Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Issue 135 (October 2016)
- Record Type:
- Journal Article
- Title:
- Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Issue 135 (October 2016)
- Main Title:
- Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems
- Authors:
- Sutrala, Anil Kumar
Das, Ashok Kumar
Odelu, Vanga
Wazid, Mohammad
Kumari, Saru - Abstract:
- Highlights: A new RSA-based user authentication scheme for TMIS is proposed to withstand the security pitfalls of Amin–Biswas's scheme. The proposed scheme provides better security than other existing schemes. Further, formal security verification of our scheme using widely-accepted AVISPA tool shows that the scheme is secure. High security and extra features make our scheme very suitable for TMIS in e-healthcare medical applications. Abstract: Background and objectives: Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Methods: Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin–Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed,Highlights: A new RSA-based user authentication scheme for TMIS is proposed to withstand the security pitfalls of Amin–Biswas's scheme. The proposed scheme provides better security than other existing schemes. Further, formal security verification of our scheme using widely-accepted AVISPA tool shows that the scheme is secure. High security and extra features make our scheme very suitable for TMIS in e-healthcare medical applications. Abstract: Background and objectives: Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Methods: Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin–Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin–Biswas's scheme and also preserves user anonymity property. Results: The careful formal security analysis using the two widely accepted Burrows–Abadi–Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin–Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. Conclusions: We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin–Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security verification of our scheme using the widely accepted AVISPA tool. High security and extra functionality features allow our proposed scheme to be applicable for telecare medicine information systems which is used for e-health care medical applications. … (more)
- Is Part Of:
- Computer methods and programs in biomedicine. Issue 135(2016)
- Journal:
- Computer methods and programs in biomedicine
- Issue:
- Issue 135(2016)
- Issue Display:
- Volume 135, Issue 135 (2016)
- Year:
- 2016
- Volume:
- 135
- Issue:
- 135
- Issue Sort Value:
- 2016-0135-0135-0000
- Page Start:
- 167
- Page End:
- 185
- Publication Date:
- 2016-10
- Subjects:
- Telecare medicine information systems -- Authentication -- User anonymity -- BAN logic -- AVISPA -- Security
Medicine -- Computer programs -- Periodicals
Biology -- Computer programs -- Periodicals
Computers -- Periodicals
Medicine -- Periodicals
Médecine -- Logiciels -- Périodiques
Biologie -- Logiciels -- Périodiques
Biology -- Computer programs
Medicine -- Computer programs
Periodicals
Electronic journals
610.28 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01692607 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cmpb.2016.07.028 ↗
- Languages:
- English
- ISSNs:
- 0169-2607
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.095000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 1650.xml