[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3837/tiis.2017.02.016

A Lightweight Pseudonym Authentication and Key Agreement Protocol for Multi-medical Server Architecture in TMIS

Liu, Xiaoxue (School of Maths. and Info. Science, Shaanxi Normal University)
Li, Yanping (School of Maths. and Info. Science, Shaanxi Normal University)
Qu, Juan (School of Maths. and Stats., Chongqing Three Gorges University)
Ding, Yong (School of Computer Sci. and info. security, Guangxi Key Laboratory of Cryptography and Info. Security)

Publication Information

KSII Transactions on Internet and Information Systems (TIIS) / v.11, no.2, 2017 , pp. 924-944 More about this Journal

Abstract

Telecare Medical Information System (TMIS) helps the patients to gain the health monitoring information at home and access medical services over the mobile Internet. In 2015, Das et al proposed a secure and robust user AKA scheme for hierarchical multi-medical server environment in TMIS, referred to as DAKA protocol, and claimed that their protocol is against all possible attacks. In this paper, we first analyze and show DAKA protocol is vulnerable to internal attacks, impersonation attacks and stolen smart card attack. Furthermore, DAKA protocol also cannot provide confidentiality. We then propose a lightweight pseudonym AKA protocol for multi-medical server architecture in TMIS (short for PAKA). Our PAKA protocol not only keeps good security features declared by DAKA protocol, but also truly provides patient's anonymity by using pseudonym to protect sensitive information from illegal interception. Besides, our PAKA protocol can realize authentication and key agreement with energy-saving, extremely low computation cost, communication cost and fewer storage resources in smart card, medical servers and physical servers. What's more, the PAKA protocol is proved secure against known possible attacks by using Burrows-Abadi-Needham (BAN) logic. As a result, these features make PAKA protocol is very suitable for computation-limited mobile device.

Keywords

multi-medical server; privacy-preserving; authentication; BAN logic;

Citations & Related Records

Times Cited By KSCI : 3 (Citation Analysis)

Reference
Cited By KSCI

1	N. Zhang, Y. Zang and J. Tian, "The integration of biometrics cryptography-A new solution for secure identity authentication," Journal of Cryptologic Research, vol.2, no.2, pp.156-176, 2015.
2	X. Li, J. Niu, S. Kumari. et al., "An enhancement of a smart card authentication scheme for multi-server architecture," Wireless Personal Communications, vol.80, no.1, pp.175-192, 2015. DOI
3	H. Kilinc and T. Yanik, "A survey of SIP authentication and key agreement schemes," IEEE Communications Surveys & Tutorials, vol.16, no.2, pp.1005-1023, 2014. DOI
4	A. S.Wander, N. Gura, H. Eberle, et al., "Energy analysis of public-key cryptography for wireless sensor networks," in Proc. of 3rd IEEE International Conference on Pervasive Computing and Communications, pp.324-328,March 8-12, 2005.
5	Y. Li, W. Chen, Z. Cai, et al., "CAKA: A novel certificateless-based cross domain authenticated key agreement protocol for wireless mesh networks," Wireless Networks, vol.22, no.8, pp.2523-2535, 2016. DOI
6	D. He, D.Wang, "Robust biometrics-based authentication scheme for multiserver environment," IEEE Systems Journal, vol. 9, no.3, pp. 816-823, 2015. DOI
7	V. Odelu, A. Das and A. Goswami, "A secure biometrics-based multi-server authentication protocol using smart cards," IEEE Transactions on Information Forensics and Security, vol. 10, no.9, pp. 1953-1966,2015. DOI
8	A. Reddy, A. Das, E. Yoon, et al., "An anonymous authentication with key-agreement protocol for multi-Server architecture based on biometrics and smartcards," KSII Transactions on Internet & Information Systems, vol. 10, no.7, pp. 3371-3396, 2016. DOI
9	Lee, Hanwook, et al., "Forward anonymity-preserving secure remote authentication scheme," KSII Transactions on Internet & Information Systems ,vol. 10, no.3,pp. 1289-1310, 2016. DOI
10	Y. Lu, et al., "Robust ID-based mutual authentication and key agreement scheme preserving user anonymity in mobile networks," KSII Transactions on Internet & Information Systems, vol. 10, no.3, pp. 1273-1288, March 31, 2016. DOI
11	X, Li , J, Niu, K ,M.K ,et al., " Robust biometrics based three-factor remote user authentication scheme with key agreement," in Proc. of IEEE Int. Symp. Biometr. Security Technologies, pp. 105-110, July 2-5, 2013.
12	R. Amin and G. Biswas, "A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS," Journal of Medical Systems, vol. 39, no.3, pp. 1-17, 2015. DOI
13	A. Das, V. Odelu and A. Goswami, "A secure and robust user authenticated key agreement scheme for hierarchical multi-medical server environment in TMIS," Journal of Medical Systems, vol. 39, no.9, pp. 1-24, 2015. DOI
14	E. Dawson, J. Lopez, et al., "BAAI: Biometric authentication and authorization infrastructure," in Proc. of IEEE Int. Conf. on Information Technology: Research and Education (ITRE), pp. 371-382, Aug.11-23, 2003.
15	D. He, S. Zeadally, N.Kumar, et al., "Anonymou s authentication for wireless body area networks with provable security," IEEE Systems Journal , vol.22, no.8, pp.1-12, 2016.
16	A. Makrushin, T. Scheidat and C. Vielhauer, "Improving reliability of biometric hash generation through the selection of dynamic handwriting features," Transactions on Data Hiding and Multimedia Security VIII. Springer Berlin Heidelberg, pp. 19-41, 2012.
17	Q. Zhang, Y. Yin, et al., "A novel serial multimodal biometrics framework based on semi-supervised learning techniques," in Proc. of IEEE Trans. Inf. Forensics Security, vol. 9, no.10, pp. 1681-1694, 2014. DOI
18	M. A. Pathak, B. Raj, S. D. Rane et al., "Privacy-preserving speech processing: cryptographic and string-matching frameworks show promise," IEEE Signal Process Magazine, pp. 62-74, vol. 30, no.2, 2013. DOI
19	Y. Wang, "Password protected smart card and memory stick authentication against off-line dictionary attacks," in Proc. of 27th Information Security and Privacy Conference,Greece, pp. 489-500, June 4-6,2012.
20	D. He, D. Wang."Robust biometrics-based authentication scheme for multi-server environment," IEEE Systems Journal, vol. 9, no. 3, pp. 816-823, 2015. DOI
21	D. He, N. Kumar, H. Shen, et al., "One-to-many authentication for access control in mobile pay-TV Systems," Science China-Information Sciences, vol. 59, no. 5, pp. 1-14, 2016.
22	R. Pippal, C. Jaidhar and S. Tapaswi, "Robust smart card authentication scheme for multi-server architecture," Wireless Personal Communications, vol.72, no.1, pp.729-745, 2013. DOI
23	N. Huyen,M. Jo,T. Nguyen,et al., "A beneficial analysis of deployment knowledge for key distribu -tion in wireless sensor networks," Security and Communication Networks, vol.5, no.5 pp.485-495, 2012. DOI
24	J. Wei, X. Hu and W. Liu, "An improved authentication scheme for telecare medicine information systems," Journal of Medical Systems, vol. 36, no.6, pp. 3597-3604, 2012. DOI
25	D. Florencio and C. Herley, "A large-scale study of web password habits," in Proc. of the 16th International Conference on World Wide Web. pp. 657-666, May 8-12, 2007.
26	Z. Y. Wu, Y. C. Lee, F. P. Lai, et al., "A secure authentication scheme for telecare medicine information systems," Journal of Medical Systems, vol.36, no.3, pp.1529-1535, 2012. DOI
27	D. He, J .Cao and R .Zhang, "A more secure authentication scheme for telecare medicine information systems," Journal of Medical Systems, vol.36, no.3, pp.1989-1995, 2012. DOI
28	Z. Zhu, "An efficient authentication scheme for telecare medicine information systems," Journal of Medical Systems, vol. 36, no.6, pp. 3833-3838, 2012. DOI
29	T.F. Lee, I.P. Chang, T. H. Lin, et al., "A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system," Journal of Medical Systems, vol. 37, no.3, pp. 3867-3872, 2012.
30	Z. Tan, "An efficient biometrics-based authentication scheme for telecare medicine information systems," Przeglad Elektrotechniczny, vol. 89, no.5, pp.200-204, 2013.
31	X. Yan, W. Li, P. Li, et al., "A secure biometrics-based authentication scheme for telecare medicine information systems," Journal of Medical Systems, vol. 37, no.5, pp. 1-6, 2013.
32	D. Mishra, A. Das and S. Mukhopadhyay, "A secure user anonymity preserving biometric-based multi-server authenticated key agreement scheme using smart cards," Expert Systems with Applications, vol. 41, no.18, pp. 8129-8143, 2014. DOI

6	(2017) Journal of Internet Computing and Services A Trusted Sharing Model for Patient Records based on Permissioned Blockchain / 18 (6) , 75
6	(2017) Journal of Internet Computing and Services A Trusted Sharing Model for Patient Records based on Permissioned Blockchain / 18 (6) , 75