Abstract
Internet of medical things (IoMT) is bringing many opportunities for healthcare and our personal lives. For example, using this technology a healthcare provider can remotely monitor, collect and analyze data of patients using smart sensors that are connected to them. With this trend on the rise, data protection and information security in healthcare environments are now major concerns. Authentication before starting the data transmission is a common approach to provide data security. Recently, Mohammedi et al. have proposed a lightweight biometric-based authentication scheme for mobile healthcare environments and have claimed that their scheme is secure against known attacks in the context of RFID authentication protocols. However, in this paper, we provide a more detailed analysis of the this scheme and show that their protocol is vulnerable to a man-in-the-middle attack. Furthermore, we demonstrate that their protocol does not provide other security requirements such as forward secrecy, anonymity, and untraceability. To remedy these weaknesses, we propose an improved scheme and demonstrate that the proposed scheme can withstand common attacks while it requires approximately 23% less computation time and 50% less communication overhead than the Mohammedi et al. scheme. We also formally evaluate the security of the proposed protocol by Scyther tool, which is a widely accepted automated tool for this purpose.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Ali R, Pal AK (2018) Cryptanalysis and biometric-based enhancement of a remote user authentication scheme for e-healthcare system. Arab J Sci Eng 43(12):7837–7852
Amin R, Islam SH, Biswas GP, Khan MK, Li X (2015) Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J Med Syst 39(11):140
An Y (2012) Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. J Biomed Biotechnol 2012:1–6
Bayrakdar ME (2019) Fuzzy logic based coordinator node selection approach in wireless medical sensor networks. In: 2019 4th international conference on computer science and engineering (UBMK). IEEE, pp 340–343
Bayrakdar ME (2019) Priority based health data monitoring with IEEE 802.11af technology in wireless medical sensor networks. Med Biol Eng Comput 57(12):2757–2769
Bayrakdar ME (2020) Cooperative communication based access technique for sensor networks. Int J Electron 107(2):212–225
Bendavid Y, Bagheri N, Safkhani M, Rostampour S (2018) Iot device security: challenging “A lightweight RFID mutual authentication protocol based on physical unclonable function”. Sensors 18(12):1–19
Bin Muhaya FT (2015) Cryptanalysis and security enhancement of Zhu’s authentication scheme for telecare medicine information system. Secur Commun Netw 8(2):149–158
Challa S, Wazid M, Das AK, Khan MK (2018) Authentication protocols for implantable medical devices: Taxonomy, analysis and future directions. IEEE Consum Electron Mag 7(1):57–65
Chang Y-F, Yu S-H, Shiao D-R (2013) A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J Med Syst 37(2):9902
Chen Y, Fondeur J-C (2009) Biometric algorithms. Springer US, Boston, pp 64–68
Cremers C (2020) Cispa. https://people.cispa.io/cas.cremers/publications/index.html
Cremers C, Mauw S, Samarin A (2012) Operational semantics and verification of security protocols. Information security and cryptography. Springer, Berlin
Das AK (2011) Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf Secur 5(3):145–151
Das AK, Goswami A (2013) A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J Med Syst 37(3):9948
Dharanesh CM, Prasad R, Patil CM (2017) Feature extraction classification for personal identification using iris. In: 2017 international conference on current trends in computer, electrical, electronics and communication (CTCEEC), pp 431–435
Farash MS, Nawaz O, Mahmood K, Chaudhry SA, Khan MK (2016) A provably secure RFID authentication protocol based on elliptic curve for healthcare environments. J Med Syst 40(7):165
Fei L, Zhang B, Jia W, Wen J, Zhang D (2020) Feature extraction for 3-D palmprint recognition: a survey. IEEE Trans Instrum Meas 69(3):645–656
Figueroa I (2020) ECC scalar multiplications. https://github.com/ifigueroam/Crypto
He D, Zeadally S (2015) An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J 2(1):72–83
Jiang Q, Ma J, Tian Y et al (2015) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of zhang. Int J Commun Syst 28(7):1340–1351
Lee E (2020) RSA encryption. https://github.com/suciluz/multithreaded-rsa-encryption/blob/master/encryption.cpp
Li C-T, Hwang M-S (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5
Li X, Niu J, Karuppiah M, Kumari S, Wu F (2016) Secure and efficient two-factor user authentication scheme with user anonymity for network based e-health care applications. J Med Syst 40(12):268
Li X, Niu J, Kumari S, Liao J, Liang W, Khan MK (2016) A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity. Secur Commun Netw 9(15):2643–2655
Maitra T, Obaidat MS, Amin R, Islam SH, Chaudhry SA, Giri D (2017) A robust elgamal-based password-authentication protocol using smart card for client-server communication. Int J Commun Syst 30(11):e3242
Mohammedi M, Omar M, Bouabdallah A (2018) Secure and lightweight remote patient authentication scheme with biometric inputs for mobile healthcare environments. J Ambient Intell Humaniz Comput 9(5):1527–1539
Moosavi SR, Gia TN, Rahmani A-M, Nigussie E, Virtanen S, Isoaho J, Tenhunen H (2015) Sea: a secure and efficient authentication and authorization architecture for iot-based healthcare using smart gateways. Proc Comput Sci 52:452–459. In: The 6th international conference on ambient systems, networks and technologies (ANT-2015), the 5th international conference on sustainable energy information technology (SEIT-2015)
Reid S (2020) SHA1 hash function c implementation. https://github.com/clibs/sha1/blob/master/sha1.c
Sun D-Z, Zhong J-D (2016) Cryptanalysis of a hash based mutual RFID tag authentication protocol. Wirel Pers Commun 91(3):1085–1093
Tewari A, Gupta BB (2017) Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for iot devices using rfid tags. J Supercomput 73(3):1085–1102
Wang C, Wang D, Xu G, Guo Y (2017) A lightweight password-based authentication protocol using smart card. Int J Commun Syst 30(16):e3336
Wang K-H, Chen C-M, Fang W, Wu T-Y (2018) On the security of a new ultra-lightweight authentication protocol in iot environment for rfid tags. J Supercomput 74(1):65–70
Wu F, Xu L, Kumari S, Li X (2017) A new and secure authentication scheme for wireless sensor networks with formal proof. Peer Peer Netw Appl 10(1):16–30
Wu F, Li X, Sangaiah AK, Xu L, Kumari S, Wu L, Shen J (2018) A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Future Gener Comput Syst 82:727–737
Xie Q, Wong DS, Wang G, Tan X, Chen K, Fang L (2017) Provably secure dynamic id-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Trans Inf Forensics Secur 12(6):1382–1392
Yangchao Z (2020) AES encryption algorithm c implementation. https://github.com/zhouyangchao/AES/blob/master/aes.c
Acknowledgement
The authors gratefully thank all the anonymous reviewers for their valuable comments which helped us to improve the presentation of the work significantly. Nasour Bagheri was supported in part by the Iran National Science Foundation (INSF) under contract No. 98010674.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Adeli, M., Bagheri, N. & Meimani, H.R. On the designing a secure biometric-based remote patient authentication scheme for mobile healthcare environments. J Ambient Intell Human Comput 12, 3075–3089 (2021). https://doi.org/10.1007/s12652-020-02465-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-020-02465-2