[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content
Log in

On the designing a secure biometric-based remote patient authentication scheme for mobile healthcare environments

  • Original Research
  • Published:
Journal of Ambient Intelligence and Humanized Computing Aims and scope Submit manuscript

Abstract

Internet of medical things (IoMT) is bringing many opportunities for healthcare and our personal lives. For example, using this technology a healthcare provider can remotely monitor, collect and analyze data of patients using smart sensors that are connected to them. With this trend on the rise, data protection and information security in healthcare environments are now major concerns. Authentication before starting the data transmission is a common approach to provide data security. Recently, Mohammedi et al. have proposed a lightweight biometric-based authentication scheme for mobile healthcare environments and have claimed that their scheme is secure against known attacks in the context of RFID authentication protocols. However, in this paper, we provide a more detailed analysis of the this scheme and show that their protocol is vulnerable to a man-in-the-middle attack. Furthermore, we demonstrate that their protocol does not provide other security requirements such as forward secrecy, anonymity, and untraceability. To remedy these weaknesses, we propose an improved scheme and demonstrate that the proposed scheme can withstand common attacks while it requires approximately 23% less computation time and 50% less communication overhead than the Mohammedi et al. scheme. We also formally evaluate the security of the proposed protocol by Scyther tool, which is a widely accepted automated tool for this purpose.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

References

  • Ali R, Pal AK (2018) Cryptanalysis and biometric-based enhancement of a remote user authentication scheme for e-healthcare system. Arab J Sci Eng 43(12):7837–7852

    Article  Google Scholar 

  • Amin R, Islam SH, Biswas GP, Khan MK, Li X (2015) Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J Med Syst 39(11):140

    Article  Google Scholar 

  • An Y (2012) Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. J Biomed Biotechnol 2012:1–6

    Article  Google Scholar 

  • Bayrakdar ME (2019) Fuzzy logic based coordinator node selection approach in wireless medical sensor networks. In: 2019 4th international conference on computer science and engineering (UBMK). IEEE, pp 340–343

  • Bayrakdar ME (2019) Priority based health data monitoring with IEEE 802.11af technology in wireless medical sensor networks. Med Biol Eng Comput 57(12):2757–2769

    Article  Google Scholar 

  • Bayrakdar ME (2020) Cooperative communication based access technique for sensor networks. Int J Electron 107(2):212–225

    Article  Google Scholar 

  • Bendavid Y, Bagheri N, Safkhani M, Rostampour S (2018) Iot device security: challenging “A lightweight RFID mutual authentication protocol based on physical unclonable function”. Sensors 18(12):1–19

    Article  Google Scholar 

  • Bin Muhaya FT (2015) Cryptanalysis and security enhancement of Zhu’s authentication scheme for telecare medicine information system. Secur Commun Netw 8(2):149–158

    Article  Google Scholar 

  • Challa S, Wazid M, Das AK, Khan MK (2018) Authentication protocols for implantable medical devices: Taxonomy, analysis and future directions. IEEE Consum Electron Mag 7(1):57–65

    Article  Google Scholar 

  • Chang Y-F, Yu S-H, Shiao D-R (2013) A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J Med Syst 37(2):9902

    Article  Google Scholar 

  • Chen Y, Fondeur J-C (2009) Biometric algorithms. Springer US, Boston, pp 64–68

    Google Scholar 

  • Cremers C (2020) Cispa. https://people.cispa.io/cas.cremers/publications/index.html

  • Cremers C, Mauw S, Samarin A (2012) Operational semantics and verification of security protocols. Information security and cryptography. Springer, Berlin

    Book  Google Scholar 

  • Das AK (2011) Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf Secur 5(3):145–151

    Article  Google Scholar 

  • Das AK, Goswami A (2013) A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J Med Syst 37(3):9948

    Article  Google Scholar 

  • Dharanesh CM, Prasad R, Patil CM (2017) Feature extraction classification for personal identification using iris. In: 2017 international conference on current trends in computer, electrical, electronics and communication (CTCEEC), pp 431–435

  • Farash MS, Nawaz O, Mahmood K, Chaudhry SA, Khan MK (2016) A provably secure RFID authentication protocol based on elliptic curve for healthcare environments. J Med Syst 40(7):165

    Article  Google Scholar 

  • Fei L, Zhang B, Jia W, Wen J, Zhang D (2020) Feature extraction for 3-D palmprint recognition: a survey. IEEE Trans Instrum Meas 69(3):645–656

    Google Scholar 

  • Figueroa I (2020) ECC scalar multiplications. https://github.com/ifigueroam/Crypto

  • He D, Zeadally S (2015) An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J 2(1):72–83

    Article  Google Scholar 

  • Jiang Q, Ma J, Tian Y et al (2015) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of zhang. Int J Commun Syst 28(7):1340–1351

    Article  Google Scholar 

  • Lee E (2020) RSA encryption. https://github.com/suciluz/multithreaded-rsa-encryption/blob/master/encryption.cpp

  • Li C-T, Hwang M-S (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5

    Article  Google Scholar 

  • Li X, Niu J, Karuppiah M, Kumari S, Wu F (2016) Secure and efficient two-factor user authentication scheme with user anonymity for network based e-health care applications. J Med Syst 40(12):268

    Article  Google Scholar 

  • Li X, Niu J, Kumari S, Liao J, Liang W, Khan MK (2016) A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity. Secur Commun Netw 9(15):2643–2655

    Article  Google Scholar 

  • Maitra T, Obaidat MS, Amin R, Islam SH, Chaudhry SA, Giri D (2017) A robust elgamal-based password-authentication protocol using smart card for client-server communication. Int J Commun Syst 30(11):e3242

    Article  Google Scholar 

  • Mohammedi M, Omar M, Bouabdallah A (2018) Secure and lightweight remote patient authentication scheme with biometric inputs for mobile healthcare environments. J Ambient Intell Humaniz Comput 9(5):1527–1539

    Article  Google Scholar 

  • Moosavi SR, Gia TN, Rahmani A-M, Nigussie E, Virtanen S, Isoaho J, Tenhunen H (2015) Sea: a secure and efficient authentication and authorization architecture for iot-based healthcare using smart gateways. Proc Comput Sci 52:452–459. In: The 6th international conference on ambient systems, networks and technologies (ANT-2015), the 5th international conference on sustainable energy information technology (SEIT-2015)

  • Reid S (2020) SHA1 hash function c implementation. https://github.com/clibs/sha1/blob/master/sha1.c

  • Sun D-Z, Zhong J-D (2016) Cryptanalysis of a hash based mutual RFID tag authentication protocol. Wirel Pers Commun 91(3):1085–1093

    Article  Google Scholar 

  • Tewari A, Gupta BB (2017) Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for iot devices using rfid tags. J Supercomput 73(3):1085–1102

    Article  Google Scholar 

  • Wang C, Wang D, Xu G, Guo Y (2017) A lightweight password-based authentication protocol using smart card. Int J Commun Syst 30(16):e3336

    Article  Google Scholar 

  • Wang K-H, Chen C-M, Fang W, Wu T-Y (2018) On the security of a new ultra-lightweight authentication protocol in iot environment for rfid tags. J Supercomput 74(1):65–70

    Article  Google Scholar 

  • Wu F, Xu L, Kumari S, Li X (2017) A new and secure authentication scheme for wireless sensor networks with formal proof. Peer Peer Netw Appl 10(1):16–30

    Article  Google Scholar 

  • Wu F, Li X, Sangaiah AK, Xu L, Kumari S, Wu L, Shen J (2018) A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Future Gener Comput Syst 82:727–737

    Article  Google Scholar 

  • Xie Q, Wong DS, Wang G, Tan X, Chen K, Fang L (2017) Provably secure dynamic id-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Trans Inf Forensics Secur 12(6):1382–1392

    Article  Google Scholar 

  • Yangchao Z (2020) AES encryption algorithm c implementation. https://github.com/zhouyangchao/AES/blob/master/aes.c

Download references

Acknowledgement

The authors gratefully thank all the anonymous reviewers for their valuable comments which helped us to improve the presentation of the work significantly. Nasour Bagheri was supported in part by the Iran National Science Foundation (INSF) under contract No. 98010674.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Nasour Bagheri.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Adeli, M., Bagheri, N. & Meimani, H.R. On the designing a secure biometric-based remote patient authentication scheme for mobile healthcare environments. J Ambient Intell Human Comput 12, 3075–3089 (2021). https://doi.org/10.1007/s12652-020-02465-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12652-020-02465-2

Keywords

Navigation