Skip to main content
SpringerLink
Log in

A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS

  • Patient Facing Systems
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas’s scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to other related schemes. As a result, our scheme is very appropriate for practical applications in TMIS.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Amin, R., and Biswas, G.P., A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS. J. Med. Syst. 39(3):1–17, 2015.

    Article  Google Scholar 

  2. AVISPA: Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed on January 2013

  3. AVISPA: AVISPA Web Tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed on March 2015

  4. Basin, D., Modersheim, S., OFMC, L.V., A symbolic model checker for security protocols. Int. J. Inf. Secur. 4(3):181–208, 2005.

    Article  Google Scholar 

  5. Burnett, A., Byrne, F., Dowling, T., Duffy, A., A Biometric Identity Based Signature Scheme. Int. J. Netw. Secur. 5(3):317–326, 2007.

    Google Scholar 

  6. Burrows, M., Abadi, M., Needham, R., A logic of authentication. ACM Trans. Comput. Syst. 8(1):18–36, 1990.

    Article  Google Scholar 

  7. Chatterjee, S., and Das, A.K., An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks. Secur. Commun. Netw. 8(9):1752–1771, 2015.

    Article  Google Scholar 

  8. Chatterjee, S., Das, A.K., Sing, J.K., A novel and efficient user access control scheme for wireless body area sensor networks. J. King Saud Univ.-Comput. Inf. Sci. 26(2):181–201, 2014.

    Google Scholar 

  9. Chuang, M.-C., and Chen, M.C., An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst. Appl. 41(4):1411–1418, 2014.

    Article  Google Scholar 

  10. Chuang, Y.-H, and Tseng, Y.-M., An efficient dynamic group key agreement protocol for imbalanced wireless networks. Int. J. Netw. Manag. 20(4):167–180, 2010.

    Google Scholar 

  11. Das, A.K, Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.

    Article  Google Scholar 

  12. Das, A.K., A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw. Appl.,1–22, 2014. doi:10.1007/s12083-014-0324-9.

  13. Das, A.K., A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. Wirel. Pers. Commun.,1–28, 2015. doi:10.1007/s11277-015-2288-3.

  14. Das, A.K., A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems. J. Med. Syst. 39(3):1–20, 2015.

    Google Scholar 

  15. Das, A.K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.

    Article  Google Scholar 

  16. Das, A.K., Paul, N.R., Tripathy, L., Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf. Sci. 209(C):80–92, 2012.

    Article  Google Scholar 

  17. Das, A.K., Sharma, P., Chatterjee, S., Sing, J.K., A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. J. Netw. Comput. Appl. 35(5):1646–1656, 2012.

    Article  Google Scholar 

  18. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Proceedings of the Advances in Cryptology (Eurocrypt’04), Vol. 3027, pp. 523–540. LNCS (2004)

  19. Dolev, D., and Yao, A., On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198–208, 1983.

    Article  Google Scholar 

  20. Guo, P., Wang, J., Geng, X.H., Kim, C.S., Kim, J.-U., A variable threshold-value authentication architecture for wireless mesh networks. J. Internet Technol. 15(6):929–936, 2014.

    Google Scholar 

  21. He, D., Kumar, N., Chen, J., Lee, C.-C., Chilamkurti, N., Yeo, S.-S., Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimed. Syst. 21(1): 49–60, 2015.

    Article  Google Scholar 

  22. He, D., Kumar, N., Chilamkurti, N., A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks: Information Sciences, 2015. doi:10.1016/j.ins.2015.02.010.

  23. He, D., Kumar, N., Chilamkurti, N., Lee, J.-H., Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J. Med. Syst. 38(10), 2014.

  24. He, D., Kumar, N., Lee, J.-H., Sherratt, R.S., Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans. Consum. Electron. 60(1):30–37, 2014.

    Article  Google Scholar 

  25. He, D., and Zeadally, S., Authentication protocol for an ambient assisted living system. IEEE Commun. Mag. 53(1):71–77, 2015.

    Article  Google Scholar 

  26. Islam, S. K. H., and Khan, M.K., Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems. J. Med. Syst. 38(10):135, 2014.

    Article  PubMed  Google Scholar 

  27. Jina, A.T.B., Linga, D.N.C., Biohashing, A. G., Two factor authentication featuring fingerprint data and tokenized random number. Pattern Recogn. 37(11):2245–2255, 2004.

    Article  Google Scholar 

  28. Khan, M.K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4), 2013.

  29. Khan, M.K., and Kumari, S., Cryptanalysis and Improvement of “An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems. Secur. Commun. Netw. 7(2):399–408, 2014.

    Article  Google Scholar 

  30. Khan, M.K., and Kumari, S., An improved user authentication protocol for healthcare services via wireless medical sensor networks. Int. J. Distrib. Sensor Netw. 2014:1–10, 2014. doi:10.1155/2014/347169. Article ID 347169.

    Google Scholar 

  31. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of Advances in Cryptology - CRYPTO’99, Vol. 1666, pp. 388–397. LNCS (1999)

  32. Kumari, S., Khan, M.K., Kumar, R., Cryptanalysis and improvement of ‘a privacy enhanced scheme for telecare medical information systems. J. Med. Syst. 37(4), 2013.

  33. Li, X., Niu, J.-W., Ma, J., Wang, W.-D., Liu, C.-L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1):73–79, 2011.

    Article  CAS  Google Scholar 

  34. Li, X., Xiong, Y., Ma, J., Wang, W., An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2):763–769, 2012.

    Article  CAS  Google Scholar 

  35. Lumini, A., and Nanni, L., An improved biohashing for human authentication. Pattern Recogn. 40(3): 1057–1065, 2007.

    Article  Google Scholar 

  36. Maitra, T., and Giri, D., An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment. J. Med. Syst. 38(12):1–19, 2014.

    Article  Google Scholar 

  37. Messerges, T. S., Dabbish, E. A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  Google Scholar 

  38. Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  Google Scholar 

  39. Mishra, D., On the security flaws in ID-based password authentication schemes for telecare medical information systems. J. Med. Syst. 39(1):154, 2014.

    Article  PubMed  Google Scholar 

  40. Mishra, D., Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems. J. Med. Syst. 39(3):19, 2015.

    Article  PubMed  Google Scholar 

  41. Mishra, D., Das, A.K., Mukhopadhyay, S., A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Netw. Appl.,1–22, 2014. doi:10.1007/s12083-014-0321-z.

  42. Mishra, D., Das, A. K., Mukhopadhyay, S., A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst. Appl. 41(18):8129–8143, 2014.

    Article  Google Scholar 

  43. Mishra, D., and Mukhopadhyay, S.: Cryptanalysis of Pairing-Free Identity-Based Authenticated Key Agreement Protocols. In: Information Systems Security, volume 8303 of Lecture Notes in Computer Science, pp. 247–254. Springer Berlin Heidelberg (2013)

  44. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M.K., et al., Cryptanalysis and Improvement of Yan Biometric-Based Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 38(6):24, 2014.

    Article  PubMed  Google Scholar 

  45. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M.K., Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5):41, 2014.

    Article  PubMed  Google Scholar 

  46. Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10), 2014.

  47. Mishra, R., and Barnwal, A.K., A privacy preserving secure and efficient authentication scheme for telecare medical information systems. J. Med. Syst. 39(5):54, 2015.

    Article  PubMed  Google Scholar 

  48. Odelu, V., Das, A. K., Goswami, A., A secure and efficient ecc-based user anonymity preserving single sign-on scheme for distributed computer networks. Secur. Commun. Netw. 8(9):1732–1751, 2015.

    Article  Google Scholar 

  49. Odelu, V., Das, A.K., Goswami, A., A secure and scalable group access control scheme for wireless sensor networks: Wireless Personal Communications, 2015. doi:10.1007/s11277-015-2866-4.

  50. Odelu, V., Das, A.K., Goswami, A., A secure biometricsbased multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensic. Secur. 10(9):1953–1966, 2015. doi:10.1109/TIFS.2015.2439964.

  51. Sarkar, P., A simple and generic construction of authenticated encryption with associated data. ACM Trans. Inf. Syst. Secur. 13(4):1–16, 2010.

    Article  Google Scholar 

  52. Siddiqui, Z., Abdullah, A.-H., Khan, M.K., Alghamdi, A.S., Smart environment as a service, three factor cloud based user authentication for telecare medical information system. J. Med. Syst. 38(1):9997, 2014.

    Article  PubMed  Google Scholar 

  53. Sood, S.K., Sarje, A.K., Singh, K., A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2):609–618, 2011.

    Article  Google Scholar 

  54. Stinson, D.R., Some Observations on the Theory of Cryptographic Hash Functions. Des., Codes Crypt. 38(2): 259–277, 2006.

    Article  Google Scholar 

  55. Von Oheimb, D.: The high-level protocol specification language hlpsl developed in the eu project avispa , pp. 1–17. Tallinn (2005)

  56. Wang, B., and Ma, M., A smart card based efficient and secured multi-server authentication scheme. Wirel. Pers. Commun. 68(2):361–378, 2013.

    Article  Google Scholar 

  57. Xue, K., Hong, P., Ma, C., A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J. Comput. Syst. Sci. 80(1):195–206, 2014.

    Article  Google Scholar 

  58. Yang, D., and Yang, B.: A biometric password-based multi-server authentication scheme with smart card. In: 2010 International Conference on Computer Design and Applications (ICCDA), Vol. 5, pp. 554–559. IEEE (2010)

Download references

Acknowledgments

The authors would like to acknowledge the helpful suggestions of the anonymous reviewers and the Editor, which have improved the content and the presentation of this paper.

Conflict of interests

The authors declare that there is no conflict of interest.

Author information

Authors and Affiliations

  1. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India

    Ashok Kumar Das

  2. Department of Mathematics, Indian Institute of Technology, Kharagpur, 721 302, India

    Vanga Odelu & Adrijit Goswami

Authors
  1. Ashok Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vanga Odelu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Adrijit Goswami
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashok Kumar Das.

Additional information

This article is part of the Topical Collection on Patient Facing Systems

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Das, A.K., Odelu, V. & Goswami, A. A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS. J Med Syst 39, 92 (2015). https://doi.org/10.1007/s10916-015-0276-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0276-5

Keywords

Search

Navigation