and practical smart card based anonymity preserving user authentication scheme for tmis using elliptic curve. J. Med. Syst. 39(11):1–18, 2015.
Zhang, L., Zhu, S., and Tang, S., Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE Journal of Biomedical and health informatics 21(2):465–475, 2017.
Jiang, Q., Chen, Z., Li, B., Shen, J., Yang, L., and Ma, J., Security analysis and improvment of bio-hashing based three-factor authentication scheme for telecare medical information systems. J. Ambient. Intell. Humaniz. Comput.:1–13, 2017.
Lu, Y., Li, L., Peng, H., and Yang, Y., An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J. Med. Syst. 39(3):32, 2015.
Qiu, S., Xu, G., Ahmad, H., and Wang, L., A robust mutual authentication scheme based on elliptic curve cryptography for telecare medical information systems. IEEE Access 6:7452–7463, 2018.
Li, C. T., Shih, D. H., and Wang, C. C., Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems. Comput. Methods Prog. Biomed. 157:191–203, 2018.
Mohit, P., Amin, R., Karati, A., Biswas, G. P., and Khan, M. K., A standard mutual authentication protocol for cloud computing based health care system. J. Med. Syst. 41(4):50, 2017.
Yau, W. C., and Phan, R. C. W., Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(6):9993, 2013.
Das, A. K., A secure and effective user authentication and privacy preserving protocol with smart. Netw. Sci., 2012.
S. H. Islam and G. P. Biswas, A provably secure identity-based strong designated verifier proxy. Journal of King Saud University-Computer and Information Sciences, 2013.
AVISPA, Automated validation of internet security protocols and applications. 2014. [Online]. Available: http://www.avispa-project.org/.
X. Xu, P. Zhu, Q. Wen, Z. Jin, H. Zhang and L. He, A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. Journal of Medical systems, 38, 2014.
He, D., Kumar, N., Khan, M., and Lee, J. H., Anonymous two-factor authentication for consumer roaming service in global mobility networks. IEEE Trans. Consum. Electron. 59(4):811–817, 2013.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
A. Ostad-Sharif, D. Abbasinezhad-Mood, and M. Nikooghadam declare that they have no conflict of interest.
Human and animal rights
This article does not contain any studies with human or animal participants performed by any of the authors. Further, this research has been done without any grant.
Additional information
This article is part of the Topical Collection on Mobile & Wireless Health
Rights and permissions
About this article
Cite this article
Ostad-Sharif, A., Abbasinezhad-Mood, D. & Nikooghadam, M. A Robust and Efficient ECC-based Mutual Authentication and Session Key Generation Scheme for Healthcare Applications. J Med Syst 43, 10 (2019). https://doi.org/10.1007/s10916-018-1120-5
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-018-1120-5