Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems

Jiang, Qi; Chen, Zhiren; Li, Bingyan; Shen, Jian; Yang, Li; Ma, Jianfeng

doi:10.1007/s12652-017-0516-2

Cited by 89 publications

(49 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to address the security aspects under the above-mentioned application scenario, many authentication protocols are proposed [4][5][6][7]. In 2009, Das [8] proposed a two-factor user authentication protocol, which is claimed to have strong authentication and session key establishment and achieves efficiency.…”

Section: Related Workmentioning

confidence: 99%

A Provably Secure Anonymous Authenticated Key Exchange Protocol Based on ECC for Wireless Sensor Networks

Zhang

Wei³

2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

In wireless sensor networks, users sometimes need to retrieve real-time data directly from the sensor nodes. Many authentication protocols are proposed to address the security and privacy aspects of this scenario. However, these protocols still have security loopholes and fail to provide strong user anonymity. In order to overcome these shortcomings, we propose an anonymous authenticated key exchange protocol based on Elliptic Curves Cryptography (ECC). The novel protocol provides strong user anonymity such that even the gateway node and the sensor nodes do not know the real identity of the user. The security of the proposed protocol is conducted in a well-defined security model under the CDH assumption. Compared with other related protocols, our protocol is efficient in terms of communication and enjoys stronger security. The only disadvantage is that our protocol consumes more computation resources due to the usage of asymmetric cryptography mechanisms to realize strong anonymity. Consequently, our protocol is suitable for applications which require strong anonymity and high security in wireless sensor networks.

show abstract

Section: Related Workmentioning

confidence: 99%

A Provably Secure Anonymous Authenticated Key Exchange Protocol Based on ECC for Wireless Sensor Networks

Zhang

Wei³

2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…Furthermore, in [23] Section 4.2, we can see that even the adversary guesses the password and identity simultaneously and the whole attack can be finished within limited time. Therefore, the adversary can exhaust the password and identity space simultaneously, and many scholars follow this principle [2,[24][25][26][27].…”

Section: Adversary Modelmentioning

confidence: 99%

A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment

Wang

2018

Security and Communication Networks

View full text Add to dashboard Cite

With the great development of network technology, the multiserver system gets widely used in providing various of services. And the two-factor authentication protocols in multiserver system attract more and more attention. Recently, there are two new schemes for multiserver environment which claimed to be secure against the known attacks. However, after a scrutinization of these two schemes, we found that (1) their description of the adversary's abilities is inaccurate; (2) their schemes suffer from many attacks. Thus, firstly, we corrected their description on the adversary capacities to introduce a widely accepted adversary model and then summarized fourteen security requirements of multiserver based on the works of pioneer contributors. Secondly, we revealed that one of the two schemes fails to preserve forward secrecy and user anonymity and cannot resist stolen-verifier attack and off-line dictionary attack and so forth and also demonstrated that another scheme fails to preserve forward secrecy and user anonymity and is not secure to insider attack and off-line dictionary attack, and so forth. Finally, we designed an enhanced scheme to overcome these identified weaknesses, proved its security via BAN logic and heuristic analysis, and then compared it with other relevant schemes. The comparison results showed the superiority of our scheme.

show abstract

“…For this reason, many ABE schemes [9,10] with extended functionalities have been proposed. In addition, there are also various privacy-preserving authentication protocols, like two-factor authentication [11,12], three-factor authentication [13,14], end-to-end authentication [15], and so on. And some new works focus on practical application fields, such as smart metering [16], Internet of Things [17], and WBAN [18].…”

Section: Related Workmentioning

confidence: 99%

PMDP: A Framework for Preserving Multiparty Data Privacy in Cloud Computing

Wei

Liu

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

The amount of Internet data is significantly increasing due to the development of network technology, inducing the appearance of big data. Experiments have shown that deep mining and analysis on large datasets would introduce great benefits. Although cloud computing supports data analysis in an outsourced and cost-effective way, it brings serious privacy issues when sending the original data to cloud servers. Meanwhile, the returned analysis result suffers from malicious inference attacks and also discloses user privacy. In this paper, to conquer the above privacy issues, we propose a general framework for Preserving Multiparty Data Privacy (PMDP for short) in cloud computing. The PMDP framework can protect numeric data computing and publishing with the assistance of untrusted cloud servers and achieve delegation of storage simultaneously. Our framework is built upon several cryptography primitives (e.g., secure multiparty computation) and differential privacy mechanism, which guarantees its security against semihonest participants without collusion. We further instantiate PMDP with specific algorithms and demonstrate its security, efficiency, and advantages by presenting security analysis and performance discussion. Moreover, we propose a security enhanced framework sPMDP to resist malicious inside participants and outside adversaries. We illustrate that both PMDP and sPMDP are reliable and scale well and thus are desirable for practical applications.

show abstract

Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems

Cited by 89 publications

References 48 publications

A Provably Secure Anonymous Authenticated Key Exchange Protocol Based on ECC for Wireless Sensor Networks

A Provably Secure Anonymous Authenticated Key Exchange Protocol Based on ECC for Wireless Sensor Networks

A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment

PMDP: A Framework for Preserving Multiparty Data Privacy in Cloud Computing

Contact Info

Product

Resources

About