Dependable and Provable Secure Two-Factor Mutual Authentication Scheme Using ECC for IoT-Based Telecare Medical Information System

Radhakrishnan, Niranchana; Muniyandi, Amutha Prabakar

doi:10.1155/2022/9273662

Cited by 15 publications

(12 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Often it comprises two separate components; namely, a smart card and a card reader, where the former includes an integrated secure chipset while the former includes a keypad and a screen. Since its introduction in [8], there have been numerous protocols for smart card-based 2FA (e.g., in [14,33,27]) along with a few works that identify vulnerabilities of existing solutions, e.g., in [31,32,10]. However, the existing smart card-based solutions (e.g., in [14,33,27]) are often based on public-key cryptography which imposes a high computation cost and makes the card reader's battery run out relatively fast; also some solutions (e.g., in [19]) rely on tamper-proof secure chipsets embedded in the card which would ultimately increase the device's cost.…”

Section: Variants Of Otp Hardware Tokensmentioning

confidence: 99%

A Forward-secure Efficient Two-factor Authentication Protocol

Murdoch¹,

Abadi²

2022

Preprint

View full text Add to dashboard Cite

Two-factor authentication (2FA) schemes that rely on a combination of knowledge factors (e.g., PIN) and device possession have gained popularity. Some of these schemes remain secure even against strong adversaries that (a) observe the traffic between a client and server, and (b) have physical access to the client's device, or its PIN, or breach the server. However, these solutions have several shortcomings; namely, they (i) require a client to remember multiple secret values to prove its identity, (ii) involve several modular exponentiations, and (iii) are in the non-standard random oracle model. In this work, we present a 2FA protocol that resists such a strong adversary while addressing the above shortcomings. Our protocol requires a client to remember only a single secret value/PIN, does not involve any modular exponentiations, and is in a standard model. It is the first one that offers these features without using trusted chipsets. This protocol also imposes up to 40% lower communication overhead than the state-of-the-art solutions do.The adoption of online services, such as online banking and e-commerce, has been swiftly increasing, and so has the effort of adversaries to gain unauthorised access to such services. For clients to prove their identity to a remote service provider, they provide a piece of evidence, called an "authentication factor". Authentication factors can be based on (i) knowledge factors, e.g., PIN or password, (ii) possession factors, e.g., access card or physical hardware token, or (iii) inherent factors, e.g., fingerprint. Knowledge factors are still the most predominant factors used for authentication [6,15]. The knowledge factors themselves are not strong enough to adequately prevent impersonation [29,15]. Multi-factor authentication methods that depend on more than one factor are more difficult to compromise than single-factor methods. Recently (on January 26, 2022), the "Executive Office of the US President" released a memorandum requiring the Federal Government's agencies to meet specific cybersecurity standards, including the use of multi-factor authentication, to reinforce the Government's defences against increasingly sophisticated threat campaigns [23]. Among multi-factor authentication schemes, two-factor authentication (2FA) methods, including those

show abstract

Section: Variants Of Otp Hardware Tokensmentioning

confidence: 99%

A Forward-secure Efficient Two-factor Authentication Protocol

Murdoch¹,

Abadi²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Xie et al [ 10 ] presented a novel authentication protocol for TMIS in 2014, which is considered to be pragmatic and secure. Radhakrishnan and Muniyandi [ 11 ] submitted a two-factor key agreement for TMIS based on elliptic curve cryptography (ECC). In 2015, Wang and Zhang [ 12 ] solved the anonymity of authentication in WBAN using bilinear pairs, and their scheme could defend against known-key attacks and man-in-middle attacks.…”

Section: Introductionmentioning

confidence: 99%

Provably Secure and Lightweight Patient Monitoring Protocol for Wireless Body Area Network in IoHT

Xie

Liu

Ding

et al. 2023

Journal of Healthcare Engineering

View full text Add to dashboard Cite

As one of the important applications of Internet of Health Things (IoHT) technology in the field of healthcare, wireless body area network (WBAN) has been widely used in medical therapy, and it can not only monitor and record physiological information but also transmit the data collected by sensor devices to the server in time. However, due to the unreliability and vulnerability of wireless network communication, as well as the limited storage and computing resources of sensor nodes in WBAN, a lot of authentication protocols for WBAN have been devised. In 2021, Alzahrani et al. designed an anonymous medical monitoring protocol, which uses lightweight cryptographic primitives for WBAN. However, we find that their protocol is defenseless to off-line identity guessing attacks, known-key attacks, and stolen-verifier attacks and has no perfect forward secrecy. Therefore, a patient monitoring protocol for WBAN in IoHT is proposed. We use security proof under the random oracle model (ROM) and automatic verification tool ProVerif to demonstrate that our protocol is secure. According to comparisons with related protocols, our protocol can achieve both high computational efficiency and security.

show abstract

“…Karthigaiveni and Indrani [20] proposed a 2FA scheme with key agreement using elliptic curve cryptography (ECC) with a smart card and password. Radhakrishnan and Muniyandi [21] show that Karthigaiveni and Indrani [20] scheme has security flaws such as offline password guessing attack and user anonymity. They proposed a 2FA scheme that uses ECC with smart cards, effective, secure, and overcomes security vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

Secure two-factor mutual authentication scheme using shared image in medical healthcare environment

Abdulmalik

Yassin

2023

Bulletin EEI

View full text Add to dashboard Cite

The cloud healthcare system has become the essential online service during the COVID-19 pandemic. In this type of system, the authorized user may login to a distant server to acquire the service and resources they demand, we need full security procedures that cover criteria such as authentication, privacy, integrity, and availability. The journey of security for any healthcare system starts with the authentication of users based on their privileges. Traditional user authentication mechanisms, such as password and personal identification number (PIN) typing, are vulnerable to malicious attacks like on/offline, insider, replay, guessing, and shoulder surfing. To address these issues, we proposed a secure authentication scheme that uses the authenticated delegating mechanism based on two factors: a one-time password and generating a secure variable vector from a legible user's digital image to enable the permission of a user through the back-end database of a cloud server. The proposed mutual authentication can protect the information against well-known attacks, ensure the user's privacy, and key management. Moreover, comparisons with existing schemes show that the proposed scheme supplies more privacy, security metrics, and resistance to attacks than the others while being more efficient in computation and communication costs.

show abstract

Dependable and Provable Secure Two-Factor Mutual Authentication Scheme Using ECC for IoT-Based Telecare Medical Information System

Cited by 15 publications

References 52 publications

A Forward-secure Efficient Two-factor Authentication Protocol

A Forward-secure Efficient Two-factor Authentication Protocol

Provably Secure and Lightweight Patient Monitoring Protocol for Wireless Body Area Network in IoHT

Secure two-factor mutual authentication scheme using shared image in medical healthcare environment

Contact Info

Product

Resources

About