A Secure User Anonymity-Preserving Three-Factor Remote User Authentication Scheme for the Telecare Medicine Information Systems
详细信息 查看全文
- 作者:Ashok Kumar Das
- 关键词:Telecare medicine information systems ; Fuzzy extractor ; Biometrics ; Password ; User anonymity ; AVISPA ; Security
- 刊名:Journal of Medical Systems
- 出版年:2015
- 出版时间:March 2015
- 年:2015
- 卷:39
- 期:3
- 全文大小:1,778 KB
- 参考文献:1. An, Y., Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards. / J. Biomed. Biotechnol. 2012:1-, 2012. Article ID 519723. CrossRef
2. Arshad, H., and Nikooghadam, M., Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Systems Information. / J. Med. Syst. 38(6):1-2, 2014.
3. AVISPA: Automated Validation of Internet Security Protocols and Applications. Accessed on January 2013. http://www.avispa-project.org/
4. AVISPA: AVISPA Web Tool. Accessed on April 2014. http://www.avispa-project.org/web-interface/expert.php/
5. Awasthi, A.K., and Srivastava, K., A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce. / J. Med. Syst. 37(5):1-, 2013. CrossRef
6. Basin, D., Modersheim, S., Vigano, L., OFMC: A symbolic model checker for security protocols. / Int. J. Inf. Secur. 4(3):181-08, 2005. CrossRef
7. Burnett, A., Byrne, F., Dowling, T., Duffy, A., A Biometric Identity Based Signature Scheme. / Int. J. Netw. Secur. 5(3):317-26, 2007.
8. Chatterjee, S., and Das, A.K., An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks. / Security and Communication Networks, 2014. doi:10.1002/sec.1140 .
9. Chatterjee, S., Das, A.K., Sing, J.K., An Enhanced Access Control Scheme in Wireless Sensor Networks. / Ad Hoc & Sensor Wireless Networks 21(1-):121-49, 2014.
10. Chen, B.-L., Kuo, W.-C., Wuu, L.-C., Robust smart-card-based remote user password authentication scheme. / Int. J. Commun. Syst. 27(2):377-89, 2014. CrossRef
11. Chuang, Y.-H., and Tseng, Y.-M., An efficient dynamic group key agreement protocol for imbalanced wireless networks. / Int. J. Netw. Manag. 20(4):167-80, 2010.
12. Das, A.K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. / IET Inf. Secur. 5(3):145-51, 2011. CrossRef
13. Das, A.K., A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. / Netw. Sci. 2(1-):12-7, 2013. CrossRef
14. Das, A.K., Chatterjee, S., Sing, J.K., A novel efficient access control scheme for large-scale distributed wireless sensor networks. / Int. J. Found. Comput. Sci. 24(5):625-53, 2013. CrossRef
15. Das, A.K., and Goswami, A., A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care. / J. Med. Syst. 37(3):1-6, 2013. CrossRef
16. Das, A.K., and Goswami, A.: A robust anonymous biometric-based remote user authentication scheme using smart cards. Journal of King Saud University - Computer and Information Sciences (Elsevier). In Press (2014)
17. Das, A.K., Massand, A., Patil, S., A novel proxy signature scheme based on user hierarchical access control policy. / Journal of King Saud University - Comput. Inform. Sci. 25(2):219-28, 2013. CrossRef
18. Das, A.K., Paul, N.R., Tripathy, L., Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem . / Inf. Sci. 209(C):80-2, 2012. CrossRef
19. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Proceedings of the Advances in Cryptology (Eurocrypt-4), LNCS, Vol. 3027, pp. 523-40 (2004)
20. Dolev, D., and Yao, A., On the security of public key protocols. / IEEE Trans. Inf. Theory 29(2):198-08, 1983.
文摘
Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan’s scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan’s scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan’s scheme and then presented an improvement on Tan’s s scheme. However, we show that Arshad and Nikooghadam’s scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan’s scheme, and Arshad and Nikooghadam’s scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.