An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography

Journal of Medical Systems

Volumn 39, Issue 11, 2015, Pages

  Chaudhry, Shehzad Ashraf ^a   Mahmood, Khalid ^a   Naqvi, Husnain ^a   Khan, Muhammad Khurram ^b  

^a INTERNATIONAL ISLAMIC UNIVERSITY   (Pakistan)

^b KING SAUD UNIVERSITY   (Saudi Arabia)

Author keywords

Anonymity; BioHashing; Elliptic curve cryptography; Impersonation attack; Privacy; ProVerif; Three factor authentication; TMIS

Indexed keywords

ARTICLE; BIOMETRIC AUTHENTICATION; BIOMETRY; ELLIPTIC CURVE CRYPTOGRAPHY; HUMAN; IDENTITY; INFORMATION PROCESSING; MEDICAL INFORMATION SYSTEM; PATIENT IDENTIFICATION; POWER ANALYSIS; REGISTRATION; SMART CARD; TELECARE MEDICINE INFORMATION SYSTEM; TELEMEDICINE; ALGORITHM; COMPUTER SECURITY; CONFIDENTIALITY; DEVICES; WIRELESS COMMUNICATION;

ALGORITHMS; BIOMETRIC IDENTIFICATION; COMPUTER SECURITY; CONFIDENTIALITY; HUMANS; TELEMEDICINE; WIRELESS TECHNOLOGY;

EID: 84942767120     PISSN: 01485598     EISSN: 1573689X     Source Type: Journal    
DOI: 10.1007/s10916-015-0335-y     Document Type: Article

References (57)

1. Jiang, Q., Ma, J., Ma, Z., and Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1), 2013. doi:10.1007/s10916-012-9897-0.
2. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012. doi:10.1007/s10916-012-9835-1.
3. Wu, S., and Chen, K., An efficient key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 36(4):2325–2337, 2012.
4. Irshad, A., Sher, M., Rehman, E., Ch, S. A., Hassan, M. U., and Ghani, A., A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications 74(11): 3967–3984, 2015. doi:10.1007/s11042-013-1807-z.
5. Mehmood, Z., uddin, N., Ch, S. A., Nasar, W., and Ghani, A., An efficient key agreement with rekeying for secured body sensor networks. In: Digital Information Processing and Communications (ICDIPC), 2012 Second International Conference on, IEEE, pp. 164–167, 2012.
6. Liao, Y.-P., and Wang, S.-S., A new secure password authenticated key agreement scheme for sip using self-certified public keys on elliptic curves. Comput. Commun. 33(3):372–380, 2010.
7. Chaudhry, S. A., Comment on ‘robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications’. IET Commun 9(1):1034–1034, 2015.
8. Ul Amin, N., Asad, M., Din, N., and Ch, S. A., An authenticated key agreement with rekeying for secured body sensor networks based on hybrid cryptosystem. In: Networking, Sensing and Control (ICNSC), 2012 9th IEEE International Conference on, IEEE, pp. 118–121, 2012.
9. Debiao, H., Jianhua, C., and Jin, H., An id-based client authentication with key agreement protocol for mobile client–server environment on ecc with provable security. Information Fusion 13(3):223–230, 2012.
10. Islam, S., and Biswas, G., A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.
11. Islam, S., and Khan, M., Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10), 2014. doi:10.1007/s10916-014-0135-9.
12. Farash, M. S., Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Networking and Applications,1–10, 2014. doi:10.1007/s12083-014-0315-x.
13. Farash, M. S., and Attari, M. A., A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J. Supercomput. 69(1):395–411, 2014.
14. Giri, D., Maitra, T., Amin, R., and Srivastava, P., An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1), 2015. doi:10.1007/s10916-014-0145-7.
15. Farash, M. S., and Attari, M. A., An enhanced and secure three-party password-based authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. Information Technology And Control 43 (2):143–150, 2014.
16. Farash, M. S., An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int. J. Commun. Syst., 2014. doi:10.1002/dac.2879.
17. Farash, M. S., and Attari, M. A., An efficient and provably secure three-party password-based authenticated key exchange protocol based on chebyshev chaotic maps. Nonlinear Dyn. 77(1-2):399–411, 2014.
18. Irshad, A., Sher, M., Faisal, M. S., Ghani, A., Ul Hassan, M., and Ch, S. A., A secure authentication scheme for session initiation protocol by using ecc on the basis of the tang and liu scheme. Secur. Commun. Netw. 7(8):1210–1218, 2014. doi:10.1002/sec.834.
19. Farash, M. S., Chaudhry, S. A., Heydari, M., Sajad Sadough, S. M., Kumari, S., and Khan, M. K., A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int. J. Commun. Syst., 2015. doi:10.1002/dac.3019.
20. Ch, S. A., Uddin, N., Sher, M., Ghani, A., Naqvi, H., and Irshad, A., An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimedia Tools and Applications 74(5):1711–1723, 2015. doi:10.1007/s11042-014-2283-9.
21. Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012. doi:10.1007/s10916-010-9614-9.
22. Debiao, H., Jianhua, C., and Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012. doi:10.1007/s10916-011-9658-5.
23. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012. doi:10.1007/s10916-012-9856-9.
24. Wen, F., and Guo, D., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 36(5):1–11, 2015. doi:10.1007/s10916-015-0244-0.
25. Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., and He, L., A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(1):1–7, 2013.
26. Chaudhry, S. A., Naqvi, H., Shon, T., Sher, M., and Farash, M. S., Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J. Med. Syst. 39(6).
27. Kumari, S., Khan, M. K., and Kumar, R., Cryptanalysis and improvement of a privacy enhanced scheme for telecare medical information systems. J. Med. Syst. 37(4), 2013. doi:10.1007/s10916-013-9952-5.
28. Khan, M. K., and Kumari, S., Cryptanalysis and improvement of an efficient and secure dynamic id-based authentication scheme for telecare medical information systems. Secur. Commun. Netw. 7(2):399–408, 2014. doi:10.1002/sec.791.
29. Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
30. Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. In: Advances in Cryptology CRYPTO 99, Springer, pp. 388–397 (1999)
31. Li, C.-T., and Hwang, M.-S., An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.
32. He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 4(1):253–264, 2014.
33. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., and Khan, M. K., Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38 (6):1–12, 2014.
34. Li, X., Wen, Q., Li, W., Zhang, H., and Jin, Z., Secure privacy-preserving biometric authentication scheme for telecare medicine information systems. J. Med. Syst. 38(11):1–8, 2014.
35. Khan, M. K., Fingerprint biometric-based self-authentication and deniable authentication schemes for the electronic world. IETE Tech. Rev. 26(3):191–195, 2009.
36. Khan, M. K., and Zhang, J., An efficient and practical fingerprint-based remote user authentication scheme with smart cards. In: Information Security Practice and Experience, Springer, pp. 260–268 (2006)
37. Amin, R., and Biswas, G., A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8):1–19, 2015.
38. Amin, R., and Biswas, G., An improved RSA based user authentication and session key agreement protocol usable in TMIS. J. Med. Syst. 39(8):1–14, 2015.
39. Amin, R., and Biswas, G., A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS. J. Med. Syst. 39(3):1–17, 2015.
40. Awasthi, A. K., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):1–4, 2013.
41. Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3):1–9, 2014.
42. Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):1–12, 2014.
43. Lu, Y., Li, L., Peng, H., and Yang, Y., An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J. Med. Syst. 39(3):1–8, 2015.
44. Jin, A. T. B., Ling, D. N. C., and Goh, A., Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.
45. Lumini, A., and Nanni, L., An improved biohashing for human authentication. Pattern Recogn. 40(3): 1057–1065, 2007.
46. Leng, L., Teoh, A. B. J., Li, M., and Khan, M. K., A remote cancelable palmprint authentication protocol based on multi-directional two-dimensional palmphasor-fusion. Secur. Commun. Netw. 7(11):1860–1871, 2014.
47. Leng, L., and Teoh, A. B. J., Alignment-free row-co-occurrence cancelable palmprint fuzzy vault. Pattern Recogn. 48(7):2290–2303, 2015.
48. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., and Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5):1–11, 2014.
49. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., and Shalmani, M., On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Wagner, D. (Ed.) Advances in Cryptology, CRYPTO 2008, Vol. 5157 of Lecture Notes in Computer Science, pp. 203–220. Berlin Heidelberg: Springer, 2008. doi:10.1007/978-3-540-85174-5_12
50. Chaudhry, S. A., Naqvi, H., Sher, M., Farash, M. S., and ul Hassan, M., An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Networking and Applications, 2015. doi:10.1007/s12083-015-0400-9.
51. Kumari, S., Chaudhry, S. A., Wu, F., Li, X., Farash, M. S., and Khan, M. K., An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Networking and Applications, 2015. doi:10.1007/s12083-015-0409-0.
52. Dolev, D., and Yao, A. C., On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198–208, 1983.
53. Cao, X., and Zhong, S., Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun. Lett. 10(8):580–581, 2006.
54. Abadi, M., Blanchet, B., and Comon-Lundh, H., Models and proofs of protocol security: A progress report. In: Computer Aided Verification, Springer, pp. 35–49, 2009.
55. Chaudhry, S. A., Farash, M. S., Naqvi, H., and Sher, M., A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron. Commer. Res., 1–27, 2015. doi:10.1007/s10660-015-9192-5.
56. Chaudhry, S. A., Farash, M. S., Naqvi, H., Kumari, S., and Khan, M. K., An enhanced privacy preserving remote user authentication scheme with provable security. Secur. Commun. Netw., 1–13, 2015. doi:10.1002/sec.1299.
57. Xie, Q., Hu, B., Dong, N., and Wong, D. S., Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems. PloS one 9(7):e102747, 2014.