Abstract
The medical organizations have introduced Telecare Medical Information System (TMIS) to provide a reliable facility by which a patient who is unable to go to a doctor in critical or urgent period, can communicate to a doctor through a medical server via internet from home. An authentication mechanism is needed in TMIS to hide the secret information of both parties, namely a server and a patient. Recent research includes patient’s biometric information as well as password to design a remote user authentication scheme that enhances the security level. In a single server environment, one server is responsible for providing services to all the authorized remote patients. However, the problem arises if a patient wishes to access several branch servers, he/she needs to register to the branch servers individually. In 2014, Chuang and Chen proposed an remote user authentication scheme for multi-server environment. In this paper, we have shown that in their scheme, an non-register adversary can successfully logged-in into the system as a valid patient. To resist the weaknesses, we have proposed an authentication scheme for TMIS in multi-server environment where the patients can register to a root telecare server called registration center (RC) in one time to get services from all the telecare branch servers through their registered smart card. Security analysis and comparison shows that our proposed scheme provides better security with low computational and communication cost.
Similar content being viewed by others
References
Lamport, L., Password authentication with insecure communication. Commun. ACM 24(11):770–772, 1981.
Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.
Debiao, H., Jianhua, C., Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.
Pu, Q., Wang, J., Zhao, R., Strong authentication scheme for telecare medicine information systems. J. Med. Syst. 36(4):2609–2619, 2012.
Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012.
Muhammad, K.K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):1–12, 2013.
Lee, T.-F., and Liu, C.-M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3):1–8, 2013.
Das, A., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.
Chen, H.-M., Lo, J.-W., Yeh, C.-K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.
Qi, J., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):1–8, 2013.
Qi, X., Zhang, J., Na, D., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–8, 2013.
Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–7, 2013.
Chang, Y.-F., Yu, S.-H., Shiao, D.-R., A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(2):1–9, 2013.
Das, A.K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.
Awasthi, A., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):1–4, 2013.
Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3):1–9, 2014.
Yang, D., and Yang, B. A biometric password-based multi-server authentication scheme with smart card.InComputer Design and Applications (ICCDA), 2010 International Conference on. Vol. 5, pp. 554–559, 2010.
Sood, S.K., Sarje, A.K., Singh, K., A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2):609–618, 2011.
Wang, B., and Ma, M., A smart card based efficient and secured multi-server authentication scheme. Wirel. Pers. Commun. 68(2):361–378, 2013.
He, D., and Wu, S., Security flaws in a smart card based authentication scheme for multi-server environment. Wirel. Pers. Commun. 70(1):323–329, 2013.
He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. Syst J. IEEE PP(99):1–8, 2014.
Chuang, M.-C., and Chen, M.C., An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst. Appl. 41(4, Part 1):1411–1418, 2014.
Jain, A.K., Flynn, P., Arun, A.R. Handbook of Biometrics. New York: Springer-Verlag, 2007. Inc., Secaucus, NJ,USA.
Alfred, C., Weaver. Biometric authentication. Computer 39 (2):96–97, 2006.
Kocher, P., Jaffe, J., Jun, B. Differential power analysis.In Advances in Cryptology CRYPTO 99, volume 1666 of lecture notes in computer science, pp. 388–397, 1999.
Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Behrouz, A. Forouzan and Debdeep Mukhopadhyay. Cryptography and Network Security 2/e. Tata-McGraw Hill, TMH: 2nd edition, 2010.
Das, A.K., Sharma, P., Chatterjee, S., Sing, J.K., A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. J. Netw. Comput. Appl. 35(5):1646–1656, 2012.
Palash Sarkar, A simple and generic construction of authenticated encryption with associated data. ACM Trans. Inf. Syst. Secur. 13(4:article no.33):1–16, 2010.
Potlapally, N.R., Ravi, S., Raghunathan, A, Jha, N.K., A study of the energy consumption characteristics of cryptographic algorithms and security protocols. Mob. Comput. IEEE Trans. 5(2):128–143, 2006.
Menezes, A.J., Vanstone, S.A., Paul, C. Van Oorschot. Handbook of Applied Cryptography: 1st edition, 1996. Boca Raton, FL, USA.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Patient Facing Systems
Rights and permissions
About this article
Cite this article
Maitra, T., Giri, D. An Efficient Biometric and Password-Based Remote User Authentication using Smart Card for Telecare Medical Information Systems in Multi-Server Environment. J Med Syst 38, 142 (2014). https://doi.org/10.1007/s10916-014-0142-x
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-014-0142-x