research-article

Provably secure and lightweight three-factor authentication scheme for industrial medical CPS

Authors:

Qi XieAuthors Info & Claims

Volume 79, Issue C

https://doi.org/10.1016/j.jisa.2023.103656

Published: 04 March 2024 Publication History

Abstract

Cyber-Physical System (CPS) is a multidimensional complex system that integrates computing, network, and physical environment, which is widely used to promote the upgrading of industrial production and technology. Recently, the application of industrial CPS in the medical field has attracted the attention of scholars and medical experts. Medical CPS can establish a perfect medical network to help doctors monitor patients’ conditions in real-time and make treatments. However, how to design a provably secure and lightweight authentication protocol for industrial medical CPS is a challenge. Very recently, Qi et al. proposed an authentication protocol for industrial medical CPS based on the chaotic map, the Artificial Intelligence (AI) biometric technique is used in the protocol to resist password guessing attack and smart card lost attack. However, we find that their protocol is still vulnerable to identity guessing attack, user impersonation attack, trace attack, desynchronization attack, and has no perfect forward secrecy. Therefore, we propose a security-enhanced and lightweight authentication protocol for industrial medical CPS. In the protocol, a dynamic temporary identity strategy is designed to protect anonymity and privacy, which enables the updating of temporary identities while resisting desynchronization attacks. The protocol is proved secure through formal security proof in random oracle model. Meanwhile, compared with the related protocols, our protocol is superior in security and cost to meet the lightweight requirements in medical scenarios.

References

[1]

Y Zhou, FR Yu, J Chen, Y Kuo, Cyber-physical-social systems: A state-of-the-art survey, challenges and opportunities, IEEE Communications Surveys & Tutorials 22 (1) (2019) 389–425,.

Digital Library

[2]

ZY Wu, YC Lee, F Lai, HC Lee, Y Chung, A secure authentication scheme for telecare medicine information systems, Journal of medical systems 36 (3) (2012) 1529–1535,.

Digital Library

[3]

H Debiao, C Jianhua, Z Rui, A more secure authentication scheme for telecare medicine information systems, Journal of medical systems 36 (3) (2012) 1989–1995,.

Digital Library

[4]

F Wu, X Li, AK Sangaiah, L Xu, S Kumari, L Wu, J Shen, A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks, Future Generation Computer Systems 82 (2018) 727–737,.

[5]

D Wang, W Li, P Wang, Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks, IEEE Transactions on Industrial Informatics 14 (9) (2018) 4081–4092,.

[6]

HM Chen, JW Lo, CK Yeh, An efficient and secure dynamic id-based authentication scheme for telecare medical information systems, Journal of medical systems 36 (6) (2012) 3907–3915,.

Digital Library

[7]

Q Xie, J Zhang, N Dong, Robust anonymous authentication scheme for telecare medical information systems, Journal of medical systems 37 (2) (2013) 1–8,.

[8]

A. Gupta, M. Tripathi, S. Muhuri, G. Singal, N. Kumar, A secure and lightweight anonymous mutual authentication scheme for wearable devices in Medical Internet of Things, Journal of Information Security and Applications 68 (2022),.

Digital Library

[9]

C.H. Liu, Y.F. Chung, Secure user authentication scheme for wireless healthcare sensor networks, Computers & Electrical Engineering 59 (2017) 250–261,.

[10]

P. Mohit, An efficient mutual authentication and privacy prevention scheme for e-healthcare monitoring, Journal of Information Security and Applications 63 (2021),.

Digital Library

[11]

B Huang, MK Khan, L Wu, FTB Muhaya, D He, An efficient remote user authentication with key agreement scheme using elliptic curve cryptography, Wireless Personal Communications 85 (1) (2015) 225–240,.

Digital Library

[12]

S Qiu, G Xu, H Ahmad, L Wang, A robust mutual authentication scheme based on elliptic curve cryptography for telecare medical information systems, IEEE access 6 (2017) 7452–7463,.

[13]

YS Lee, E Alasaarela, HJ Lee, An efficient encryption scheme using elliptic curve cryptography (ECC) with symmetric algorithm for healthcare system, International journal of security and its applications 8 (3) (2014) 63–70,.

[14]

Z Ding, Q Xie, Provably Secure Dynamic Anonymous Authentication Protocol for Wireless Sensor Networks in Internet of Things, Sustainability 15 (2023) 5734,.

[15]

B Hu, W Tang, Q Xie, A Two-factor Security Authentication Scheme for Wireless Sensor Networks in IoT Environments, Neurocomputing 500 (2022) 741–749,.

[16]

T Maitra, MS Obaidat, SH Islam, D Giri, R Amin, Security analysis and design of an efficient ECC-based two-factor password authentication scheme, Security and Communication Networks 9 (17) (2016) 4166–4181,.

Digital Library

[17]

C Guo, CC Chang, Chaotic maps-based password-authenticated key agreement using smart cards, Communications in Nonlinear Science and Numerical Simulation 18 (6) (2013) 1433–1440,.

[18]

L Zhang, H Luo, L Zhao, Y Zhang, Privacy protection for point-of-care using chaotic maps-based authentication and key agreement, Journal of Medical Systems 42 (12) (2018) 1–13,.

Digital Library

[19]

Y Zhao, S Li, L Jiang, T Liu, Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps, International Journal of Distributed Sensor Networks 15 (4) (2019),.

[20]

Y Park, K Park, K Lee, H Song, Y Park, Security analysis and enhancements of an improved multi-factor biometric authentication scheme, International Journal of Distributed Sensor Networks 13 (8) (2017),.

[21]

G Sharma, S Kalra, A lightweight user authentication scheme for cloud-IoT based healthcare services, Iranian Journal of Science and Technology 43 (1) (2019) 619–636,. Transactions of Electrical Engineering.

[22]

D Rangwani, H Om, Four-factor mutual authentication scheme for health-care based on wireless body area network, The Journal of Supercomputing (2021) 1–35,.

Digital Library

[23]

M Fotouhi, M Bayat, AK Das, HAN Far, SM Pournaghi, MA Doostari, A lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT, Computer Networks 177 (2020),.

[24]

M Shuai, N Yu, H Wang, L Xiong, Y Li, A lightweight three-factor Anonymous authentication scheme with privacy protection for personalized healthcare applications, Journal of Organizational and End User Computing (JOEUC) 33 (3) (2021) 1–18,.

[25]

Q Xie, Z Ding, B Hu, A Secure and Privacy-Preserving Three-Factor Anonymous Authentication Scheme for Wireless Sensor Networks in Internet of Things, Security and Communication Networks 2021 (2021),.

Digital Library

[26]

TF Lee, IP Chang, TS Kung, Blockchain-Based Healthcare Information Preservation Using Extended Chaotic Maps for HIPAA Privacy/Security Regulations, Applied Sciences 11 (22) (2021) 10576,.

[27]

P Gope, A K Das, N Kumar, Y Cheng, Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks, IEEE transactions on industrial informatics 15 (9) (2019) 4957–4968,.

[28]

R Qi, S Ji, J Shen, P Vijayakumar, N Kumar, Security preservation in industrial medical CPS using Chebyshev map: An AI approach, Future Generation Computer Systems 122 (2021) 52–62,.

[29]

D Dolev, A Yao, On the security of public key protocols, IEEE Transactions on information theory 29 (2) (1983) 198–208,.

Digital Library

[30]

Kocarev L, Makraduli J, Amato P (2005) Public-key encryption based on Chebyshev polynomials. Circuits, Systems and Signal Processing, 24(5):497-517. https://doi.org/10.1007/s00034-005-2403-x.

[31]

L Zhang, Cryptanalysis of the public key encryption based on multiple chaotic systems, Chaos, Solitons & Fractals 37 (3) (2008) 669–674,.

[32]

A Maiti, I Kim, P Schaumont, A robust physical unclonable function with enhanced challenge-response set, IEEE Transactions on Information Forensics and Security 7 (1) (2011) 333–345,.

Digital Library

[33]

D Wang, H Cheng, P Wang, X Huang, G Jian, Zipf's law in passwords, IEEE Transactions on Information Forensics and Security 12 (11) (2017) 2776–2791,.

Digital Library

[34]

D Wang, P Wang, Two birds with one stone: Two-factor authentication with security beyond conventional bound, IEEE Transactions on Dependable and Secure Computing 15 (4) (2018) 708–722,.

Digital Library

Index Terms

Provably secure and lightweight three-factor authentication scheme for industrial medical CPS
1. Applied computing
  1. Life and medical sciences
    1. Health care information systems
2. Security and privacy
  1. Cryptography
  2. Security services
    1. Authentication

Index terms have been assigned to the content through auto-classification.

Recommendations

Provably secure three party encrypted key exchange scheme with explicit authentication

In 2007, Lu and Cao proposed a simple, three-party, password-based, authenticated key exchange (S-3PEKE) protocol based on the chosen-basis computational Diffie-Hellman assumption. Although the authors claimed that their protocol was superior to similar ...
Improvement of Provably Secure Self-Certified Proxy Convertible Authenticated Encryption Scheme
INCOS '12: Proceedings of the 2012 Fourth International Conference on Intelligent Networking and Collaborative Systems

By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on ...
Provably secure delegation-by-certification proxy signature schemes
InfoSecu '04: Proceedings of the 3rd international conference on Information security

In this paper, we first show that a previous proxy signature scheme by delegation with certificate is not provably secure under adaptive-chosen message attacks and adaptive-chosen warrant attacks. The scheme does not provide the strong undeniability. ...

Comments

Information & Contributors

Information

Published In

cover image Journal of Information Security and Applications

Journal of Information Security and Applications Volume 79, Issue C

Dec 2023

263 pages

ISSN:2214-2126

Issue’s Table of Contents

Copyright © 2023.

Publisher

Elsevier Science Inc.

United States

Publication History

Published: 04 March 2024

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Oct 2024

Other Metrics

View Author Metrics

Citations

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents