Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Yihao Hu,Chunguang Huang,Hai Cheng

DOI: https://doi.org/10.1016/j.comcom.2024.02.020

IF: 5.047

2024-02-28

Computer Communications

Abstract:Smart healthcare overcomes the limitations of time and space, allowing users to access medical and health services anywhere and anytime, thus improving the quality and efficiency of these services. However, due to its excessive reliance on wireless public networks, smart healthcare faces challenges and issues related to communication security. As a result, authentication and key agreement are critical as the first line of defense for smart healthcare communications. Over the past few years, numerous authentication and key agreement schemes have been proposed by experts and scholars, but most of these schemes are not applicable to practical scenarios due to their lack of security and efficiency. To address these issues, we propose an elliptic curve-based certificateless conditional privacy-preserving authentication and key agreement scheme. This scheme does not require endorsement from a Certificate Authority (CA) and features lightweight and secure properties, making it suitable for resource-limited smart healthcare communication. In addition, the security of the proposed scheme is proven under the random oracle model, and its safety is supplemented using BAN logic. Finally, performance analysis reveals that the proposed scheme not only satisfies security property and can withstand general attacks but also offers certain advantages in communication efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chengqi Wang,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1007/s11042-016-4198-0

IF: 2.577

2016-01-01

Multimedia Tools and Applications

Abstract:With the increase of security requirements, numerous biometrics based authentication schemes that apply the smart card technology are proposed for multimedia medicine information systems in the last several years. Recently, Lu et al. presented a biometrics based authentication and key agreement scheme using extended Chebyshev chaotic maps. Unfortunately, we find that their scheme is still insecure with respect to issues such as flaws in the both login phase and password change phase. And we show that their scheme is vulnerable to the Denial-of-Service attack, user impersonation attack and server masquerade attack, which also fails to achieve the user anonymity. In order to remedy these weaknesses, we retain the useful properties of Lu et al.’s scheme to propose a robust biometrics based authentication and key agreement scheme for multimedia medicine information systems. The informal and formal security analysis of our scheme are given respectively, which demonstrate that our scheme satisfies the desirable security requirements. Furthermore, the proposed scheme provides some significant features which are not considered in most of the related schemes, such as, biometric information protection and user re-registration or revocation. Thus, our scheme resists the known attacks and is efficient for practical applications in the multimedia medicine information systems.

Xuanang Li,Zhiming Zheng,Xiao Zhang

DOI: https://doi.org/10.1109/ngmast.2015.75

2015-01-01

Abstract:Telecare Medicine Information System enables patients to get healthcare services at home expediently and efficiently. Authentication and key agreement protocol suited for TMIS protect patient's privacy via the unsecure network. Recently, numerous protocols have been proposed intend to safeguard the communication between patients and server. However, most of them have high computation overhead and security problems. In this paper, we aim to propose a secure and effective authentication and key agreement protocol using smartcard and password for TMIS. The protocol is based on elliptic curve cryptography. Through security analysis we illustrate that our protocol is secure to resist some known attacks and provide user anonymity. Furthermore, by comparing with other related protocols we show our protocol is superior in security and performance aspects.

Lili Xu,Fan Wu

DOI: https://doi.org/10.1007/s10916-014-0179-x

Abstract:Nowadays, connected health care applications are used more and more in the world. Service through the applications can save the patients' time and expense, such as telecare medical information system (TMIS) and integrated electronic patient record (EPR) information system. In the applications, preserving patients' privacy, transmitting messages securely and keeping mutual authentication should all be paid attention. Many authentication schemes have been proposed to make a secure communicating environment. Recently Xie et al. showed that Wen's scheme was insecure because it was under the off-line password guessing attack and without user anonymity and forward security. They gave a new three-factor authentication scheme and claimed that it was secure. However, we find that Xie et al's scheme is vulnerable to the De-synchronization attack and the server has too much storage burden in the scheme. Then we present an improved scheme which overcomes the usual weaknesses and keeps ordinary security characters. Compared with recent schemes of the same kind, our scheme is secure and practical.

Li Yang,Zhiming Zheng

DOI: https://doi.org/10.1371/journal.pone.0194093

IF: 3.7

2018-01-01

PLoS ONE

Abstract:According to advancements in the wireless technologies, study of biometrics-based multi-server authenticated key agreement schemes has acquired a lot of momentum. Recently, Wang et al. presented a three-factor authentication protocol with key agreement and claimed that their scheme was resistant to several prominent attacks. Unfortunately, this paper indicates that their protocol is still vulnerable to the user impersonation attack, privileged insider attack and server spoofing attack. Furthermore, their protocol cannot provide the perfect forward secrecy. As a remedy of these aforementioned problems, we propose a biometrics-based authentication and key agreement scheme for multi-server environments. Compared with various related schemes, our protocol achieves the stronger security and provides more functionality properties. Besides, the proposed protocol shows the satisfactory performances in respect of storage requirement, communication overhead and computational cost. Thus, our protocol is suitable for expert systems and other multi-server architectures. Consequently, the proposed protocol is more appropriate in the distributed networks.

D. Teien,Michael P. Jones,T. Shiota,I. Yamada,D. Sahn

DOI: https://doi.org/10.1016/0735-1097(94)00338-Q

IF: 24

Journal of the American College of Cardiology

Abstract:

Hossen Asiful Mustafa,Hasan Muhammad Kafi

DOI: https://doi.org/10.48550/arXiv.1711.01198

2017-11-03

Abstract:Password security can no longer provide enough security in the area of remote user authentication. Considering this security drawback, researchers are trying to find solution with multifactor remote user authentication system. Recently, three factor remote user authentication using biometric and smart card has drawn a considerable attention of the researchers. However, most of the current proposed schemes have security flaws. They are vulnerable to attacks like user impersonation attack, server masquerading attack, password guessing attack, insider attack, denial of service attack, forgery attack, etc. Also, most of them are unable to provide mutual authentication, session key agreement and password, or smart card recovery system. Considering these drawbacks, we propose a secure three factor user authentication scheme using biometric and smart card. Through security analysis, we show that our proposed scheme can overcome drawbacks of existing systems and ensure high security in remote user authentication.

Cryptography and Security

Hui Qiao,Xuewen Dong,Yulong Shen

DOI: https://doi.org/10.1007/s10916-019-1442-y

IF: 4.92

2019-10-07

Journal of Medical Systems

Abstract:The technology of Internet of Things (IoT) has appealed to both professionals and the general public to its convenience and flexibility. As a crucial application of IoT, telecare medicine information system (TMIS) provides people a high quality of life and advanced level of medical service. In TMIS, smart card-based authenticated key agreement schemes for multi-server architectures have gathered momentum and positive impetus due to the conventional bound of a single server. However, we demonstrate that most of the protocols in the literatures can not implement strong security features in TMIS, such as Lee et al.'s and Shu's scheme. They store the identity information directly, which fail to provide strong anonymity and suffer from password guessing attack. Then we propose an extended authenticated key agreement scheme (short for AKAS) with strong anonymity for multi-server environment in TMIS, by enhancing the security of the correlation parameters stored in the smart cards and calculating patients' dynamic identities. Furthermore, the proposed chaotic map-based scheme provides privacy protection and is formally proved under Burrows-Abadi-Needham (BAN) logic. At the same, the informal security analysis attests that the AKAS scheme not only could resist the multifarious security attacks but also improve efficiency by 21% compared with Lee et al.'s and Shu's scheme.

health care sciences & services,medical informatics

Rajnish K. Gupta,Jérémy,Whelan,T. Lister,B. Young,J. Bodmer

DOI: https://doi.org/10.1182/BLOOD.V79.8.2084.2084

IF: 20.3

1992-04-15

Blood

Abstract:There have been conflicting reports about the occurrence of the t(14;18) chromosomal translocation in Hodgkin's disease. A polymerase chain reaction analysis of biopsy specimens from 21 patients with Hodgkin's disease (HD) has shown the presence of the t(14;18) translocation in four cases (20%). All four patients had nodular sclerosing HD. Direct sequencing of the amplified 14q+ junctions established that the BCL-2 (major breakpoint region) sequence was fused to an Ig joining region (JH) (J6 in all four cases). Different breakpoints were observed in each case but were similar in nature to the breakpoints described in follicular lymphoma. The exact nature and cell of origin in HD remains obscure, although the presence of the t(14;18) translocation may reflect either a B-cell origin in these cases or associated lymphoid hyperplasia.

Preeti Soni,Arup Kumar Pal,Sk Hafizul Islam,SK Hafizul Islam

DOI: https://doi.org/10.1016/j.cmpb.2019.105054

IF: 6.1

2019-12-01

Computer Methods and Programs in Biomedicine

Abstract:Background and Objective: Wireless sensor network-based remote health-care systems are becoming popular day by day with the rapid growth of Internet technologies and the proliferation of Internet-based application. A remote health-care system always demands a flexible and secure mechanism since any misuse of health-care related data leads to the risk of a patient's life. To make patient-related information more secure, we further consider that the patient related all the communication must be anonymous and untraceable to prevent traffic analysis. This particular approach makes the healthcare system more secure and suitable for real-time scenario.Methods: Recently, a three-factor mutual authentication for in wireless sensor networks (WSNs) is suggested by Challa et al. to deal with the security of the remote health-care system. They believe that their scheme is suitable and ensure the security of the remote health-care system. However, the authors of this article have found that their scheme suffers from sensor node capture attack; user identity reveals attack, session key leak attack, and message modification attack. Further, their scheme designs improper user revocation phase and re-registration phase, which produces the risk of illegal use of smartcard by a legitimate user. So, in this paper, the authors have given an enhanced mechanism for developing a three-factor secure mutual authentication scheme to attain effectively the security of the remote health-care system for patient monitoring. Further, the proper revocation and re-registration of users have been incorporated to support some additional securities in a case when the user lost his/her smartcard or smartcard is stolen.Results and Conclusions: Testing with the BAN logic model affirms the accuracy of mutual authentication of the scheme designed in this paper. Also, the output of the AVISPA simulation depicts that the enhanced scheme efficiently tackle the active and passive attacks. Further, the comparative studies of our scheme with state-of-the-art schemes are also acceptable in terms of different security aspects.

engineering, biomedical,computer science, interdisciplinary applications,medical informatics, theory & methods

Wenming Wang,Haiping Huang,Fu Xiao,Qi Li,Lingyan Xue,Jiansheng Jiang

DOI: https://doi.org/10.1016/j.sysarc.2021.102215

IF: 5.836

2021-09-01

Journal of Systems Architecture

Abstract:<p>Smart healthcare plays an important role in contemporary society while its security and privacy issues remain inevitable challenges. Authenticated key agreement (AKA) mechanism, as the foundation of secure communication, has been recognized as an important measure for solving this problem. Most existing AKA protocols utilize cloud-based centralized architecture, data privacy and security can be exposed easily once the centralized authority is attacked. In addition, most past solutions require the online registration center to assist mutual authentication and consume considerable amounts of resources. To address these drawbacks, a computation-transferable authenticated key agreement protocol without an online registration center for smart healthcare is designed. Specifically, the proposed protocol can realize mutual authentication and key agreement without the need for an online registration center, as well as being able to satisfy security and privacy protection requirements. By transferring partial computation tasks to the server, the proposed scheme incurs lower computation and communication overhead on the user side. Moreover, the proposed scheme adopts certificateless public key cryptography, which can solve the problems of certificate management and key escrow. Performance analysis indicates that the proposal reduces 9.9% of the computation overhead on the resource-limited terminal, which is suitable for low-power IoT applications, including smart healthcare.</p>

computer science, software engineering, hardware & architecture

Zhaoyang Zhang,Honggang Wang,Athanasios V. Vasilakos,Hua Fang

DOI: https://doi.org/10.4108/icst.bodynets.2013.253689

2013-01-01

Abstract:Wireless Body Area Networks (WBANs) are the core of components of future m-Health system and is playing a crucial role in healthcare applications. A key requirement for such applications is secure communications between body sensors. This paper presents a novel key agreement scheme which allows wireless body sensors in WBANs to share a common key generated using wireless channel information. Unlike traditional biometric based security approach, the proposed key agreement does not need extra hardware, which can secure data communications in a plug-n-play manner. Our experimental results show that the proposed scheme is feasible for WBANs.

Mengxia Shuai,Nenghai Yu,Hongxia Wang,Ling Xiong,Yue Li

DOI: https://doi.org/10.4018/joeuc.20210501.oa1

2021-01-01

Journal of Organizational and End User Computing

Abstract:Security and privacy issues in wireless medical sensor networks (WMSNs) have attracted lots of attention in both academia and industry due to the sensitiveness of medical system. In the past decade, extensive research has been carried out on these security issues, but no single study exists that addresses them adequately, especially for some important security properties, such as user anonymity and forward secrecy. As a step towards this direction, in this paper, the authors propose a lightweight three -factor anonymous authentication scheme with forward secrecy for personalized healthcare applications using only the lightweight cryptographic primitives. The proposed scheme adopts pseudonym identity technique to protect users' real identities and employs one-way hash chain technique to ensure forward secrecy. Analysis and comparison results demonstrate that the proposed scheme can not only reduce execution time by 34% as compared with the most effective related schemes, but also achieve more security and functional features.

Kaijun Liu,Guosheng Xu,Qiang Cao,Chenyu Wang,Jingjing Jia,Yuan Gao,Guoai Xu

DOI: https://doi.org/10.3390/s23218992

IF: 3.9

2023-11-06

Sensors

Abstract:In healthcare, wireless body area networks (WBANs) can be used to constantly collect patient body data and assist in real-time medical services for patients from physicians. In such security- and privacy-critical systems, the user authentication mechanism can be fundamentally expected to prevent illegal access and privacy leakage occurrences issued by hacker intrusion. Currently, a significant quantity of new WBAN-oriented authentication protocols have been designed to verify user identity and ensure that body data are accessed only with a session key. However, those newly published protocols still unavoidably affect session key security and user privacy due to the lack of forward secrecy, mutual authentication, user anonymity, etc. To solve this problem, this paper designs a robust user authentication protocol. By checking the integrity of the message sent by the other party, the communication entity verifies the other party's identity validity. Compared with existing protocols, the presented protocol enhances security and privacy while maintaining the efficiency of computation.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Chengqi Wang,Xiao Zhang,Lijia Xie,Zhiming Zheng

DOI: https://doi.org/10.14257/ijsia.2017.11.9.04

2017-01-01

International Journal of Security and Its Applications

Abstract:To satisfy the security requirements of patients' privacy and data's security for health Internet of Things (IoT), various authentication schemes are proposed as guaranteed countermeasures. In particular, Wang et al. built an identity-based authentication scheme with extended Chebyshev chaotic maps. Nevertheless, considering service misuse attack and Denial-of-Service attack, Wang et al.' s method works inadequately. Also it is insufficient to provide efficient password change phase, fast error detection and session key agreement. As a remedy, we propose a novel dynamic identity authenticated key agreement scheme. Our scheme achieves resistance to the known attacks in order to meet the desirable security requirements. Furthermore, the presented scheme practically enables both user revocation/re-registration and biometric information protection, which are significant features ignored by most previous schemes. We confirm the effectiveness of our scheme via comprehensive comparisons in terms of resistance, functionality and performance.

Chin-Ling Chen,Po-Tsun Huang,Yung-Yuan Deng,Hsing-Chung Chen,Yun-Ciao Wang

DOI: https://doi.org/10.1186/s13673-020-00221-1

2020-05-07

Abstract:Abstract As cloud computing technology matures, along with an increased application of distributed networks, increasingly larger amounts of data are being stored in the cloud, and are thus available for pervasive application. At the same time, current independent medical record systems tend to be inefficient, and most previous studies in this field fail to meet the security requirements of anonymity and unlinkability. Some proposed schemes are even vulnerable to malicious impersonation attacks. The scheme proposed in this study, therefore, combines public and private clouds in order to more efficiently and securely preserve and manage electronic medical records (EMR). In this paper, a new secure EMR authorization system is proposed, which uses elliptic curve encryption and public-key encryption, providing a health care system with both public and private cloud environments with a message authentication mechanism, allowing the secure sharing of medical resources. The analysis shows that the proposed scheme prevents known attacks, such as replay attacks, man-in-the-middle attacks and impersonation attacks, and provides user anonymity, unlinkability, integrity, non-repudiation, forward and backward security.

computer science, information systems

Jiaqing Mo,Hang Chen,Wei Shen

DOI: https://doi.org/10.1007/978-3-030-16946-6_36

2020-01-01

Abstract:Cryptanalyzing the security weaknesses of authentication protocols is extremely important to propose countermeasures and develop a truly secure protocol. Over last few years, many three factor-based authentication schemes with key agreement have been proposed for multi-server environment. In 2017, Ali and Pal developed a three-factor authentication scheme in multi-server environment using elliptic curve cryptography (ECC) to remedy the security flaws in Li et al.'s scheme and claimed their improved version can withstand the passive and active attacks. In this paper, we prove that Ali-Pal's scheme is subject to offline password guessing attack, replay attack, and known session-specific temporary information (KSSTI) attack. In the same year, Feng et al. examined Kumari et al.'s biometrics-based authentication scheme for multi-server environment and found that their scheme was vulnerable to several attacks. To fix these weaknesses, Feng et al. proposed an enhanced three-factor authentication scheme with key distribution for mobile multi-server environment and claimed that their scheme can satisfy the security and functional requirements. However, we show that Feng et al.'s scheme fails to resist offline password guessing attack, and suffers from replay attack. In addition to point out the security defects, we put forward countermeasures to eliminate the security risks and secure the three factor-based authentication schemes for multi-server environment.

Haomin Yang,Yaoxue Zhang,Yuezhi Zhou,Xiaoming Fu,Hao Liu,Athanasios V. Vasilakos

DOI: https://doi.org/10.1016/j.comnet.2013.08.020

IF: 5.493

2014-01-01

Computer Networks

Abstract:Authenticated key agreement protocol is a useful cryptographic primitive, which can be used to protect the confidentiality, integrity and authenticity for transmitted data over insecure networks. From the point of view of the management of pre-shared secrets, one of the advantages of three-party authenticated key agreement (3PAKA) protocols is that they are more suitable for use in a network with large numbers of users compared with two-party authenticated key agreement protocols. Using smart cards is a practical, secure measure to protect the secret private keys of a user. Recently, some 3PAKA protocols using smart cards have been proposed. However, up to now, it is still a challenging problem to propose a 3PAKA protocol using smart cards with fewer rounds of messages and without using timestamp technique. Another important fact to be mentioned is that existing 3PAKA protocols using smart cards all lack provable-security guarantees. In this paper, we propose a new 3PAKA protocol using smart cards. The proposed protocol gains several advantages over existing related protocols: (1) The protocol is provably secure under the computational Diffie-Hellman assumption in the random oracle model, and hence can resist strong adversaries in network scenarios; (2) The protocol needs fewer rounds of messages, and can enable short communication latency and rapid response; and (3) The protocol is not based on timestamp technique, and does not need the complicated clock synchronization.

Dheerendra MIshra

DOI: https://doi.org/10.48550/arXiv.1310.5896

2013-10-22

Abstract:The Telecare medicine information system (TMIS) is developed to provide Telecare services to the remote user. A user can access remote medical servers using internet without moving from his place. Although remote user and server exchange their messages/data via public networks. An adversary is considered to be enough powerful that he may have full control over the public network. This makes these Telecare services vulnerable to attacks. To ensure secure communication between the user and server many password based authentication schemes have been proposed. In 2013, Hao et al. presented chaotic maps-based password authentication scheme for TMIS. Recently, Lee identified that Hao et al.'s scheme fails to satisfy key agreement property, such that a malicious server can predetermine the session key. Lee also presented an efficient chaotic map-based password authentication and key agreement scheme using Smart cards for TMIS. In this article, we briefly review Lee's scheme and demonstrates the weakness of Lee's scheme. The study shows that the Lee's scheme inefficiency of password change phase causes denial of service attack and login phase results extra computation and communication overhead.

Cryptography and Security