KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Lightweight Pseudonym Authentication and Key Agreement Protocol for Multi-medical Server Architecture in TMIS

  • Liu, Xiaoxue (School of Maths. and Info. Science, Shaanxi Normal University) ;
  • Li, Yanping (School of Maths. and Info. Science, Shaanxi Normal University) ;
  • Qu, Juan (School of Maths. and Stats., Chongqing Three Gorges University) ;
  • Ding, Yong (School of Computer Sci. and info. security, Guangxi Key Laboratory of Cryptography and Info. Security)
  • Received : 2016.09.19
  • Accepted : 2016.12.13
  • Published : 2017.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Telecare Medical Information System (TMIS) helps the patients to gain the health monitoring information at home and access medical services over the mobile Internet. In 2015, Das et al proposed a secure and robust user AKA scheme for hierarchical multi-medical server environment in TMIS, referred to as DAKA protocol, and claimed that their protocol is against all possible attacks. In this paper, we first analyze and show DAKA protocol is vulnerable to internal attacks, impersonation attacks and stolen smart card attack. Furthermore, DAKA protocol also cannot provide confidentiality. We then propose a lightweight pseudonym AKA protocol for multi-medical server architecture in TMIS (short for PAKA). Our PAKA protocol not only keeps good security features declared by DAKA protocol, but also truly provides patient's anonymity by using pseudonym to protect sensitive information from illegal interception. Besides, our PAKA protocol can realize authentication and key agreement with energy-saving, extremely low computation cost, communication cost and fewer storage resources in smart card, medical servers and physical servers. What's more, the PAKA protocol is proved secure against known possible attacks by using Burrows-Abadi-Needham (BAN) logic. As a result, these features make PAKA protocol is very suitable for computation-limited mobile device.

Keywords

References

  1. D. Florencio and C. Herley, "A large-scale study of web password habits," in Proc. of the 16th International Conference on World Wide Web. pp. 657-666, May 8-12, 2007.
  2. Z. Y. Wu, Y. C. Lee, F. P. Lai, et al., "A secure authentication scheme for telecare medicine information systems," Journal of Medical Systems, vol.36, no.3, pp.1529-1535, 2012. https://doi.org/10.1007/s10916-010-9614-9
  3. D. He, J .Cao and R .Zhang, "A more secure authentication scheme for telecare medicine information systems," Journal of Medical Systems, vol.36, no.3, pp.1989-1995, 2012. https://doi.org/10.1007/s10916-011-9658-5
  4. J. Wei, X. Hu and W. Liu, "An improved authentication scheme for telecare medicine information systems," Journal of Medical Systems, vol. 36, no.6, pp. 3597-3604, 2012. https://doi.org/10.1007/s10916-012-9835-1
  5. Z. Zhu, "An efficient authentication scheme for telecare medicine information systems," Journal of Medical Systems, vol. 36, no.6, pp. 3833-3838, 2012. https://doi.org/10.1007/s10916-012-9856-9
  6. T.F. Lee, I.P. Chang, T. H. Lin, et al., "A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system," Journal of Medical Systems, vol. 37, no.3, pp. 3867-3872, 2012.
  7. Z. Tan, "An efficient biometrics-based authentication scheme for telecare medicine information systems," Przeglad Elektrotechniczny, vol. 89, no.5, pp.200-204, 2013.
  8. X. Yan, W. Li, P. Li, et al., "A secure biometrics-based authentication scheme for telecare medicine information systems," Journal of Medical Systems, vol. 37, no.5, pp. 1-6, 2013.
  9. D. Mishra, A. Das and S. Mukhopadhyay, "A secure user anonymity preserving biometric-based multi-server authenticated key agreement scheme using smart cards," Expert Systems with Applications, vol. 41, no.18, pp. 8129-8143, 2014. https://doi.org/10.1016/j.eswa.2014.07.004
  10. D. He, D.Wang, "Robust biometrics-based authentication scheme for multiserver environment," IEEE Systems Journal, vol. 9, no.3, pp. 816-823, 2015. https://doi.org/10.1109/JSYST.2014.2301517
  11. V. Odelu, A. Das and A. Goswami, "A secure biometrics-based multi-server authentication protocol using smart cards," IEEE Transactions on Information Forensics and Security, vol. 10, no.9, pp. 1953-1966,2015. https://doi.org/10.1109/TIFS.2015.2439964
  12. A. Reddy, A. Das, E. Yoon, et al., "An anonymous authentication with key-agreement protocol for multi-Server architecture based on biometrics and smartcards," KSII Transactions on Internet & Information Systems, vol. 10, no.7, pp. 3371-3396, 2016. https://doi.org/10.3837/tiis.2016.07.028
  13. Lee, Hanwook, et al., "Forward anonymity-preserving secure remote authentication scheme," KSII Transactions on Internet & Information Systems ,vol. 10, no.3,pp. 1289-1310, 2016. https://doi.org/10.3837/tiis.2016.03.019
  14. Y. Lu, et al., "Robust ID-based mutual authentication and key agreement scheme preserving user anonymity in mobile networks," KSII Transactions on Internet & Information Systems, vol. 10, no.3, pp. 1273-1288, March 31, 2016. https://doi.org/10.3837/tiis.2016.03.018
  15. R. Amin and G. Biswas, "A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS," Journal of Medical Systems, vol. 39, no.3, pp. 1-17, 2015. https://doi.org/10.1007/s10916-014-0182-2
  16. A. Das, V. Odelu and A. Goswami, "A secure and robust user authenticated key agreement scheme for hierarchical multi-medical server environment in TMIS," Journal of Medical Systems, vol. 39, no.9, pp. 1-24, 2015. https://doi.org/10.1007/s10916-014-0182-2
  17. E. Dawson, J. Lopez, et al., "BAAI: Biometric authentication and authorization infrastructure," in Proc. of IEEE Int. Conf. on Information Technology: Research and Education (ITRE), pp. 371-382, Aug.11-23, 2003.
  18. X, Li , J, Niu, K ,M.K ,et al., " Robust biometrics based three-factor remote user authentication scheme with key agreement," in Proc. of IEEE Int. Symp. Biometr. Security Technologies, pp. 105-110, July 2-5, 2013.
  19. A. Makrushin, T. Scheidat and C. Vielhauer, "Improving reliability of biometric hash generation through the selection of dynamic handwriting features," Transactions on Data Hiding and Multimedia Security VIII. Springer Berlin Heidelberg, pp. 19-41, 2012.
  20. Q. Zhang, Y. Yin, et al., "A novel serial multimodal biometrics framework based on semi-supervised learning techniques," in Proc. of IEEE Trans. Inf. Forensics Security, vol. 9, no.10, pp. 1681-1694, 2014. https://doi.org/10.1109/TIFS.2014.2346703
  21. M. A. Pathak, B. Raj, S. D. Rane et al., "Privacy-preserving speech processing: cryptographic and string-matching frameworks show promise," IEEE Signal Process Magazine, pp. 62-74, vol. 30, no.2, 2013. https://doi.org/10.1109/MSP.2012.2230222
  22. Y. Wang, "Password protected smart card and memory stick authentication against off-line dictionary attacks," in Proc. of 27th Information Security and Privacy Conference,Greece, pp. 489-500, June 4-6,2012.
  23. D. He, D. Wang."Robust biometrics-based authentication scheme for multi-server environment," IEEE Systems Journal, vol. 9, no. 3, pp. 816-823, 2015. https://doi.org/10.1109/JSYST.2014.2301517
  24. D. He, S. Zeadally, N.Kumar, et al., "Anonymou s authentication for wireless body area networks with provable security," IEEE Systems Journal , vol.22, no.8, pp.1-12, 2016.
  25. D. He, N. Kumar, H. Shen, et al., "One-to-many authentication for access control in mobile pay-TV Systems," Science China-Information Sciences, vol. 59, no. 5, pp. 1-14, 2016.
  26. R. Pippal, C. Jaidhar and S. Tapaswi, "Robust smart card authentication scheme for multi-server architecture," Wireless Personal Communications, vol.72, no.1, pp.729-745, 2013. https://doi.org/10.1007/s11277-013-1039-6
  27. N. Huyen,M. Jo,T. Nguyen,et al., "A beneficial analysis of deployment knowledge for key distribu -tion in wireless sensor networks," Security and Communication Networks, vol.5, no.5 pp.485-495, 2012. https://doi.org/10.1002/sec.337
  28. N. Zhang, Y. Zang and J. Tian, "The integration of biometrics cryptography-A new solution for secure identity authentication," Journal of Cryptologic Research, vol.2, no.2, pp.156-176, 2015.
  29. X. Li, J. Niu, S. Kumari. et al., "An enhancement of a smart card authentication scheme for multi-server architecture," Wireless Personal Communications, vol.80, no.1, pp.175-192, 2015. https://doi.org/10.1007/s11277-014-2002-x
  30. H. Kilinc and T. Yanik, "A survey of SIP authentication and key agreement schemes," IEEE Communications Surveys & Tutorials, vol.16, no.2, pp.1005-1023, 2014. https://doi.org/10.1109/SURV.2013.091513.00050
  31. A. S.Wander, N. Gura, H. Eberle, et al., "Energy analysis of public-key cryptography for wireless sensor networks," in Proc. of 3rd IEEE International Conference on Pervasive Computing and Communications, pp.324-328,March 8-12, 2005.
  32. Y. Li, W. Chen, Z. Cai, et al., "CAKA: A novel certificateless-based cross domain authenticated key agreement protocol for wireless mesh networks," Wireless Networks, vol.22, no.8, pp.2523-2535, 2016. https://doi.org/10.1007/s11276-015-1109-7

Cited by

  1. A Trusted Sharing Model for Patient Records based on Permissioned Blockchain vol.18, pp.6, 2017, https://doi.org/10.7472/jksii.2017.18.6.75
  2. A Trusted Sharing Model for Patient Records based on Permissioned Blockchain vol.18, pp.6, 2017, https://doi.org/10.7472/jksii.2017.18.6.75