Abstract
Telecare medicine information systems (TMIS) have been known as an effective mechanism to increase quality and security of healthcare services. In other to the protection of patient privacy, several authentication schemes have been proposed in TMIS, however, most of them have a security problems. Recently, Das proposed a secure and robust password-based remote user authentication scheme for the integrated EPR information system. However, in this paper, we show that his scheme have some security flaws. Then, we shall propose a secure authentication scheme to overcome their weaknesses. We prove the proposed scheme with random oracle and also use the BAN logic to prove the correctness of the proposed scheme. Furthermore, we simulate our scheme for the formal security analysis using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool.
Similar content being viewed by others
References
Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):9954, 2013.
Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Khan, M. K., and Kumari, S., Cryptanalysis and improvement of “An efficient and secure dynamic ID-based authentication scheme for Telecare medical information systems”. Secur. Commun. Netw. 7(2):399–408, 2014.
Witteman, M., Advances in smartcard security. Inf. Secur. Bull. 7:11–22, 2002.
Lee, N. Y., and Chen, J. C., Improvement of one-time password authentication scheme using smart card. IEICE Trans. Commun. E88-B(9):3765–3769, 2005.
Chen, T. H., Hsiang, H. C., and Shih, W. K., Security enhancement on an improvement on two remote user authentication schemes using smart cards. Futur. Gener. Comput. Syst. 27(4):377–380, 2011.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.
He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36:1989–1995, 2012.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36:3833–3838, 2012.
Das, M. L., Saxana, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.
Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.
Khan, M. K., et al., Cryptanalysis and security enhancement of a more efficient and secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.
Lin, H. Y., On the security of a dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 37:9929, 2013.
Cao, T., and Zhai, J., Improved dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 37:9912, 2013.
Sood, S. K., Sarjee, A. K., and Singh, K., An improvement of Liao et al.’s authentication scheme using smart card. IEEE 2nd International Advance Computing Conference (IACC2010), Patiala, India, pp. 240–245, 2010.
He, D., Kumar, N., Lee, J. H., and Sherratt, R. S., Enhanced three factor security protocol for consumer USB mass storage devices. IEEE Trans. Consum. Electron. 60(1):30–37, 2014.
Maitra, T., and Giri, D., An efficient biometric and password based remote user authentication using smart card for telecare medical information systems in multi-server environment. J. Med. Syst. 38(12):142, 2014.
He, D., Kumar, N., Chilamkurti, N., and Lee, J. H., Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J. Med. Syst. 38(10):1–6, 2014.
Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1):28–30, 2000.
Wen, F., and Li, X., An improved dynamic ID-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2):381–387, 2011.
Chen, C., He, D., Chan, S., Bu, S. J., Gao, Y., and Fan, R., Lightweight and provably secure user authentication with anonymity for the global mobility network. Int. J. Commun. Syst. 24(3):347–362, 2011.
Lee, T. F., Chang, J. B., Chan, C. W., and Liu, H. C., Password-based mutual authentication scheme using smart cards. The E-learning and Information Technology Symposium (EITS2010), Tainan, Taiwan, 2010.
Das, A., A secure and robust password-based remote user authentication scheme using smart cards for the integrated EPR information system. J. Med. Syst. 39:25, 2015.
Li, C. T., Lee, C. C., Weng, C. Y., and Fan, C. I., An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Trans. Internet Inf. Syst. 7:119–131, 2013.
Li, C. T., A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Inf. Secur. 7:3–10, 2013.
Wen, F., A more secure anonymous user authentication scheme for the integrated EPR information system. J. Med. Syst. 38(5):42, 2014.
Wen, F. T., and Guo, D. L., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(5):26, 2014.
Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38:136, 2014.
Das, A., A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems. J. Med. Syst. 39:218, 2015.
Guo, D., Wen, Q., Li, W., Zhang, H., and Jin, Z., An improved biometrics-based authentication scheme for telecare medical information systems. J. Med. Syst. 39:20, 2015.
Burrows, M., Abadi, M., and Needham, R., A logic of authentication. ACM Trans. Comput. Syst. 8(1):18–36, 1990.
He, D., and Zeadally, S., An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J. 2(1):72–83, 2015.
Sarkar, P., A Simple and generic construction of authenticated encryption with associated data. ACM Trans. Inf. Syst. Secur. 13(4):33, 2010.
Chang, Y. F., Yu, S. H., and Shiao, D. R., An uniqueness-and anonymity preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.
The AVISPA Project, HLPSL tutorial: a beginner’s guide to modelling and analysing Internet security protocols. Available at URL: www.avispa-project.org, 2005.
AVISPA. Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed on January 2013.
Mishraa, D., Das, A. K., and Mukhopadhyay, S., A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst. Appl. 41(18):8129–8143, 2014.
Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37:9933, 2013.
Stallings, W., Cryptography and network security: principles and practices, 3rd edition. Englewood Cliffs, Prentice Hall, 2003.
Li, C. T., Lee, C. C., and Weng, C. Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):77, 2014.
He, D., Kumar, N., and Chilamkurti, N., A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci. 2015. doi:10.1016/j.ins.2015.02.010.
He, D., and Zeadally, S., Authentication protocol for ambient assisted living system. IEEE Commun. Mag. 35(1):71–77, 2015.
Chen, C. L., Yang, T. T., Chiang, M. L., and Shih, T. F., A privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 38(11):143, 2014.
Arshad, H., and Nikooghadam, M., An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimedia Tool Appl. 2014. doi:10.1007/s11042-014-2282-x.
Mir, O., and Nikooghadam, M., A secure biometrics based authentication with key agreement scheme in telemedicine networks for E-health services. Wirel. Pers. Commun. 2015. doi:10.1007/s11277-015-2538-4.
He, D., Zhang, Y., and Chen, J., Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wirel. Pers. Commun. 74(2):229–243, 2014.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Systems-Level Quality Improvement
Rights and permissions
About this article
Cite this article
Mir, O., van der Weide, T. & Lee, CC. A Secure User Anonymity and Authentication Scheme Using AVISPA for Telecare Medical Information Systems. J Med Syst 39, 89 (2015). https://doi.org/10.1007/s10916-015-0265-8
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-015-0265-8