Cryptanalysis of Critical Security Mechanism designed for Hierarchical Multi-medical Server in TMIS Environment

  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract

    The rapid advancement of pervasive computing, nano-technology and wearable systems, given rise to low-power internet based systems in elimination of distance complications by application of ‘The telecare medicine information system (TMIS)’, which consists of sensor, medical server and physician servers to sense human biological readings and monitor the health condition of the patients. Due to the association of patient crucial data, and transferring it over an insecure and public communication channel, there is a critical prerequisite for patient authentication, data integrity and data privacy. In this context many researchers had proposed various schemes for user authentication and secure data transmission over TMIS. Recently A.K.Das et al proposed a three-factor user authentication and key agreement protocol for TMIS and claimed that the proposed protocol is efficient, secure and lightweight. We review their scheme for resistance to well-known cryptographic attacks. Though A.K.Das et al scheme resists major cryptographic attacks, after in-depth analysis, we demonstrate that their scheme has security pitfalls such as failure to resist replay attack, known session-specific temporary information attack,and failure to resist stolen-verifier attack.



  • Keywords

    Telecare medicine information systems, Authentication, Biometrics, Smart cards, Healthcare, Privacy, Key agreement, Multi-medical servers

  • References

      [1] Z.Y.Wu, Y.C.Lee, F.Lai, H.C. Lee, and Y.Chung, ‘A secure authentication scheme for telecare medicine information systems’, springer Journal of Medical Systems, vol 36, pp:1529–1535, 2012.

      [2] C.Guo, and C.C.Chang, Chaotic maps-based passwordauthenticated key agreement using smart cards.Elsevier journal of Communications in Nonlinear Science and Numerical Simulation,vol 18, pp:1433–1440, 2013.

      [3] R.Amin, and G.P.Biswas, A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usablein TMIS. J. Med. Syst. vol 39,. pp : 1–17, 2015.

      [4] R.Amin and G.P.Biswas,A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity,J Med Syst, Aug 2015.

      [5] A.K.Das, V.Odelu and A.Goswami, A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS,J Med Syst, vol 39, 2015.

      [6] J.Srinivas, D.Mishra and S.Mukhopadhyay, 'A Mutual Authentication Framework for Wireless Medical Sensor Networks',J Med Syst, pp:41:80, 2017.

      [7] S.Challaa,A.K.Das,V.Odelu, N.Kumar,S.Kumari,M.K.Khane and A.V.Vasilakos, 'An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks',Elsevier journal of Computers and Electrical Engineering, pp:1–21,2017.

      [8] D.He, J. Chen, and R. Zhang, ‘A more secure authentication scheme fortelecare medicine information systems’, springer journal of medical systems, vol 36, pp: 1989–1995, 2012.

      [9] T.F.Lee, An Efficient Chaotic Maps-Based Authentication and Key Agreement Scheme Using Smartcards for Telecare Medicine Information Systems,springer journal of Med Syst, vol 37, 2013.

      [10] Jiang, Q., Ma, J., Lu, X., Tian, Y., Robust chaotic map-basedauthentication and key agreement scheme with strong anonymityfor telecare medicine information systems. J. Med. Syst. 2014.

      [11] D.Mishra,J.Srinivas and S.Mukhopadhyay,A Secure and Efficient Chaotic Map-Based Authenticated Key Agreement Scheme for Telecare Medicine Information Systems,Journal of Medical Systems, vol 38, Oct 2014.

      [12] R.Amin,SK HafizulIslam,G.P.Biswas,M.K.Khan and N.Kumar,A robust and anonymous patient monitoring system using wireless medical sensor networks,Vol 80, Pages 483-495, March 2018.

      [13] A.K.Awasthi, and K. Srivastava, 'A biometric authentication scheme for telecare medicine information systems with nonce', springer jurnal of medical systems, vol 37, Oct 2013.

      [14] N.Ravanbakhsh and M.Nazari,An efficient improvement remote user mutual authentication and session key agreement scheme for E-health care systems,Multimedia Tools and Applications,vol 77, pp 55–88,Jan 2018.

      [15] Hongtao Li,Feng Guo,Wenyin Zhang,Jie Wang and Jinsheng Xing, (a,k)- Anonymous Scheme for Privacy-Preserving Data Collection in IoT-based Healthcare Services Systems,Journal of Medical Systems,vol 42, 2018.

      [16] S.A.Chaudhry, M.T.Khan, M.K.Khan, and T.Shon, 'A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography',springer Journal of Medical Systems, vol 40, pp: 230-243, Nov 2016.

      [17] C.T.Li,C.Y.Weng, and C.C.Lee, 'A secure RFID tag authentication protocol with privacy preserving in telecare medicine information system', springer Journal of Medical Systems, vol 39, pp: 1–8, 2015.

      [18] M.Benssalah,M.Djeddou and K.DroPiche, 'Security Analysis and Enhancement of the Most Recent RFID Authentication Protocol for Telecare Medicine Information System', springer journal of Wireless Personal Communications pp: 6221–6238, vol 96, Oct 2017.

      [19] H.Lai, M.Luo,Z.Qu,F.Xiao, and M.A.Orgun, 'A Hybrid Quantum Key Distribution Protocol for Tele-care Medicine Information Systems', Volume 98, pp 929–943,Jan 2018.

      [20] Xie Q, Tang Z, Chen K. Cryptanalysis and improvement on anonymous three-factor authentication scheme for mobile networks. Comput Electr Eng 2017;59:218–30.

      1. Wander, N. Gura, H. Eberle, V. Gupta, and S. Shantz, “Energy analysis of public-key cryptography for wireless sensor networks,” inThird IEEE International Conference on Pervasive Computing and Communications (PerCom), March 2005, pp. 324–328

      [21] V.Odelu,A.K.Das, and A.Goswami, 'An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card', Elsevier journal of Journal of Information Security and Applications, vol 21, pp: 1-19, 2015.

      [22] N.Druml,M.Menghin,A.Kuleta,C.Steger,R.Weiss,'A Flexible and Lightweight ECC-Based Authentication Solution for Resource Constrained Systems',17th Euromicro Conference on Digital System Design,2014.Italy.

      [23] M.Sarvabhatla,and C.S.Vorugunti, 'A Secure Biometric-Based User Authentication Scheme for Heterogeneous WSN',2014 Fourth International Conference of Emerging Applications of Information Technology, ISI-Kolkatta, 2015.

      [24] Q.Cheng,X.Zhang and J.Ma, 'ICASME: An Improved Cloud-Based Authentication Scheme for Medical Environment', pp:41-44,March 2017.

      [25] S.I. Chu,Y.J.Huang and W.C.Lin, ‘Authentication Protocol Design and Low-Cost Key Encryption Function Implementation for Wireless Sensor Networks’,IEEE SYSTEMS JOURNAL, Vol 11, Dec 2017.

      [26] S.Kumari,X.Li,F.Wu,A.K.Das,H.Arshad, and M.K.Khan, 'A User Friendly Mutual Authentication and Key Agreement Scheme for Wireless Sensor Networks using Chaotic Maps', Vol 63, PP : 56-75, oct 2016.

      [27] V.Odelu, S.Banerjee, A.K.Das, S.Chattopadhyay, S.Kumari,X.Li and A.Goswami, 'A Secure Anonymity Preserving Authentication Scheme for Roaming Service in Global Mobility Networks',springe journal of Wireless Personal Communications, vol 96, pp: 2351–2387,sep 2017.

      [28] V.C.Sekhar, M.Bharavi, A.Ruhul, P.B.Rakesh, and S.Mrudula, 'Improving Security of Lightweight Authentication Technique for Heterogeneous Wireless Sensor Networks',springer journal of Wireless Personal Communications, pp:1–26,2017.

      [29] X.Li,F.Wu,M.K.Khan,L.Xu,J.Shen and M.Jo, 'A Secure Chaotic Map-based Remote Authentication Scheme for Telecare Medicine Information Systems.',elsevier journal of Future Generation Computer Systems, Aug 2017.

      [30] A.Chaturvedi, D.Mishra, S.Jangirala and S.Mukhopadhyay, 'A privacy preserving biometric-based threefactor remote user authenticated key agreement scheme.',Elsevier Journal of Information Security.




Article ID: 30920
DOI: 10.14419/ijet.v7i4.6.30920

Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.