Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

Xuanang Li,Zhiming Zheng,Xiao Zhang

DOI: https://doi.org/10.1109/ngmast.2015.75

2015-01-01

Abstract:Telecare Medicine Information System enables patients to get healthcare services at home expediently and efficiently. Authentication and key agreement protocol suited for TMIS protect patient's privacy via the unsecure network. Recently, numerous protocols have been proposed intend to safeguard the communication between patients and server. However, most of them have high computation overhead and security problems. In this paper, we aim to propose a secure and effective authentication and key agreement protocol using smartcard and password for TMIS. The protocol is based on elliptic curve cryptography. Through security analysis we illustrate that our protocol is secure to resist some known attacks and provide user anonymity. Furthermore, by comparing with other related protocols we show our protocol is superior in security and performance aspects.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Hui Qiao,Xuewen Dong,Yulong Shen

DOI: https://doi.org/10.1007/s10916-019-1442-y

IF: 4.92

2019-10-07

Journal of Medical Systems

Abstract:The technology of Internet of Things (IoT) has appealed to both professionals and the general public to its convenience and flexibility. As a crucial application of IoT, telecare medicine information system (TMIS) provides people a high quality of life and advanced level of medical service. In TMIS, smart card-based authenticated key agreement schemes for multi-server architectures have gathered momentum and positive impetus due to the conventional bound of a single server. However, we demonstrate that most of the protocols in the literatures can not implement strong security features in TMIS, such as Lee et al.'s and Shu's scheme. They store the identity information directly, which fail to provide strong anonymity and suffer from password guessing attack. Then we propose an extended authenticated key agreement scheme (short for AKAS) with strong anonymity for multi-server environment in TMIS, by enhancing the security of the correlation parameters stored in the smart cards and calculating patients' dynamic identities. Furthermore, the proposed chaotic map-based scheme provides privacy protection and is formally proved under Burrows-Abadi-Needham (BAN) logic. At the same, the informal security analysis attests that the AKAS scheme not only could resist the multifarious security attacks but also improve efficiency by 21% compared with Lee et al.'s and Shu's scheme.

health care sciences & services,medical informatics

Chen Yulei,Chen Jianhua

DOI: https://doi.org/10.1007/s12083-021-01260-w

IF: 3.488

2021-01-01

Peer-to-Peer Networking and Applications

Abstract:Telecare medicine information system (TMIS) is developing rapidly and widely used with the support of computer, communication and other advanced technologies. It can ensure the health of residents, improve the shortage of medical resources, and has broad development prospects. To protect the privacy and life safety of patients, and prevent sensitive medical data from being accessed or even tampered by unauthorized parties, identity authentication protocol is widely applied in TMIS. In this paper, we propose an anonymous authentication and key agreement scheme using elliptic curve cryptography (ECC), which uses temporary identities to protect the privacy of patients. We use the well-known formal method under the random oracle (RO) model to prove the security of the scheme, and use the traditional heuristic discussion to prove that our scheme can resist all kinds of known attacks. Additionally, the results of security and performance analysis show that our scheme has less computation complexity and communication overhead, and can be well applied to the telecare medicine information system.

Yulei Chen,Jianhua Chen

DOI: https://doi.org/10.1007/s11042-022-14007-3

IF: 2.577

2022-01-01

Multimedia Tools and Applications

Abstract:Telecare Medicine Information System (TMIS) refers to a medical model that uses communication and information technology to realize multiple medical functions such as remote disease diagnosis, treatment, and health care. Because TMIS is carried out on an insecure public Internet, a large number of mutual authentication and key agreement protocols for TMIS have been proposed to protect the privacy of patients. Recently, Ostad-Sharif et al. proposed a novel anonymous authentication and key agreement scheme for TMIS. In this work, we will demonstrate that Ostad-Sharif et al.'s scheme exists the problems of strong authentication and inefficient password change, and it cannot resist the off-line password guessing attack. To overcome the weaknesses found in Ostad-Sharif et al.'s scheme, we propose a biometrics-based mutual authentication and key agreement protocol for TMIS, making full use of the advantages of one-way hash function and elliptic curve cryptosystem (ECC). The security of the proposed scheme is formally proved under the widely used random oracle model (ROM), and various known malicious attack resistances also are presented by the heuristic discussion. Compared with the existing related schemes, the computation cost and communication overhead of our scheme are reduced by 74.5% and 27.3% respectively.

Wenming Wang,Haiping Huang,Fu Xiao,Qi Li,Lingyan Xue,Jiansheng Jiang

DOI: https://doi.org/10.1016/j.sysarc.2021.102215

IF: 5.836

2021-09-01

Journal of Systems Architecture

Abstract:<p>Smart healthcare plays an important role in contemporary society while its security and privacy issues remain inevitable challenges. Authenticated key agreement (AKA) mechanism, as the foundation of secure communication, has been recognized as an important measure for solving this problem. Most existing AKA protocols utilize cloud-based centralized architecture, data privacy and security can be exposed easily once the centralized authority is attacked. In addition, most past solutions require the online registration center to assist mutual authentication and consume considerable amounts of resources. To address these drawbacks, a computation-transferable authenticated key agreement protocol without an online registration center for smart healthcare is designed. Specifically, the proposed protocol can realize mutual authentication and key agreement without the need for an online registration center, as well as being able to satisfy security and privacy protection requirements. By transferring partial computation tasks to the server, the proposed scheme incurs lower computation and communication overhead on the user side. Moreover, the proposed scheme adopts certificateless public key cryptography, which can solve the problems of certificate management and key escrow. Performance analysis indicates that the proposal reduces 9.9% of the computation overhead on the resource-limited terminal, which is suitable for low-power IoT applications, including smart healthcare.</p>

computer science, software engineering, hardware & architecture

Mingping Qi,Jianhua Chen,Yitao Chen

DOI: https://doi.org/10.1016/j.cmpb.2018.07.008

IF: 6.1

2018-01-01

Computer Methods and Programs in Biomedicine

Abstract:BACKGROUND AND OBJECTIVES:Telecare Medicine Information System (TMIS) enables physicians to efficiently and conveniently make certain diagnoses and medical treatment for patients over the insecure public Internet. To ensure patients securely access to medicinal services, many authentication schemes have been proposed. Although numerous cryptographic authentication schemes for TMIS have been proposed with the aim to ensure data security, user privacy and authentication, various forms of attacks make these schemes impractical.METHODS:To design a truly secure and practical authentication scheme for TMIS, a new biometrics-based authentication key exchange protocol for multi-server TMIS without sharing the system private key with distributed servers is presented in this work.RESULTS:Our proposed protocol has perfect security features including mutual authentication, user anonymity, perfect forward secrecy and resisting various well-known attacks, and these security feathers are confirmed by the BAN logic and heuristic cryptanalysis, respectively.CONCLUSIONS:A secure biometrics-based authentication key exchange protocol for multi-server TMIS is presented in this work, which has perfect security properties including perfect forward secrecy, supporting user anonymity, etc., and can withstand various attacks such as impersonation attack, off-line password guessing attack, etc.. Considering security is the most important factor for an authentication scheme, so our scheme is more suitable for multi-server TMIS.

Chun-Ta Li,Dong-Her Shih,Chun-Cheng Wang

DOI: https://doi.org/10.1016/j.cmpb.2018.02.002

Abstract:Background and objective: With the rapid development of wireless communication technologies and the growing prevalence of smart devices, telecare medical information system (TMIS) allows patients to receive medical treatments from the doctors via Internet technology without visiting hospitals in person. By adopting mobile device, cloud-assisted platform and wireless body area network, the patients can collect their physiological conditions and upload them to medical cloud via their mobile devices, enabling caregivers or doctors to provide patients with appropriate treatments at anytime and anywhere. In order to protect the medical privacy of the patient and guarantee reliability of the system, before accessing the TMIS, all system participants must be authenticated. Methods: Mohit et al. recently suggested a lightweight authentication protocol for cloud-based health care system. They claimed their protocol ensures resilience of all well-known security attacks and has several important features such as mutual authentication and patient anonymity. In this paper, we demonstrate that Mohit et al.'s authentication protocol has various security flaws and we further introduce an enhanced version of their protocol for cloud-assisted TMIS, which can ensure patient anonymity and patient unlinkability and prevent the security threats of report revelation and report forgery attacks. Results: The security analysis proves that our enhanced protocol is secure against various known attacks as well as found in Mohit et al.'s protocol. Compared with existing related protocols, our enhanced protocol keeps the merits of all desirable security requirements and also maintains the efficiency in terms of computation costs for cloud-assisted TMIS. Conclusions: We propose a more secure mutual authentication and privacy preservation protocol for cloud-assisted TMIS, which fixes the mentioned security weaknesses found in Mohit et al.'s protocol. According to our analysis, our authentication protocol satisfies most functionality features for privacy preservation and effectively cope with cloud-assisted TMIS with better efficiency.

Xiong Li,Fan Wu,Muhammad Khurram Khan,Lili Xu,Jian Shen,Minho Jo

DOI: https://doi.org/10.1016/j.future.2017.08.029

2018-01-01

Abstract:As a kind of e-health notion, telemedicine employs telecommunication and information technologies to provide remote clinical health care. Telecare medicine information system (TMIS) is a widely used application nowadays. Through the services provided by such e-health systems, doctors can obtain the variation of patients’ conditions and make treatments quickly and accordingly. Recently, researchers have employed the Chebyshev chaotic maps in the authentication process of TMISs. Unfortunately, many kinds of security weaknesses such as off-line guessing attack, destitution of user anonymity and session key agreement happen in relative work. To overcome the disadvantages, we propose a secure remote authentication scheme employing the chaotic maps. We use the formal proof under random oracle model, and the famous verification tool Proverif to prove the security of the proposed scheme. Besides, informal analysis including ten security properties and performance comparison are shown to supplement the security properties. From the formal proof, we can see that the attacker has a negligible probability to crack the scheme over the active guessing attack. The formal verification demonstrates that our scheme can resist the attackers simulated by the tool Proverif. Moreover, we compare our scheme with several recent schemes, and the comparison results show that our scheme reaches the level of security requirements and also has suitable cost in performance. Thus, it is more applicable to telecare medicineenvironments.

Hu Xiong,Junyi Tao,Yanan Chen

DOI: https://doi.org/10.1007/s10916-016-0590-6

IF: 4.92

2016-01-01

Journal of Medical Systems

Abstract:Nowadays people can get many services including health-care services from distributed information systems remotely via public network. By considering that these systems are built on public network, they are vulnerable to many malicious attacks. Hence it is necessary to introduce an effective mechanism to protect both users and severs. Recently many two-factor authentication schemes have been proposed to achieve this goal. In 2016, Li et al. demonstrated that Lee et al.’s scheme was not satisfactory to be deployed in practice because of its security weaknesses and then proposed a security enhanced scheme to overcome these drawbacks. In this paper, we analyze Li et al.’s scheme is still not satisfactory to be applied in telecare medicine information systems (TMIS) because it fails to withstand off-line dictionary attack and known session-specific temporary information attack. Moreover, their scheme cannot provide card revocation services for lost smart card. In order to solve these security problems, we propose an improved scheme. Then we analyze our scheme by using BAN-logic model and compare the improved scheme with related schemes to prove that our scheme is advantageous to be applied in practice.

Mohammad Wazid,Ashok Kumar Das,Saru Kumari,Xiong Li,Fan Wu

DOI: https://doi.org/10.1002/sec.1452

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Several remote user authentication techniques for telecare medicine information system (TMIS) have been proposed in the literature. But most existing techniques have limitations such as vulnerable to various attacks, lack of functionalities, and inefficiency. Recently, Amin and Biswas proposed a three-factor authentication and key agreement technique for TMIS. But their scheme is inefficient and has several security drawbacks. The attacks such as privileged-insider, user impersonation, and strong reply attacks are possible on their scheme. It also has flaw in password update phase. In order to overcome drawbacks of their scheme, a new provably secure and efficient three-factor remote user authentication scheme for TMIS is proposed in this paper. The proposed scheme overcomes all drawbacks of their scheme and also provides additional features such as user unlinkability, user anonymity, efficient password, and biometric update. The rigorous informal and formal security analysis using random oracle models and the mostly acceptable Automated Validation of Internet Security Protocols and Applications tool is also performed. During the experimentation, it has been observed that the proposed scheme is secure against various known attacks that include replay and man-in-the-middle attacks. Furthermore, the analysis of computation and communication cost estimation of the proposed scheme depicts that our scheme is efficient as compared with other related exiting schemes. Copyright (c) 2016 John Wiley & Sons, Ltd.

Wenmin Li,Shuo Zhang,Qi Su,Qiaoyan Wen,Yang Chen

DOI: https://doi.org/10.1155/2018/8131367

2018-01-01

Abstract:Telecare medical information systems (TMIS) enable patients to access healthcare delivery services conveniently. With the explosive development occurring in cloud computing and services, storage of personal medical and health information outsourcing to cloud infrastructure has been a potential alternative. However, this has entailed many considerable security and privacy issues. In order to address the security loopholes, we propose a promising solution satisfying the requirements of cloud computing scenarios for telemedical systems. The proposed scheme could provide both data confidentiality and message authenticity while preserving anonymity. Furthermore, the formal security proof demonstrates that the proposed scheme is resistant to various attacks. The performance comparisons show the proposal's workability and it is well suited to adoption in telemedical services.

Tian Liu,Xuchong Liu,Xiong Li,Ruhul Amin,Wei Liang,Meng-Yen Hsieh

DOI: https://doi.org/10.1080/09540091.2021.1901072

2021-01-01

Connection Science

Abstract:The application of Telecare Medical Information System (TMIS) facilitates the patients to access medical information through insecure networks. Since the medical data for the patient is highly sensitive, it is very important to ensure data integrity, confidentiality along with authentication on insecure channel. This paper presents an architecture for e-healthcare using TMIS system which integrates cloud servers to provide the registered patients with stored medical information. A secure authentication protocol is proposed by us where the mobile devices are used to ensure secure communication between the participants. The proposed protocol contributes a platform, which renders a direct communication between the doctor and the patient. To proof authenticity and session key negotiation between the medical server and the patient, the BAN logic has been employed in our paper. Furthermore, the cryptanalysis confirms that the proposed protocol is empowered to resist most known attacks.

Yu Zheng,Dake He,Xiaohu Tang,Hongxia Wang

DOI: https://doi.org/10.1109/ICICS.2005.1689196

2005-01-01

Abstract:Future 4G mobile communication networks are expected to provide all IP-based services for heterogeneous wireless access technologies. Security service for mobile user as a major challenge in developing such 4G networks becomes more complicated to handle. Since the mobile equipment (ME) becomes ever more powerful but still remain open to possible attacks, the neglect of the security of ME in developing traditional security scheme for mobile networks will remain many risks in the coming 4G systems. In this paper we associate trusted computing (TC) with PKI to provide a considerable robust platform for user's access to sensitive service and data in the scenario of 4G systems. Then over the trusted mobile platform (TMP) we present an hybrid AKA (authentication and key agreement) and authorization scheme, in which password is in combination with fingerprint as well as public key to achieve mutual authentication among user/ME/USIM (universal subscriber identity module) and that among user/AN (accessed network)/HE (home environment). Compared with other AKA for future mobile networks and 3G AKA, our scheme with well scalability and acceptable efficiency is more robust and secure to resist potential attacks on/from ME and attacks in heterogeneous network infrastructure

Yihao Hu,Chunguang Huang,Hai Cheng

DOI: https://doi.org/10.1016/j.comcom.2024.02.020

IF: 5.047

2024-02-28

Computer Communications

Abstract:Smart healthcare overcomes the limitations of time and space, allowing users to access medical and health services anywhere and anytime, thus improving the quality and efficiency of these services. However, due to its excessive reliance on wireless public networks, smart healthcare faces challenges and issues related to communication security. As a result, authentication and key agreement are critical as the first line of defense for smart healthcare communications. Over the past few years, numerous authentication and key agreement schemes have been proposed by experts and scholars, but most of these schemes are not applicable to practical scenarios due to their lack of security and efficiency. To address these issues, we propose an elliptic curve-based certificateless conditional privacy-preserving authentication and key agreement scheme. This scheme does not require endorsement from a Certificate Authority (CA) and features lightweight and secure properties, making it suitable for resource-limited smart healthcare communication. In addition, the security of the proposed scheme is proven under the random oracle model, and its safety is supplemented using BAN logic. Finally, performance analysis reveals that the proposed scheme not only satisfies security property and can withstand general attacks but also offers certain advantages in communication efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Dharminder,Dheerendra Mishra,Xiong Li

DOI: https://doi.org/10.1007/s10916-019-1471-6

IF: 4.92

2019-01-01

Journal of Medical Systems

Abstract:Modern network technology yields new interface for telecare medicine information systems in short TMIS used for patient’s healthcare. This system is used to provide healthcare services to patients at their home. It can be observed, telecare medicine information systems generally suffer several attacks as information being transmitted over a public network. Therefore, various authentication and key agreement schemes are proposed for TMIS to ensure secure and authorized patients communication over given public network. However, most of the schemes fail to achieve essential attributes discussed in this article. Although the key attributes of security and efficiency should be achieved in a common framework. This paper proposes construction of an RSA based authentication scheme for authorized access to healthcare services and achieves desirable key attributes of authentication protocols. Proof of security against polynomial time adversary is given in the random oracle to justify the security of proposed scheme. Communication analysis and computation analysis of proposed scheme indicates that proposed scheme’s performance is comparable and having better security.

Ruhul Amin,SK Hafizul Islam,G. P. Biswas,Muhammad Khurram Khan,Xiong Li

DOI: https://doi.org/10.1007/s10916-015-0318-z

IF: 4.92

2015-01-01

Journal of Medical Systems

Abstract:The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.’s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.’s scheme and additionally achieves extra security requirements.

Hung-Ming Chen,Jung-Wen Lo,Chang-Kuo Yeh

DOI: https://doi.org/10.1007/s10916-012-9862-y

Abstract:The rapidly increased availability of always-on broadband telecommunication environments and lower-cost vital signs monitoring devices bring the advantages of telemedicine directly into the patient's home. Hence, the control of access to remote medical servers' resources has become a crucial challenge. A secure authentication scheme between the medical server and remote users is therefore needed to safeguard data integrity, confidentiality and to ensure availability. Recently, many authentication schemes that use low-cost mobile devices have been proposed to meet these requirements. In contrast to previous schemes, Khan et al. proposed a dynamic ID-based remote user authentication scheme that reduces computational complexity and includes features such as a provision for the revocation of lost or stolen smart cards and a time expiry check for the authentication process. However, Khan et al.'s scheme has some security drawbacks. To remedy theses, this study proposes an enhanced authentication scheme that overcomes the weaknesses inherent in Khan et al.'s scheme and demonstrated this scheme is more secure and robust for use in a telecare medical information system.

Jiliang Li,Zhou Su,Deke Guo,Kim-Kwang Raymond Choo,Yusheng Ji

DOI: https://doi.org/10.1109/jiot.2021.3055827

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Designing efficient and secure mutual authentication and key agreement (MAAKA) protocols for Internet of Medical Things (IoMT) has been shown to be challenging, mainly due to the different security and privacy requirements in complex settings. Existing schemes generally are subject to a number of limitations, ranging from performance to security issues. In this article, we introduce a provably secure and lightweight MAAKA (PSL-MAAKA) protocol for fully public channels in IoMT. First, the proposed scheme is lightweight since the major operations in the stage of authentication and key agreement are hash operation and XOR operation, respectively. Second, this article proves the security of the presented protocol taking the advantage of the random oracle model. Next, this article gives that security requirements in IoMT could be satisfied through our presented MAAKA protocol. Finally, we demonstrate that it enjoys optimal performance than other competing schemes, in terms of communication overhead, computation overhead, and storage overhead.