Skip to main content
SpringerLink
Log in

An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps

  • Mobile Systems
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Recently, numerous extended chaotic map-based password authentication schemes that employ smart card technology were proposed for Telecare Medical Information Systems (TMISs). In 2015, Lu et al. used Li et al.’s scheme as a basis to propose a password authentication scheme for TMISs that is based on biometrics and smart card technology and employs extended chaotic maps. Lu et al. demonstrated that Li et al.’s scheme comprises some weaknesses such as those regarding a violation of the session-key security, a vulnerability to the user impersonation attack, and a lack of local verification. In this paper, however, we show that Lu et al.’s scheme is still insecure with respect to issues such as a violation of the session-key security, and that it is vulnerable to both the outsider attack and the impersonation attack. To overcome these drawbacks, we retain the useful properties of Lu et al.’s scheme to propose a new password authentication scheme that is based on smart card technology and requires the use of chaotic maps. Then, we show that our proposed scheme is more secure and efficient and supports security properties.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst 24(4):213–234, 2000.

    Article  CAS  PubMed  Google Scholar 

  2. Xie, Q., Hu, B., Dong, N., and Wong, D.S., Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems. PLoS ONE 9(7):e102747, 2014. doi:10.1371/journal.pone.0102747.

    Article  PubMed Central  PubMed  Google Scholar 

  3. Lamport, L., Password authentication with insecure communication. Commun. ACM. 24(11):770–772, 1981.

    Article  Google Scholar 

  4. Son, K., Han, D., and Won, D., A privacy-protecting authentication scheme for roaming services with smart cards. IEICE trans. 95(5):1819–1821, 2012.

    Article  Google Scholar 

  5. Jeon, W., Kim, J., Nam, J., Lee, Y., and Won, D., An enhanced secure authentication scheme with anonymity for wireless environments. IEICE trans. 95(7):2505–2508, 2012.

    Article  Google Scholar 

  6. Kim, J., Lee, D., Jeon, W., Lee, Y., and Won, D., Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks. Sens. 14(4):6443–6462, 2014.

    Article  Google Scholar 

  7. Choi, Y., Lee, D., Kim, J., Jung, J., Nam, J., and Won, D., Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography. Sens. 14(6):10081–10106, 2014.

    Article  Google Scholar 

  8. Choi, Y., Nam, J., Lee, D., Kim, J., Jung, J., and Won, D., Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics. Sci. Wor. J., 2014. doi:10.1155/2014/281305. Article ID 281305, 15p, 2015.

    Google Scholar 

  9. Lu, Y.R., Li, L.X., Peng, H.P., Yang, X., and Yang, Y.X., A lightweight ID based authentication and key agreement protocol for multi-server architecture. Int. J. Distrib. Sens. N., 2015. doi:10.1155/2015/635890. Article ID 635890, 9p, 2015.

    Google Scholar 

  10. Lu, Y.R., Li, L.X., Peng, H.P., and Yang, Y.X., An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J. Med. Syst 39(3):1–8, 2015.

    Article  CAS  Google Scholar 

  11. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M.K., and Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5): 1–11, 2014. doi:10.1007/s10916-014-0041-1.

    Article  Google Scholar 

  12. Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):1–12, 2014. doi:10.1007/s10916-014-0136-8.

    Article  Google Scholar 

  13. Arshad, H., Teymoori, V., Nikooghadam, M., Abbassi, H., On the security of a two-factor authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 39(7):1–10, 2015. doi:10.1007/s10916-015-0259-6.

    Google Scholar 

  14. Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  PubMed  Google Scholar 

  15. He, D.B., Chen, J.H., and Zhang, R., A More Secure Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  16. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  PubMed  Google Scholar 

  17. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838 , 2012.

    Article  PubMed  Google Scholar 

  18. Özkaynak, F., and Yavuz, Designing chaotic S-boxes based on time-delay chaotic system. Nonlinear Dyn. 74(3):551–557, 2013.

    Article  Google Scholar 

  19. Khan, M., Shah, T., Mahmood, H., and Gondal, M.A., An efficient method for the construction of block cipher with multichaotic systems. Nonlinear Dyn. 71:489–492, 2013.

    Article  Google Scholar 

  20. Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information. J. Med. Syst. 38(10):1–10, 2014. doi:10.1007/s10916-014-0120-3.

    Article  Google Scholar 

  21. Gao, B., Shi, Y.F., Yang, C.L., Li, L.X., Wang, L.C., and Yang, Y.X., STP-LWE: A variant of learning with error for a flexible encryption. Vol. 341490, pp. 1–7, 2014. Article ID 2014.

  22. Xiao, D., Liao, X.F., and Wong, K.W., An efficient entire chaos based scheme for deniable authentication. Chaos Soliton Fract. 23:1327–1331, 2005.

    Article  Google Scholar 

  23. Tseng, H., Jan, R., and Yang, W., A chaotic maps-based key agreement protocol that preserves user anonymity. IEEE Int. Conf. Commun.,1–6, 2009. ICC09.

  24. Niu, Y., and Wang, X., An anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 16(4):1986–1992, 2011.

    Article  Google Scholar 

  25. Xue, K., and Hong, P., Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 17(7):2969–2977, 2012.

    Article  Google Scholar 

  26. Guo, C., and Chang, C., Chaotic maps-based passwordauthenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6):1433–1440, 2013.

    Article  Google Scholar 

  27. Hao, X., Wang, J., Yang, Q., Yan, X., and Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):9919, 2013.

    Article  PubMed  Google Scholar 

  28. Lin, H.Y., Improved chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer, Simul., 2014. doi:10.1016/j.cnsns.2014.05.027.

    Google Scholar 

  29. Jiang, Q., Ma, J., Lu, X., and Tian, Y., Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J. Med. Syst. 38(2):12, 2014.

    Article  PubMed  Google Scholar 

  30. Lee, T.F., An efficient chaotic map-based authentication and key agreement scheme using smart cards for telecare medicine information systems. J. Med. Syst. 37(6):9985, 2013.

    Article  PubMed  Google Scholar 

  31. Li, C.T., Lee, C.C, and Weng, C.Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):1–11, 2014.

    Article  CAS  Google Scholar 

  32. Lu, Y.R., Li, L.X., Peng, H.P., Xie, D., and Yang, Y.X., Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J. Med. Syst. 39(6): 1–10, 2015.

    Article  CAS  Google Scholar 

  33. Stallings, W., Cryptography and Network Security: Principles and Practices. 3rd edn: Prentice Hall, 2003.

  34. Li, C.T., Lee, C.C., and Weng, C.Y., An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dyn. 74:1133–1143, 2013.

    Article  Google Scholar 

  35. Lee, C.C., and Hsu, C.W., A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. Nonlinear Dyn. 71:201–211, 2013.

    Article  Google Scholar 

  36. Zhao, D.W., Peng, H.P., Wang, C., and Yang, Y.X., A secret sharing scheme with a short share realizing the (t, n) threshold and the adversary structure. Comput. Math. Appl. 64(4):611–615 , 2012.

    Article  Google Scholar 

  37. Messerges, T.S., Dabbish, E.A., and Sloan, R.H., Examining smartcard security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  Google Scholar 

  38. Bergamo, P., Arco, P., Santis, A., and Kocarev, L., Security of public key cryptosystems based on Chebyshev polynomials. IEEE. Trans. Circ. Syst. I(52):1382–1393, 2005.

    Article  Google Scholar 

  39. Lumini, A., and Nanni, L., An improved biohashing for human authentication. Pattern Recogn. 40(3): 1057–1065, 2007.

    Article  Google Scholar 

  40. Das, A.K., and Goswami, A., An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function. J. Med. Syst 38(6):27, 2014.

    Article  PubMed  Google Scholar 

  41. Stallings, W., Cryptography and network security:principles and practices, 3th edition: Prentice Hall, 2003.

  42. Mishra, D., Das, A.K., and Mukhopadhyay, S., A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards, A. Expert Sys. Appl. 41(18):8129–8143, 2014.

    Article  Google Scholar 

  43. Das, A.K., Paul, N.R., and Tripathy, L., Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Information Sci. 209:80–92 , 2012.

    Article  Google Scholar 

  44. Das, A.K., A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Networking Sci. 2(1-2):12–27, 2013.

    Article  Google Scholar 

  45. Burrow, M., Abadi, M., Needham, R., A logic of authentication. ACM Trans. Compu. Syst. 8:18–36, 1990.

    Google Scholar 

  46. Zhao, D.W., Peng, H.P., Li, L.X., and Yang, Y.X., A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wireless Pers. Commun. 78:247–269, 2013.

    Article  Google Scholar 

  47. Lee, C.C., Lou, D.C., Li, C.T., and Hsu, C.W., An extended chaotic maps-based protocol with key agreement for multiserver environments. Nonlinear Dyn. 76(1):853–866, 2014.

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported by Institute for Information & communications Technology Promotion(IITP) grant funded by the Korea government(MSIP) (No.R0126-15-1111, The Development of Risk-based Authentication ⋅Access Control Platform and Compliance Technique for Cloud Security)

Author information

Authors and Affiliations

  1. Information Security Group, Sungkyunkwan University, 2066 Seobu-ro, Suwon, 16419, Korea

    Jongho Moon, Younsung Choi, Jiye Kim & Dongho Won

Authors
  1. Jongho Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Younsung Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiye Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Jongho Moon or Dongho Won.

Additional information

This article is part of the Topical Collection on Smart Living in Healthcare and Innovations

Grants, communicated-by lines, or other notes about the article will be placed here between rules. Such notes are optional.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Moon, J., Choi, Y., Kim, J. et al. An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps. J Med Syst 40, 70 (2016). https://doi.org/10.1007/s10916-015-0422-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0422-0

Keywords

Search

Navigation