- Volume 8 Issue 3
DOI QR Code
A Strong Biometric-based Remote User Authentication Scheme for Telecare Medicine Information Systems with Session Key Agreement
- An, Younghwa (Computer Media Information Engineering, Kangnam University)
- Received : 2016.06.15
- Accepted : 2016.07.15
- Published : 2016.08.31
Recently, many biometrics-based user authentication schemes for telecare medicine information systems (TMIS) have been proposed to improve the security problems in user authentication system. In 2014, Mishra et al. proposed an improvement of Awasthi-Srivastava's biometric based authentication for TMIS which is secure against the various attacks and provide mutual authentication, efficient password change. In this paper, we discuss the security of Mishra et al.'s authentication scheme, and we have shown that Mishra et al.'s authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to remove these security problems of Mishra et al.'s authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved biometric based authentication scheme is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack and provides mutual authentication between the user and the telecare system.
Supported by : Kangnam University
- L. Lamport, "Password Authentication with Insecure Communication," Communications of the ACM, vol. 24, no. 11, pp. 770-772, 1987. https://doi.org/10.1145/358790.358797
- M.S. Hwang and L.H. Li, "A New Remote User Authentication Scheme Using Smart Cards," IEEE Transactions on Consumer Electronics, vol. 46, pp. 28-30, 2000. https://doi.org/10.1109/30.826377
- M.L. Das, A. Sxena and V.P. Gulathi, "A Dynamic ID-based Remote User Authentication Scheme," IEEE Transactions on Consumer Electronics, vol. 50, no. 2, pp. 629-631, 2004. https://doi.org/10.1109/TCE.2004.1309441
- C.W. Lin, C.S. Tsai and M.S. Hwang, "A New Strong-Password Authentication Scheme Using One-Way Hash Functions," Journal of Computer and Systems Sciences International, vol.45, no.4, pp. 623-626, 2006. https://doi.org/10.1134/S1064230706040137
- R.J. Robies and T.H. Kim," Applying Asymmetric Key Encryption to Secure Internet based SCADA," The International Journal of Internet, Broadcasting and Communication (IJIBC), vol. 4, no. 2, pp. 17-21, 2012. https://doi.org/10.7236/IJIBC.2012.4.2.17
- S.M. Woo and M. Lee," Sensors Network and Security and Multimedia Enhancement," The International Journal of Internet, Broadcasting and Communication (IJIBC), vol. 8, no. 1, pp. 64-76, Feb 2016. https://doi.org/10.7236/IJIBC.2016.8.1.64
- C.C. Chang, S.C. Chang and Y.W. Lai, "An Improved Biometrics-based User Authentication Scheme without Concurrency System," International Journal of Intelligent Information Processing, vol.1, no.1, pp. 41-49, 2010. https://doi.org/10.4156/ijiip.vol1.issue1.5
- C.T. Li and M.S. Hwang, "An Efficient Biometrics-based Remote User Authentication Scheme Using Smart Cards," Journal of Network and Computer Applications, vol. 33, pp. 1-5, 2010. https://doi.org/10.1016/j.jnca.2009.08.001
- A.K. Das, "Analysis and Improvement on an Efficient Biometric-based Remote User Authentication Scheme Using Smart Cards," IET Information Security, vol.5, Iss. 3, pp. 541-552, 2011.
- A.K. Awasthi, K. Srivastava, "A Biometrics Authentication Scheme for Telecare Medicine Information Systems with Nonce," Journal of Medicine Systems, vol. 37(5), pp. 1-4, 2013.
- D. Mishra, S. Mukhopadhyay, S. Kumar, M.K. Kyan, A.Chaturvedi, "Security Enhancement of a Biometric based Authentication Scheme for Telecare Medicine Information Systems with Nonce," Journal of Medicine Systems, vol. 38(41), pp. 1-11, 2014. https://doi.org/10.1007/s10916-013-0001-1
- P. Kocher, J. Jaffe and B. Jun, "Differential Power Analysis," Proceedings of Advances in Cryptology, pp. 388-397, 1999.
- T. S. Messerges, E. A. Dabbish and R.H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks," IEEE Transactions on Computers, vol. 51, no. 5, pp. 541-552, 2002. https://doi.org/10.1109/TC.2002.1004593