Security Analysis and Enhancements of a User Authentication Scheme
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
International Journal of Network Security, Vol.23, No.5, PP.895-903, Sept. 2021 (DOI: 10.6633/IJNS.202109 23(5).17) 895
Security Analysis and Enhancements of a User
Authentication Scheme
Wan-Rong Liu1 , Xin He2 , and Zhi-Yong Ji1
(Corresponding author: Zhi-Yong Ji)
Shanghai Sixth People’s Hospital East affiliated to Shanghai University of Medicine, Health
Sciences, Shanghai 201306, China1
Department of Engineering Science and Technology, Shanghai Ocean University, Shanghai 201306,China2
This work was supported in part by the 2018 ”Research and Development and Application of
Limb Local Drug Delivery Dialysis Device” of the seed fund program of
Shanghai university of medicine, health Sciences (SFP-18-21-14-001)
Email: joyer99@126.com
(Received June 15, 2020; Revised and Accepted May 6, 2021; First Online Aug. 15, 2021)
Abstract the time utilization rate, but also effectively reduces the
direct contact between medical staff and patients during
With the rapid development of the Internet, telemedicine the prevention and control of severe infectious diseases,
information system is more and more around us. Still, greatly reduces the risk of infection, and maximizes the
the security of people’s information is one of the biggest therapeutic effect of patients. However, the application
limiting factors for the widespread use of telemedicine of telemedicine information system has produced a large
information systems. Aslam et al. suggest that Amin et amount of physiological information of patients, which is
al.’s authentication protocol is their analysis of the easy to be intercepted or modified by attackers if it is
three-factor authentication protocol is one of the best. transmitted in an insecure channel. If the doctor gets
Still, through our analysis, we find that Amin et al.’s the wrong information about the patient, he may make
protocol is susceptible to the agreement of privilege a wrong diagnosis. If the information is intercepted, the
internal attack, replay attack. So on, we base on the patient cannot get timely treatment, which may endan-
agreement Amin et al.’s protocol propose an improved ger the patient’s life in serious cases. In this case, identity
three-factor authentication protocol verified by BAN authentication is particularly important [13, 30].
logic, the performance, and efficiency compared with the Identity authentication refers to through certain
agreement of our agreement in the increase in a small means, complete the identification of the user’s iden-
amount of calculation has higher security. tity, the purpose is to confirm that the current claimed
Keywords: Anonymity; Authentication; Telecare as a certain identity of the user, is indeed the claimed
Medicine Information System user [15, 16, 21, 22, 26]. Considering the number of par-
ties in the authentication protocol, the authentication
schemes can be divided into three types: one-way, mutual,
1 Introduction and group authentication [27]. Considering the number
of factors in the authentication agreement, the authenti-
Telecare Medicine Information Systems (TMIS) is an in- cation scheme can also be divided into three categories:
formation system that adopts network technology and can one, two, and three factor. Many authentication pro-
carry out consultation, monitoring and other special med- tocols have been proposed for telemedicine information
ical activities for patients in any location [14, 25]. This system [11, 18, 32]. The first remote computer authen-
system is of great significance both from the perspective tication scheme was proposed by Lamport [20]. In the
of patients with physical disabilities and from the perspec- beginning, the authentication protocol is mainly based
tive of the prevention and treatment of severe infectious on single-factor authentication, such as static password,
diseases [7, 9]. By implanting or wearing sensors on the where the user sets a string of static data, and the static
patient to collect physiological data of patients, continu- password will remain unchanged until the user changes it.
ously monitor their health status, and send the data to the However, the security of static password has many short-
hospital in real time, so that hospital professionals can di- comings, although users can often change the password to
agnose patients and figure out the next treatment plan. It improve the security, password will remain unchanged for
not only saves the commuting cost for patients, improves a period of time, the single-factor authentication methodInternational Journal of Network Security, Vol.23, No.5, PP.895-903, Sept. 2021 (DOI: 10.6633/IJNS.202109 23(5).17) 896
has not been able to meet the needs of the Internet for Computational Diffie-Hellman (CDH) problem and times-
identity authentication security. The first two-factor au- tamp mechanism [24]. The CDH problem based on DH
thentication scheme was proposed by Hwang in 1990 [17]. problem is a discrete logarithm problem based on finite
So far, scholars have done a lot of research on two-factor field, which obtains the calculation results indirectly in-
authentication protocol [1, 12, 28, 33]. stead of solving the discrete logarithm problem directly.
In the early 21st century, the three-factor authentica- 1) Discrete logarithm problem: given P, aP ∈ E/F q,
tion schemes were proposed. In three-factor authentica- for unknown a ∈ Zn∗, the probability of success of
tion, the user needs to provide his/her biometric infor- finding the value of a is negligible.
mation in addition to smart card, ID and password. The
biometric information of each person is unique to him- 2) Computational Diffie-Hellman problem: given
self. The digital information converted from the biomet- P, aP, bP, P ∈ E/F q, for unknown a, b ∈ Zn∗, the
ric information has a high entropy value and does not probability of success of finding the value of abP is
require the user to remember, which makes it difficult negligible.
for the attacker to guess the user’s biometric information
A timestamp is a piece of data that represents informa-
and keep the information secret. Although biometrics has
tion that already exists at a particular point in time. It
good characteristics, users cannot guarantee that the bio-
is mainly proposed to provide an electronic evidence for
metrics information input is exactly the same every time,
users to prove the generation time of some data of users,
such as fingerprints, and a slight deviation will lead to
ensuring the freshness of information. We employ El-
failure and rejection.
lipse Curve Cryptography (ECC) in our protocol, which
In order to solve the problem of failed rejection, Jin et require a small amount of computation, faster process-
al. [19] proposed a authentication protocol with finger- ing speed, and less storage space and transmission band-
print data and marked random numbers. To achieve this, width. We carry out BAN logic proof for our proposed
biological hash functions were created, a technique that protocol. We also perform performance comparisons and
combines tagging random numbers with biometric recog- efficiency analyses. The result shows that our improved
nition. However, not all experts adopt the biological hash protocols have higher securing with little more computa-
function to reduce the failure rejection rate. They believe tion cost.
that users cannot guarantee that the input of biometric
information is exactly the same every time, and accept the
input biometric information as long as it is within a cer- 2 Review of Amin et al.’s Scheme
tain error range, such as Arshad and Nikooghadam [5]’s
authentication protocol. But Lu et al. [35] have shown We review of Amin et al.’s scheme. All notations that
that Arshad and Nikooghadam’s authentication protocol have been used, are described in Table 1.
has shortcomings such as offline password guessing at-
tacks. In 2013, Chang et al. [31] proposed one of the first Table 1: Notations
three-factor authentication scheme for TMIS, and their
scheme depends on the biometric information of the user Symbol Definition
as the third layer of the security. In the same year, Das et U User
al. [8] exposed some weaknesses in Chang et al.’s scheme. Ms /S Medical Server
Liu and Chung [23] proposed a user authentication scheme ID Identity of U
for wireless healthcare sensor networks in 2017. PW Password of U
x Secret key
Challa et al. [10] proposed an improved protocol of Liu
r, R A random number
and Chung’s scheme. But Liu and Chung” scheme and
P A point on the elliptic curve
Challa et al.” scheme power consumption are greatly in-
P x The value of on x-axis
creased, which is not suitable for telemedicine information
A The adversary
systems. In 2015, Xu et al. [34] proposed a user authen-
SC The smart card
tication scheme preserving uniqueness and anonymity for
Symmetric key encryption/decryption
connected health care. Amin et al. [3] proved that Xu et Ek (c)/Dk (·)
by key k
al.’s scheme has a design flaw and proposed a secure three-
h(·) One-way hash function
factor user authentication and key agreement protocol for
⊕ Bitwise XOR operation
TMIS with user anonymity. Meanwhile, Aslam et al. [6]
|| Concatenation operation
thought Amin et al.’s scheme was the best among all the
T The current time of system
three-factor authentication methods in their survey. In
SK Session-key
2016, Niloofar et al. [29] pointed out some weaknesses
The maximum time interval for
in Amin et al.’s scheme, such as the inability to defend ∆T
transmission delay
against replay attack. We think the agreement structure
H(·) Bio-hash function
of Amin et al is good, so further analyze Amin et al.’s
B Biological characteristics
scheme in detail, propose an improved three-factor au-
thentication protocol for TMIS. The protocol is based onInternational Journal of Network Security, Vol.23, No.5, PP.895-903, Sept. 2021 (DOI: 10.6633/IJNS.202109 23(5).17) 897
2.1 Registration Phase 3.3 Weakness 3: Stolen Smart Card At-
he registration phase of Amin et al.’ scheme is shown in
tack
Figure 1. We suppose that an attacker A has stolen the smart card.
A can extract the message ⟨Fi , CIDi , Ai , Bi , h(·), H(·)⟩.
Step 1: Ui /smartcard chooses IDi , P Wi , Ti , computes Then A computes Ai = h(ID∗ ||P W ∗ ), where A selects
i
Ai = h(ID||P Wi ), Fi = H(Ti ), sends messages ID∗ and P W ∗ respectively. If the equation is equal, A
i
{IDi , Ai , Fi } to server. obtains the correct identity and password of the legitimate
user. Otherwise, A chooses another identity and password
Step 2: Server computes W = h(IDs ||x||IDi ), Bi = until he/she finds the correct answer.
h(IDi ||Ai ) ⊕ W , CIDi = EN Cx(IDi ||Ran), em-
beds messages Fi , CIDi , Ai , Bi , h(·), H(·) in smart-
card, delivers smartcard to Ui . 3.4 Weakness 4: User Impersonation At-
tack
2.2 Login and Authentication Phase The attacker be an illegal user with IDA, he will mas-
querade as any user. Firstly, A manipulates the smart-
The login and authentication phase of Amin et al.’ scheme card to generate < C2A , CIDA , C4A > in the name of
is shown in Figure 2. U , where C2A = ru ⊕ W , CIDA = EN Cx(IDu ||Ran),
C4A = h(IDu ||ru ||W ). After that, the smartcard sends
< C2A , CIDA , C4A > to S over the public channel. S
2.3 Password Change Phase cannot distinguish between a fresh message and old mes-
The password change phase of Amin et al.’ scheme is sage. The telecare server accepts the attacker A as a legal
shown in Figure 3. user with identity IDu .
3 Weaknesses of Amin et al.’s 4 Proposed Protocol
Protocol 4.1 Registration Phase
The registration phase of the proposed scheme is shown
3.1 Weakness 1: Privileged Insider At- in Figure 4.
tack
The Ui sends < IDi , h(ID||P Wi ), H(Ti ) > to S. A priv- 4.2 Login and Authentication Phase
ileged insider user of medical server S being an attacker The login and authentication phase of the proposed
named A, who knows < IDi , h(ID||P Wi ), H(Ti ) >. A scheme is shown in Figure 5.
with knowing < IDi , h(ID||P Wi ), H(Ti ) > can acquire
P Wi as follow: Step 1: Ui inserts the smart card and inputs messages
{IDi , P Wi , Ti }, verifies whether Fi∗ = H(Ti ) = Fi ,
Step 1: Guesses a P Wi ∗. A∗i = h(P Wi ||r) = Ai , RIDi∗ = h(IDi ||r) = RIDi
hold, if these equations are true, Ui generates ran-
Step 2: Computes Ai ∗ = h(IDi ||P Wi ∗). dom number ri , computes C1 =r i · P , W = Bi ⊕
h(RIDi ||Ai ), C2 = ri ⊕ W C4 = h(RIDi ||ri ||W ||T1 ),
Step 3: If A∗i is equal to Ai , so P Wi∗ = P Wi , otherwise sends messages {C2 , CIDi , C4 , T1 } to server.
A guesses another P Wi∗ and computes A∗i until A∗i =
Ai . Step 2: Server checks |Ts − T1 | ≤ ∆T , extracts RIDi
from CIDi , computes W = h(IDs ||x||RIDi ), ri∗ =
C2 ⊕ W , Ci∗ = ri∗ · P , C4∗ = h(RIDi ||ri∗ ||W ||T1 ),
3.2 Weakness 2: Replay Attack verifies whether C4∗ = C4 holds, if the equa-
tion is true, server generates random number
Let’s say A listens message < C2 , CIDi , C4 >. Then A
rj , computes D1 = rj · P , SK = rj · C1∗ ,
sends same message < C2′ , CIDi′ , C4′ > to S. S computes
G1 = D1 + C1∗ , Li = h(RIDi∗ ||h1 (D1 )||W ||T2 ),
all the following calculations without realizing that the
CIDi′ = EN Cx(RIDi ||Ran′ ), sends messages
message is a duplicate message. W = h(IDs ||x||IDi ),
{Li , G1 , CIDi′ , T2 } to Ui .
ri∗ = C2 ⊕ W , C1∗ = ri∗ · P , C4∗ = h(IDi∗ ||ri∗ ||W ). S checks
C4∗ is equal to received C4′ or not. Since C4∗ is equal to C4′ , Step 3: Ui checks |Tc − T2 | ≤ ∆T , computes D1∗ =
so S believes < C2′ , CIDi′ , C4′ > is not sent by an illegal G1 − C1∗ , L∗i = h(RIDi ||h1 (D1∗ )||W ||T2 ), SK =
user. Then the attacker A is authenticated. The attacker ri · D1∗ = ri · rj · P , verifies whether L∗i = Li holds, if
forwards the old eavesdropped message < C2 , CIDi , C4 > the equations is true, computes Zi = h(RIDi ||SK),
to S by retransmission and old login message. Because S replay CIDi with CIDi′ , sends messages {Zi } to
has no way to tell when the message is delivered. server.International Journal of Network Security, Vol.23, No.5, PP.895-903, Sept. 2021 (DOI: 10.6633/IJNS.202109 23(5).17) 898
U ser U i /Smartcard Server S
Chooses < IDi , P Wi , Ti >
ChomputesA1 = h(ID||P Wi )
F1 = H(Ti ) −−−−−−−−−−→ Computes W = h(IDs ||x||IDi )
Bi = h(IDi ||Ai ) ⊕ W
CIDi = EN Cx (IDi ||Ran)
Embeds < Fi , CIDi , Ai , Bi , h(·), H(·) > in SC
delivers SC to U
i
←−−−−−−−−−−−−
Figure 1: Registration phase
U ser Ui /Smartcard Server S
Insert the smart card and
inputs < IDi , P Wi , Ti >
comprtex Fi∗ = H(Ti ) = Fi
A∗i = h(IDi ||P Wi ) = Ai
generates random number ri
C1 = ri · P
W = Bi ⊕ h(IDi ||Ai )
C2 = ri ⊕ W
{C2 CIDi ,C4 ,Ti ,}to S
C4 = h(IDi ||ri ||W ) −−−−−−−−−−−−−−−→ S extroctsIDi f rom CIDi
S computesW = h(IDi ||x||IDi )
ri∗ = C2 ⊕ W, C1∗ = ri∗ · P
C4∗ = h(IDi ||ri∗ ||W )
Checks C4∗ = C4
Generates random number rj
D1 = rj · P, SK = rj · C1∗
G1 = D1 + C1∗
Li = h(IDi∗ ||h1 (D1 )||W )
CIDi′ = EN Gx (RIDi ||Ran′ )
{Li , G1 M CID ′ }
i
←−−−−−−−−−−−
Ui computex Di∗ = G1 − C1∗
L∗i = h(IDi ||h1 (D1 )||W )
SK = ri · D1∗ = ri · rj · P
Checks L∗1 = Li
Computes Zi = h(RIDi ||SK)
Re places old CIDi with new CIDI′ in SC
{Zi }
−−−→ S computesZi∗ = h(IDi ||SK)
checks Zi = Zi
Figure 2: Login and authentication phase
Ui /Smartcard Server S
Ui inputs < IDi , P Wi >
SC computes Fi∗ = H(Ti ) = Fi
A∗i = h(IDi ||P Wi ) = Ai
inputs new P Winew
Anew
i = h(IDi ||P Winew )
new
Bi = h(IDi ||Anew
i )⊕W
replaces < Ai , Bi > widh < Anew i , Binew >
−−−−−−−−−−−−→ −−−−−−−−−−−−→
Secure chanmel insecre charmel
Figure 3: Password change phaseInternational Journal of Network Security, Vol.23, No.5, PP.895-903, Sept. 2021 (DOI: 10.6633/IJNS.202109 23(5).17) 899
U ser U i /Smartcard Server S
Chooses < IDi , P Wi , Ti , r >
ChomputesAi = h(P Wi ||r)
F1 = H(Ti )
RIDi = h(IDi ||r)
−−−−−−−−−−→ Computes W = h(IDs ||x||RIDi )
Bi = h(RIDi ||Ai ) ⊕ W
CIDi = EN Cx (RIDi ||Ran)
Embeds < Fi , CIDi , Ai , Bi , h(·), H(·) > in SC
delivers SC to U
i
←−−−−−−−−−−−−
Figure 4: Registration phase
Step 4: Server computes Zi∗ = h(RIDi ||SK), verifies 6 Security Analysis Using BAN
whetherZi∗ = Zi holds.
Logic
In this section, we use BAN logic to perform a formal
security analysis of the proposed protocol.
4.3 Password Change Phase
Goals: We use the BAN logic structure to prove that our
The password change phase of the proposed scheme is
proposed scheme can achieve mutual authentication.
shown in Figure 6.
SK
Goal 1: U ser| ≡ (U ser ←→ S).
5 Security Analysis of the Pro- SK
Goal 2: S| ≡ (U ser ←→ S) .
posed Scheme The arrangement of proposed scheme to idealized form is
as follows.
1) Privileged insider attack. Once the user sends <
SK
RIDi , Ai , Fi > securely to S. The attacker gets Message 1: U ser → S : {U ser ←→ S, Tc }rj · C1∗ .
all available information from the server and guesses
SK
user password. But IDi , P Wi , Ti and r are never Message 2: S → U ser : {U ser ←→ S, T2 }ri · D1∗ .
sent in plaintext. In addition, r is a random nonce.
Assumptions: We make the following assumptions to an-
2) Replay attack. We add the timestamp to the original alyze our proposed scheme.
scheme. We assume that A listens on the login mes- ri ·D ∗
sage < C2 , CIDi , C4 , T1 > that Ui sends to S. Be- H1: U ser| ≡ (U ser ←→1 S).
cause the timestamp mechanism means is not the lat-
rj ·C ∗
est. The server will check |Ts −T1 | ≤ ∆T . Even if the H2: S| ≡ (U ser ←→1 S).
attacker logs in at the same time as the user, he/she
cannot compute W = (IDs ||x||RIDi∗ ), ∗i = C2 ⊕ W H3: U ser| ≡ #(T2 ).
and pass the test of C4∗ = h(RIDi ∗ ||ri∗ ||W ||T1 ).
H4: S| ≡ #(Tc ).
3) Stolen smart card attack. We assume that A SK
H5: U ser| ≡ S ⇒ (U ser ←→ S).
has stolen SC. A can extract the message <
Fi , CIDi , Ai , Bi , h(·), H(·) > inSC. r is a random SK
H6: S| ≡ U ser ⇒ (U ser ←→ S).
nonce. The A should compute RIDi = h(IDi ||r),
Ai = h(P Wi ||r). The agreement succeeded in fend- Based on the above assumptions and the rules of BAN
ing off the A ’s attack. logic, we analyze the idealized form of the proposed
scheme and the main steps of proof.
4) User impersonation attack. Because the timestamp From Message 1, we have:
mechanism indicates that every session message be- SK
S ◁ {U ser ←→ S, Tc }rj · C1∗ .
tween the two is not delayed and the test of C4∗ =
From H2 and message-meaning rule, we have:
h(RIDi∗ ||ri∗ ||W ||T1 ), where W = h(IDs ||x||RIDi∗ ) SK
and ri∗ = C2 ⊕ W , is not an easy question. The at- S| ≡ U ser| ∼ (U ser ←→ S, Tc ).
tacker cannot be a malicious user with and she/he From H4 and freshness rules, we have:
SK
can masquerade as any user. S| ≡ #(U ser ←→ S, Tc ).International Journal of Network Security, Vol.23, No.5, PP.895-903, Sept. 2021 (DOI: 10.6633/IJNS.202109 23(5).17) 900
U ser Ui /Smartcard Server S
Insert the smart card and
inputs < IDi , P Wi , Ti >
comprtex Fi∗ = H(Ti ) = Fi
A∗i = h(P Wi ||r) = Ai
RIDi∗ = h(IDi ||r) = RIDi
generates random number ri and timestamp T1
C1 = ri · P
W = BI ⊕ h(RIDi ||Ai )
C2 = ri ⊕ W
to S
C4 = h(RIDi ||ri ||W ||Ti ) −−−−−−−−−−−−−−−→ Checks |Ts − T1 | ≤ ∆T
extracts RIDi f rom CIDi
computes W = h(IDs ||x||RIDi )
ri∗ = C2 ⊕ W, C1∗ = ri∗ · P
C4∗ = h(RIDi ||ri∗ ||W ||T1 )
Checks C4∗ = C4
Generates random number rj
D1 = rj · P, SK = rj · C1∗
G1 = D1 + C1∗
Li = h(RIDi∗ ||h1 (D1 )||W ||T2 )
CIDi′ = EN Gx (RIDi ||Ran′ )
Li , G1 M CID ′ , t2
checks |Tc − T2 | ≤ ∆T ←−−−−−−−−−i−−−
∗ ∗
compuges D1 = G1 − C1
L∗i = h(RIDi ||h1 (D1∗ )||W ||T2 )
SK = ri · D1∗ = ri · rj · P
Checks L∗i = Li
Re places old CIDi with new CIDI′ in sc
Computes Zi = h(RIDi ||SK)
i
−−−−−−− −−−−→ S computesZi∗ = h(RIDi ||SK)
?
checks Zi = Zi
Figure 5: Login and authentication phase
Ui /Smartcard Server S
Ui inputs < IDi , P Wi >
SC computes Fi∗ = H(Ti ) = Fi
A∗i = h(P Wi ||r) = Ai
inputs new P Winew
Anew
i = h(P Winew ||r)
RIDi = h(IDi ||R)
Binew = h(RIDi ||Anew
i )⊕W
replaces < Ai , Bi > widh < Anew
i , Binew >
−−−−−−−−−−−−→ −−−−−−−−−−−−→
Secure chanmel insecre charmel
Figure 6: Password change phase
SK SK
From S| ≡ U ser| ∼ (U ser ←→ S, Tc ) and nonce verifi- U ser ◁ {U ser ←→ S, T2 }ri · D1∗ .
cation rule, we have: From H1 and message-meaning rule, we have:
SK SK
S| ≡ U ser| ≡ (U ser ←→ S, Tc ). U ser| ≡ S| ∼ (U ser ←→ S, T2 ).
From message judgment rule, we have: From H3 and freshness rules, we have:
SK SK
S| ≡ U ser| ≡ (U ser ←→ S). U ser| ≡ #(U ser ←→ S, T2 ).
From H6 and message judgment rule, we have: SK
From U ser| ≡ S| ∼ (U ser ←→ S, T2 ) and nonce veri-
SK
S| ≡ (U ser ←→ S). (Goal 2) fication rule, we have:
SK
From Message 2, we have: U ser| ≡ S| ≡ (U ser ←→ S, T2 ).International Journal of Network Security, Vol.23, No.5, PP.895-903, Sept. 2021 (DOI: 10.6633/IJNS.202109 23(5).17) 901
From message judgment rule, we have: Acknowledgments
SK
U ser| ≡ S| ≡ (U ser ←→ S).
The authors gratefully acknowledge the anonymous re-
From H5 and message judgment rule, we have:
SK
viewers for their valuable comments.
U ser| ≡ (U ser ←→ S). (Goal 1)
References
7 Performance Comparison and
[1] D. S. AbdElminaam, ”Improving the security of
Efficiency Analysis cloud computing by building new hybrid cryptogra-
phy algorithms,” International Journal of Electron-
According to the Tables 1. and 3, the proposed agreement ics and Information Engineering, vol. 8, no. 1, pp. 40-
adds a small amount of computing and provides more 48, 2018.
security. [2] G. R. Alavalapati, G. Reddy, A. K. Das, E. J.
In Table 2, F1: Privileged insider attack; F2: Replay Yoon, and K. Y. YOO, ”A secure anonymous au-
attack; F3: Stolen smart card attack; F4: User imperson- thentication protocol for mobile services on elliptic
ation attack; F5: User untraceability; F6: Offline pass- curve cryptography,” IEEE Access, vol. 4, pp. 4394-
word guessing attack; F7: Session key disclosure attack; 4407, 2016.
F8: Server not knowing password; F9: Forward secrecy; [3] R. Amin, G. P. Biswas, ”A secure three-factor user
F10: User anonymity; and F11: Mutual authentication. authentication and key agreement protocol for tmis
with user anonymity,” Journal of Medical Systems,
vol. 39, no. 8, pp. 1-19, 2015.
Table 2: Performance comparison [4] R. Amin, and G. P. Biswas, ”An improved rsa based
Perfo- Amin et al. Amin et al. Lu et al. user authentication and session key agreement pro-
Ours
mance [3] [4] [35] tocol usable in tmis,” Journal of Medical Systems,
F1 No No Yes Yes vol. 39, no. 8, pp. 1-14, 2015.
F1 No No Yes Yes [5] H. Arshad, M. Nikooghadam, ”Three-factor anony-
F2 No No Yes Yes mous authentication and key agreement scheme for
F3 No No Yes Yes telecare medicine information systems,” Journal of
F4 No Yes No Yes Medical Systems, vol. 38, no. 12, pp. 1-12, 2014.
F5 Yes No Yes Yes [6] M. U. Aslam, A. Derhab, et al., ”A survey and
F6 Yes No Yes Yes taxonomy of the authentication schemes in telecare
F7 Yes No Yes Yes medicine information systems,” Journal of Network
F8 Yes No Yes Yes and Computer Applications, vol. 87, pp. 1-19, 2017.
F9 Yes No Yes Yes [7] S. A. Chaudhry, H. Naqvi, and M. K. Khan, ”An en-
F10 Yes Yes No Yes hanced lightweight anonymous biometric based au-
F11 Yes Yes Yes Yes thentication scheme for TMIS,” Multimedia Tools
and Applications, vol. 77, no. 5, pp. 5503-5524, 2018.
[8] A. K. Das, A. Goswami, ”A secure and effi-
In Table 3, Th =Time to compute a one-way hash func- cient uniqueness-and-anonymity-preserving remote
tion; Tf un =Time to compute a symmetric encryption or user authentication scheme for connected health
decryption function [2]; Tmul =Time complexity of a point care,” Journal of Medical Systems. vol. 37, no. 3,
multiplication operation on elliptic. pp. 1-16, 2013.
[9] Y. K. Ever, ”Secure-anonymous user authentication
scheme for e-healthcare application using wireless
8 Conclusions medical sensor networks,” IEEE Systems Journal,
vol. 13, no. 1, pp. 456-467, 2019.
In this paper, we analyse Amin et al.’s authentication pro- [10] S. Challa, A. K. Das, V. Odelu et al., ”An effi-
tocols and find that there were privileged internal attacks, cient ECC-based provably secure three-factor user
replay attacks, stolen smart card attacks and user imper- authentication and key agreement protocol for wire-
sonation attacks on their protocols. In our view, Amin et less healthcare sensor networks,” Computers & Elec-
al.’s protocol has a good framework, so we propose an im- trical Engineering, vol. 69, pp. 534-554, 2018.
proved authentication protocol based on their protocol, [11] P. Chandrakar and H. Om, ”An efficient two-factor
and use the BAN logic structure to prove that our pro- remote user authentication and session key agree-
posed scheme can achieve mutual authentication. And we ment scheme using Rabin cryptosystem,” Arabian
make performance comparison and efficiency analysis for Journal for Science and Engineering, vol. 43, no. 2,
the proposed protocol in Table 2 and Table 3. It can be pp. 661-673, 2018.
seen that our protocol is not adding much computation, [12] W. Feifei, X. Guoai, and G. Lize, ”A secure
but greatly improving security. and efficient ECC-based anonymous authenticationInternational Journal of Network Security, Vol.23, No.5, PP.895-903, Sept. 2021 (DOI: 10.6633/IJNS.202109 23(5).17) 902
Table 3: Comparison regarding computation costs
Amin et al. [3] Amin et al. [4] Lu et al. [35] Ours
User 4Th + Tmul 7Th 5Th + 2Tmul 8Th + 2Tmul
Server 7Th + 4Tmul + 2Tf un 4Th 6Th + 2Tmul 6Th + 3Tmul + 2Tf un
Total 11Th + 5Tmul + 2Tf un 11Th 11Th + 4Tmul 14Th + 5Tmul + 2Tf un
protocol,” Security and Communication Networks, [24] L. Liu, Z. Z. Guo, et al., ”An improvement of one
vol. 2019, no. 1, pp. 1-13, 2019. anonymous identity-based encryption scheme,” In-
[13] Z. Z. Guo, ”Cryptanalysis of a certificateless condi- ternational Journal of Electronics and Information
tional privacy-preserving authentication scheme for Engineering, vol. 9, no. 1, pp. 11-21, 2018.
wireless body area networks,” International Journal [25] W. R. Liu, X. He, Z. Y. Ji, “An improved authenti-
of Electronics and Information Engineering, vol. 11, cation protocol for telecare medical information sys-
no. 1, pp. 1-8, 2019. tem,” International Journal of Electronics and In-
[14] O. Hamdi, M. A. Chalouf, D. Ouattara, F. Krief, formation Engineering, vol. 12, no. 4, pp. 170–181,
”eHealth: Survey on research projects, comparative 2020.
study of telemonitoring architectures and main is- [26] T. Micha, C. Tomas, S. Nathaniel, ”Survey of au-
sues,” Journal of Network and Computer Applica- thentication and authorization for the Internet of
tions, vol. 46, pp. 100-112, 2014. things,” Security and Communication Networks, vol.
[15] M. S. Hwang, Li-Hua Li, “A New Remote User 2018, pp. 1-17.
Authentication Scheme Using Smart Cards”, IEEE [27] M. Mohammad, A. Safiyyeh, ”A survey and tax-
Transactions on Consumer Electronics, vol. 46, no. onomy of the authentication schemes in telecare
1, pp. 28–30, Feb. 2000. medicine information systems,” Journal of Network
[16] M. S. Hwang, J. W. Lo, S. C. Lin, “An efficient user and Computer Applications, vol. 87, no. 2017, pp. 1-
identification scheme based on ID-based cryptosys- 19.
tem”, Computer Standards & Interfaces, vol. 26, no. [28] W. Ping, L. Bin Lin, S. Hong, et al., ”Revisit-
6, pp. 565–569, 2004. ing anonymous two-factor authentication schemes
[17] T. Hwang, Y. Chen, and C. J. Laih, ”Non-interactive for IoT-enabled devices in cloud computing environ-
password authentications without password tables,” ments,” Security and Communication Networks, vol.
in Conference Proceedings of IEEE Region 10 Con- 2019, no. 2, pp. 1-13, 2019.
ference on Computer and Communication Systems [29] N. Ravanbakhsh, M. Nazari, ”An efficient improve-
(TENCON’90), pp. 429-431, 1990. ment remote user mutual authentication and session
[18] M. Jiaqing, H. Zhongwang, L. Yuhua, ”Cryptanaly- key agreement scheme for E-health care systems,”
sis and security improvement of two authentication Multimedia Tools and Applications, vol. 77, pp. 55-
schemes for healthcare systems using wireless med- 88, 2016.
ical sensor networks, Security and Communication [30] S. Shan, ”An efficient certificateless signcryption
Networks, vol. 2020, pp. 1-11, 2020. scheme without random oracles,” International Jour-
[19] A. T. B. Jin, D. N. C. Ling, A. Goh., ”Biohash- nal of Electronics and Information Engineering,
ing: Two factor authentication featuring fingerprint vol. 11, no. 1, pp. 9-15, 2019.
data and tokenised random number,” Pattern Recog- [31] D. R. Shiao, Y. F. Chang, and S. H. Yu, ”A
nition, vol. 37, no. 11, pp. 2245-2255, 2004. uniqueness-and anonymity- preserving remote user
[20] L. Lamport, ”Password authentication with inse- authentication scheme for connected health care,”
cure communication,” Communications of the ACM, Journal of Medical Systems, vol. 37, no. 2, pp. 1-
vol. 24, no. 11, pp. 770-772, 1981. 9, 2013.
[21] C. C. Lee, C. H. Liu, M. S. Hwang, “Guessing at- [32] C. Shouqi, L. Wanrong, C. Liling, et al., ”An
tacks on strong-password authentication protocol”, improved anonymous authentication protocol for
International Journal of Network Security, vol. 15, location-based service,” IEEE Access, vol. 7,
no. 1, pp. 64–67, 2013. pp. 114203-114212, 2019.
[22] C. H. Ling, C. C. Lee, C. C. Yang, and M. S. Hwang, [33] B. Weixin, G. Prosanta, C. Yongqiang, L. Qingde,
“A secure and efficient one-time password authenti- ”Bio-AKA: An efficient fingerprint based two fac-
cation scheme for WSN”, International Journal of tor user authentication and key agreement scheme,”
Network Security, vol. 19, no. 2, pp. 177-181, Mar. Journal of Network and Computer Applications,
2017. vol. 109, pp. 45-55, 2020.
[23] C. H. Liu and Y. F. Chung, ”Secure user authentica- [34] L. Xu, F. Wu, ”Cryptanalysis and improvement of
tion scheme for wireless healthcare sensor networks,” a user authentication scheme preserving uniqueness
Computers & Electrical Engineering, vol. 59, pp. 250- and anonymity for connected health care,” Journal
261, 2017. of Medical Systems, vol. 39, no. 2, pp. 1-9, 2015.International Journal of Network Security, Vol.23, No.5, PP.895-903, Sept. 2021 (DOI: 10.6633/IJNS.202109 23(5).17) 903
[35] L. Yanrong, L. Lixiang, P. Haipeng, Y. Yixian, ”An chanical engineering from Anhui Polytechnic University
enhanced biometric-based authentication scheme for in 2018. Now, he is a student at the College of Engineer-
telecare medicine information systems using elliptic ing Science and Technology, Shanghai Ocean University.
curve cryptosystem,” Journal of Medical Systems, He main research is Internet of things technology.
vol. 39, no. 3, pp. 1-8, 2015.
Ji Zhiyong biography. received his bachelor’s degree
from Nanjing University of Aeronautics and Astronautics
Biography in 2012. He received his MS degree Jiangsu University
in 2017. He is the master’s supervisor of mechanical en-
Liu Wanrong biography. received her bachelor’s degree gineering of Shanghai Ocean University. He is also the
in electrical engineering and automation from Luoyang In- medical equipment senior engineer and deputy director of
stitute of Technology in 2018. Now, she is a student at the Shanghai Sixth People’s Hospital East. His research di-
College of Engineering Science and Technology, Shanghai rections include the development and application of wear-
Ocean University. Her main research is communication able medical devices based on the Internet of things and
security and Internet of things technology. the information security of the medical Internet of things.
He Xin biography. received his bachelor’s degree in me-You can also read
