Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems

Mishra, Dheerendra; Mukhopadhyay, Sourav; Chaturvedi, Ankita; Kumari, Saru; Khan, Muhammad Khurram

doi:10.1007/s10916-014-0024-2

Cited by 80 publications

(88 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…But, the researchers have considered biometric feature [2] with the password to enhance the security label. Therefore, many researchers have proposed biometric and password based authentication schemes in [17][18][19][20][21][22][23][24][25][26][27][28]. Li and Hwang [17] proposed a biometrics-based remote user authentication scheme in 2010.…”

Section: Literature Surveymentioning

confidence: 99%

“…But, Yan et al [23] pointed out that Tan's scheme [22] is vulnerable to the Denial-of-Service (DoS) attack. However, recently, Mishra et al [24] showed that Yan et al's scheme [23] suffers from off-line password guessing attack and has inefficient login and password change phases. Huang et al [29] proposed an authentication scheme based on RSA.…”

Section: Literature Surveymentioning

confidence: 99%

“…However, the compared schemes in [17][18][19] and [22][23][24] and [26] are not suitable for practical use because, the schemes cannot resist the possible attacks as shown in Table 2. In the introduction part of this paper, it has been described that is insecure against security attacks.…”

Section: Comparisonmentioning

confidence: 99%

“…Thus, the proposed scheme is more secure than other schemes. Table 3 shows the computational cost, storage cost and communication overhead comparison of schemes in [17][18][19], [22][23][24], and [26] with our proposed scheme. For this purpose, only login and authentications phases have been consider due to maximum use.…”

Section: Comparisonmentioning

confidence: 99%

“…T H , T enc and T dec are the time required for hash operation, symmetric key encryption and decryption respectively. The proposed scheme takes time for 10 hashing operations in two phases which is the lower among related and compared schemes in [18,[22][23][24]26]. It can be reasonably assumed that the length of ID i and pw i are 64 bits each.…”

Section: Comparisonmentioning

confidence: 99%

See 4 more Smart Citations

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

Giri

Maitra

2017

ITM Web Conf.

View full text Add to dashboard Cite

Abstract. Due to rapid growth of online applications, it is needed to provide such a facility by which communicators can get the services by applying the applications in a secure way. As communications are done through an insecure channel like Internet, any adversary can trap and modify the communication messages. Only authentication procedure can overcome the aforementioned problem. Many researchers have proposed so many authentication schemes in this literature. But, this paper has shown that many of them are not usable in real world application scenarios because, the existing schemes cannot resist all the possible attacks. Therefore, this paper has proposed a three factor authentication scheme using hash function and fuzzy extractor. This paper has further analyzed the security of the proposed scheme using random oracle model. The analysis shows that the proposed scheme can resist all the possible attacks. Furthermore, comparison between proposed scheme and related existing schemes shows that the proposed scheme has better trade-off among storage, computational and communication costs.

show abstract

Section: Literature Surveymentioning

confidence: 99%

Section: Literature Surveymentioning

confidence: 99%

Section: Comparisonmentioning

confidence: 99%

Section: Comparisonmentioning

confidence: 99%

Section: Comparisonmentioning

confidence: 99%

See 3 more Smart Citations

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

Giri

Maitra

2017

ITM Web Conf.

View full text Add to dashboard Cite

show abstract

An extended ECC‐based anonymity‐preserving 3‐factor remote authentication scheme usable in TMIS

Chandrakar

2018

Int J Communication

View full text Add to dashboard Cite

A telecare medicine information system (TMIS) helps in providing an efficient communication platform to patients from home to consult doctors at a clinical center. In TMIS, the patient's confidentiality, security, and mutual authentication are very crucial; so remote authentication plays a vital role for verifying the legitimacy of patients. Recently, Amin and Biswas have devised a remote authentication protocol for TMIS, claiming it to be secured from various malicious vulnerabilities. We examine this protocol and find that it is not able to withstand many attacks that include off-line and online password-guessing, identity-guessing, user impersonation, privileged insider, and known session key temporary information attacks. We propose a 3-factor-based authentication protocol for TMIS by overcoming these security shortcomings. We present its security verification in formal and informal ways, which assert its resistivity against various security threats. We use the Burrows-Abadi-Needham logic for validating it, and with the Automated Validation of Internet Security Protocols and Applications tool, it is simulated. Further, the performance evaluation and the security functionalities justify high degree of security with efficient complexity.

show abstract

On the security and improvement of privacy‐preserving 3‐factor authentication scheme for TMIS

Wei

Liu

Hu³

2018

Int J Communication

View full text Add to dashboard Cite

The telecare medicine information system (TMIS) enables patients from different regions to remotely share the same telecare services, which significantly enhances the quality and effectiveness of medical treatment. On the other hand, patients' electronic health records usually involve their privacy information, they thus hesitate to directly transmit these information in TMIS over the public network due to the threat of privacy disclosure. The authenticated key agreement, as a core building of securing communications over the public network, is considered to be necessary for strengthening the security of TMIS. Recently, we note Zhang et al introduced a 3-factor authenticated key agreement scheme for TMIS and asserted that the proposed scheme can resist various well-known attacks. Unfortunately, in this paper, we point out that the scheme of Zhang et al cannot achieve the claimed security guarantees. Specifically, their scheme is vulnerable to offline password/identity guessing attack and user/server impersonation attack. To conquer the above security pitfalls, we put forward a new 3-factor authenticated key agreement scheme with privacy preservation for TMIS. The security evaluation and performance discussion indicate that our scheme can be free from those well-known and classical attacks including offline guessing attack and impersonation attack, without increasing additional computation cost when compared with related works. Consequently, the new authentication scheme would be more desirable for securing communications in TMIS. KEYWORDSchaotic maps, cryptanalysis, multifactor authentication, privacy preservation, telecare medicine information system Int J Commun Syst. 2018;31:e3767. wileyonlinelibrary.com/journal/dac How to cite this article: Wei J, Liu W, Hu X. On the security and improvement of privacy-preserving 3-factor authentication scheme for TMIS. Int J Commun Syst. 2018;31:e3767. https://doi.

show abstract

Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems

Cited by 80 publications

References 31 publications

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

An extended ECC‐based anonymity‐preserving 3‐factor remote authentication scheme usable in TMIS

On the security and improvement of privacy‐preserving 3‐factor authentication scheme for TMIS

Contact Info

Product

Resources

About