A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS
详细信息 查看全文
- 作者:Ashok Kumar Das ; Vanga Odelu ; Adrijit Goswami
- 关键词:Telecare medicine information systems ; Authentication ; Key agreement ; Multi ; medical servers ; Fuzzy extractor ; Biometrics ; User anonymity ; AVISPA
- 刊名:Journal of Medical Systems
- 出版年:2015
- 出版时间:September 2015
- 年:2015
- 卷:39
- 期:9
- 全文大小:2,134 KB
- 参考文献:1.Amin, R., and Biswas, G.P., A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS. J. Med. Syst. 39(3):1-7, 2015.View Article
2.AVISPA: Automated Validation of Internet Security Protocols and Applications. http://?www.?avispa-project.?org/-/span> . Accessed on January 2013
3.AVISPA: AVISPA Web Tool. http://?www.?avispa-project.?org/?web-interface/?expert.?php/-/span> . Accessed on March 2015
4.Basin, D., Modersheim, S., OFMC, L.V., A symbolic model checker for security protocols. Int. J. Inf. Secur. 4(3):181-08, 2005.View Article
5.Burnett, A., Byrne, F., Dowling, T., Duffy, A., A Biometric Identity Based Signature Scheme. Int. J. Netw. Secur. 5(3):317-26, 2007.
6.Burrows, M., Abadi, M., Needham, R., A logic of authentication. ACM Trans. Comput. Syst. 8(1):18-6, 1990.View Article
7.Chatterjee, S., and Das, A.K., An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks. Secur. Commun. Netw. 8(9):1752-771, 2015.View Article
8.Chatterjee, S., Das, A.K., Sing, J.K., A novel and efficient user access control scheme for wireless body area sensor networks. J. King Saud Univ.-Comput. Inf. Sci. 26(2):181-01, 2014.
9.Chuang, M.-C., and Chen, M.C., An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst. Appl. 41(4):1411-418, 2014.View Article
10.Chuang, Y.-H, and Tseng, Y.-M., An efficient dynamic group key agreement protocol for imbalanced wireless networks. Int. J. Netw. Manag. 20(4):167-80, 2010.
11.Das, A.K, Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145-51, 2011.View Article
12.Das, A.K., A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw. Appl.,1-2, 2014. doi:10.-007/?s12083-014-0324-9 .
13.Das, A.K., A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. Wirel. Pers. Commun.,1-8, 2015. doi:10.-007/?s11277-015-2288-3 .
14.Das, A.K., A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems. J. Med. Syst. 39(3):1-0, 2015.
15.Das, A.K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1-6, 2013.View Article
16.Das, A.K., Paul, N.R., Tripathy, L., Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf. Sci. 209(C):80-2, 2012.View Article
17.Das, A.K., Sharma, P., Chatterjee, S., Sing, J.K., A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. J. Netw. Comput. Appl. 35(5):1646-656, 2012.View Article
18.Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Proceedings of the Advances in Cryptology (Eurocrypt-4), Vol. 3027, pp. 523-40. LNCS (2004)
19.Dolev, D., and Yao, A., On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198-08, 1983.View Article
20.Guo, P., Wang, J., Geng, X.H., Kim, C.S., Kim, J.-U., A variable threshold-value authentication architecture for wireless mesh networks. J. Internet Technol. 15(6):929-36, 2014.
21.He, D., Kumar, N., Chen, J., Lee, C.-C., Chilamkurti, N., Yeo, S.-S., Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimed. Syst. 21(1): 49-0, 2015.View Article
22.He, D., Kumar, N., Chilamkurti, N., A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks: Information Sciences, 2015. doi:10.-016/?j.?ins.-015.-2.-10 .
23.He, D., Kumar, N., Chilamkurti, N., Lee, J.-H., Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J. Med. Syst. 38(10), 2014.
24.He, D., Kumar, N., Lee, J.-H., Sherratt, R.S., Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans. Consum. Electron. 60(1):30-7, 2014.View Article
25.He, D., and Zeadally, S., Authentication protocol for an ambient assisted living system. IEEE Commun. Mag. 53(1):71-7, 2015.View Article
26.Islam, S. K. H., and Khan, M.K., Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems. J. Med. Syst. 38(10):135, 2014.View Article PubMed
27.Jina, A.T.B., Linga, D.N.C., Biohashing, A. G., Two factor authentication featuring fingerprint data and tokenized random number. Pattern Recogn. 37(11):2245-255, 2004.View Article
28.Khan, M.K., and Kumari, S., An authentication sc - 作者单位:Ashok Kumar Das (1)
Vanga Odelu (2)
Adrijit Goswami (2)
1. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India
2. Department of Mathematics, Indian Institute of Technology, Kharagpur, 721 302, India - 刊物类别:Mathematics and Statistics
- 刊物主题:Statistics
Statistics for Life Sciences, Medicine and Health Sciences
Health Informatics and Administration - 出版者:Springer Netherlands
- ISSN:1573-689X
文摘
The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas’s scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to other related schemes. As a result, our scheme is very appropriate for practical applications in TMIS.