Abstract
The telecare medicine information system enables the patients gain health monitoring at home and access medical services over internet or mobile networks. In recent years, the schemes based on cryptography have been proposed to address the security and privacy issues in the telecare medicine information systems. However, many schemes are insecure or they have low efficiency. Recently, Awasthi and Srivastava proposed a three-factor authentication scheme for telecare medicine information systems. In this paper, we show that their scheme is vulnerable to the reflection attacks. Furthermore, it fails to provide three-factor security and the user anonymity. We propose a new three-factor authentication scheme for the telecare medicine information systems. Detailed analysis demonstrates that the proposed scheme provides mutual authentication, server not knowing password and freedom of password, biometric update and three-factor security. Moreover, the new scheme provides the user anonymity. As compared with the previous three-factor authentication schemes, the proposed scheme is more secure and practical.
Similar content being viewed by others
References
He, D. B., An efficient remote user authentication and key exchange protocol for mobile client–server environment from pairings. Ad Hoc Netw. 10(6):1009–1016, 2012.
Chen, T. H., and Lee, W. B., A new method for using hash function to solve remote user authentication. Comput. Electr. Eng. 34(1):53–62, 2008.
Sandirigama, M., Shimizu, A., and Noda, M. T., Simple and secure password authentication protocol. IEICE Trans. Commun. B(6)(E83):1363–1365, 2000.
He, D. B., Chen, Y. T., and Chen, J. H., Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn. 69(3):1149–1157, 2012.
He, D. B., Chen, J. H., and Hu, J., An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inf. Fusion 13(3):223–230, 2012.
Lamport, L., Password authentication with insecure communication. Commun. ACM 24:28–30, 1981.
Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1):28–30, 2000.
Li, L., Lin, I., and Hwang, M., A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans. Neural. Netw 12(6):1498–1504, 2001.
Das, M. L., Saxena, A., and Gulati, V. P., A dynamic id-based remote user authentication scheme. IEEE Trans. Consum. Electron 50(2):629–631, 2004.
Yoon, E. J., Ryu, E. K., and Yoo, K. Y., Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron 50(2):612–614, 2004.
Fan, C. I., and Lin, Y. H., Provably secure remote truly three-factor authentication scheme with privacy protection on biometric. IEEE T. Inf. Forensic Secur. 4(4):933–945, 2009.
Bhargav-Spantzel, A., Squicciarini, A. C., Bertino, E., Modi, S., Young, M., and Elliott, S. J., Privacy preserving multi-factor authentication with biometric. J. Comput. Secur 15(5):529–560, 2007.
Pointcheval, D., and Zimmer, S., Multi-factor authenticated key exchange. ACNS 2008 LNCS. 5037:277–295, 2008.
Li, C. T., and Hwang, M.-S., An efficient biometric-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.
He, D. B., Kumar, N., and Lee, J.-H., Enhanced three-factor security protocol for USB Consumer Storage Devices. IEEE Trans. Consum. Electron. 59(4):8111–817, 2013.
Lee, J. K., Ryu, S. R., and Yoo, K. Y., Fingerprint-based remote user authentication scheme using smart cards. Electron. Lett. 38(12):554–555, 2002.
Lin, C. H., and Lai, Y. Y., A flexible biometric remote user authentication scheme. Comput. Stand. Interfaces 27(1):19–23, 2004.
Khan, M. K., and Zhang, J., Improving the security of ‘a flexible biometric remote user authentication scheme. Comput. Stand. Interfaces 29(1):82–85, 2007.
Das, A. K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.
Lee, C.-C., and Hsu, C.-W., A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. Nonlinear Dyn 71:201–211, 2013.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2010. doi:10.1007/s10916-010-9614-9.
He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2011. doi:10.1007/s10916-011-9658-5.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9835-1.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9856-9.
Wang, R.-C., Juang, W.-S., and Lei, C.-L., Provably secure and efficient identification and key agreement protocol with user anonymity. J. Comput. Syst. Sci. 77(4):790–798, 2011. doi:10.1016/j.jcss.2010.07.004. 2010.
Khan, M. K., Kim, S.-K., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.
Chen, H.-M., Lo, J.-W., and Yeh, C.-K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9862-y.
Tan, Z. W., An efficient biometric-based authentication scheme for telecare medicine information systems. Przegl. Elektrotech. 89(5):200–204, 2013.
Awasthi, A. K., Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37, 2013. doi:10.1007/s10916-013-9964-1.
Liao, I.-E., Lee, C.-C., and Hwang, M.-S., A password scheme over insecure networks. J. Comput. Syst. Sci. 72(4):727–740, 2006.
Yang, G. M., Duncan, S. W., Wang, H. X., and Deng, X. T., Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74(7):1160–1172, 2008.
Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology-CRYPTO'99, Santa Barbara, California, USA, August 15–19, 1999. Lecture Notes in Computer Science, Vol. 1666, Springer, ISBN 3-540-66347-9, pages. 388–397, 1999.
Acknowledgments
This work is partially supported by the National Natural Science Foundation of China under Grant No.61163053, the Scholarship Program by China Scholarship Council (No.201208360050), the Open Project Program of Key Laboratory of Mathematics and Interdisciplinary Sciences of Guangdong Higher Education Institutes, Guangzhou University (No.2012-02-02-01), Natural Science Foundation of Jiangxi Province (20122BAB201035), and Foundation of Jiangxi Educational Committee under Grant GJJ13301.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Tan, Z. A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems. J Med Syst 38, 16 (2014). https://doi.org/10.1007/s10916-014-0016-2
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-014-0016-2