Abstract
The Telecare Medicine Information Systems (TMISs) provide an efficient communicating platform supporting the patients access health-care delivery services via internet or mobile networks. Authentication becomes an essential need when a remote patient logins into the telecare server. Recently, many extended chaotic maps based authentication schemes using smart cards for TMISs have been proposed. Li et al. proposed a secure smart cards based authentication scheme for TMISs using extended chaotic maps based on Lee’s and Jiang et al.’s scheme. In this study, we show that Li et al.’s scheme has still some weaknesses such as violation the session key security, vulnerability to user impersonation attack and lack of local verification. To conquer these flaws, we propose a chaotic maps and smart cards based password authentication scheme by applying biometrics technique and hash function operations. Through the informal and formal security analyses, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Li et al.’s scheme. As compared with the previous authentication schemes, the proposed scheme is more secure and efficient and hence more practical for telemedical environments.
Similar content being viewed by others
References
Hsu, C.L., Lee, M.R., Su, C.H, The role of privacy protection in healthcare information systems adoption. J. Med. Syst 37(5):1–12, 2013.
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst 24(4):213–234, 2000.
Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst 36(6):3907–3915, 2012.
Maitra, T., and Giri, D., An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment. J. Med. Syst 38(12):1–19, 2014.
Das, A.K., and Goswami, A., An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function. J. Med. Syst 38(6):27, 2014.
Kim, K.W., and Lee, J.D, On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst 38(5):1–11, 2014.
Alomair, B., and Poovendran, R., Efficient Authentication for Mobile and Pervasive Computing. IEEE Trans on Mobile. Comput 13(3):469–481, 2014.
Sui, Y., Zou, X.K., Du, E.Y., Li, F., Design and analysis of a highly user-friendly, secure, privacy-preserving, and revocable authentication method. IEEE Trans on Comput 63(4):902–916, 2014.
Lu, Y.R., Li, L.X., Peng, H.P., Yang, X., Yang, Y.X.: A lightweight ID based authentication and key agreement protocol for multiserver architecture. Int. J. Distrib. Sens. N. vol. 2015, Article ID 635890, 9 p, 2015. doi:10.1155/2015/635890.
Lu, Y.R., Li, L.X., Yang, Y.X.: Robust and efficient authentication scheme for session initiation protocol. Math. Probl. Eng. vol. 2015, Article ID 894549, 9 p, 2015. doi:10.1155/2015/894549.
Lu, Y.R., Li, L.X., Peng, H.P., Yang, Y.X.: An enhanced biometricbased authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J. Med. Syst. 39(3):1–8, 2015.
Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst 36(3):1529–1535, 2012.
He, D.B., Chen, J.H., Zhang, R., A More Secure Authentication Scheme for Telecare Medicine Information Systems. J Med. Syst. 36(3):1989–1995, 2012.
Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst 36(6): 3833–3838, 2012.
Özkaynak, F., and Yavuz, S., Designing chaotic S-boxes based on time-delay chaotic system. Nonlinear Dyn 74(3):551–557, 2013.
Hussain, I., Shah, T., Gondal, M., Mahmood, H., An efficient approach for the construction of LFT S-boxes using chaotic logistic map. Nonlinear Dyn 71:133–140, 2013.
Khan, M., Shah, T., Mahmood, H., Gondal, M., An efficient method for the construction of block cipher with multichaotic systems. Nonlinear Dyn 71:489–492, 2013.
Gao, B., Shi, Y.F., Yang, C.L., Li, L.X., Wang, L.C., Yang, Y.X., STP-LWE: A variant of learning with error for a flexible encryption. Math. Probl. Eng 341490:1–7, 2014. Article ID 2014.
Xiao, D., Liao, X., Wong, K., An efficient entire chaos based scheme for deniable authentication. Chaos Soliton. Fract 23:1327–1331, 2005.
Tseng, H., Jan, R., Yang, W., A chaotic maps-based key agreement protocol that preserves user anonymity. IEEE Int. Conf. Commun.,1–6, 2009. ICC09.
Niu, Y., and Wang, X., An anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 16(4):1986–1992, 2011.
Xue, K., and Hong, P., Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 17:2969–2977, 2012.
Guo, C., and Chang, C.C., Chaotic maps-based passwordauthenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul 18(6):1433–1440, 2013.
Hao, X., Wang, J., Yang, Q., Yan, X., Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst 37(2):9919, 2013.
Lin, H.Y., Improved chaotic maps-based password-authenticated key agreement using smart cards.Commun. Nonlinear Sci. Numer, Simul. In: doi:10.1016/j.cnsns.2014.05.027 (2014)
Jiang, Q., Ma, J., Lu, X., Tian, Y., Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J. Med. Syst. 38(2):12, 2014.
Lee, T.F., An eEfficient chaotic map-based authentication and key agreement scheme using smart cards for telecare medicine information systems. J. Med. Syst 37(6):9985, 2013.
Li, C.T., Cheng, C.L., Chi, Y.W., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems, J. Med. Syst. 38(9):1–11, 2014.
Gao, B., Li, L.X., Peng, H.P., Kurths, J., Zhang, W.G., Yang, Y.X., Principle for performing attractor transits with single control in Boolean networks. Phys. Rev. E 88,:062706, 2013.
Stallings, W., Cryptography and Network Security: Principles and Practices. 3rd edn. Englewood Cliffs: Prentice Hall, 2003.
Li, C.T., Lee, C.C., Weng, C.Y., An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dyn 74:1133–1143, 2013.
Lee, C.C., Lou, D.C., Li, C.T., An extended chaotic maps-based protocol with key agreement for multiserver environments. Nonlinear Dyn 76(1):853–866, 2014.
Lee, C.C., and Hsu, C.W., A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. Nonlinear Dyn 71:201–211, 2013.
Zhao, D.W., Peng, H.P., Li, L.X., Yang, Y.X., A secret sharing scheme with a short share realizing the (t, n) threshold and the adversary structure. Comput. Math. Appl 64(4):611–615, 2012.
Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput 51(5):541–552, 2002.
Hölbl, M., Welzer, T., Brumen, B., An improved two-party identity-based authenticated key agreement protocol using pairings, J. Cmput. Syst 78:142–150, 2012.
Bergamo, P., Arco, P., Santis, A., Kocarev, L., Security of public key cryptosystems based on Chebyshev polynomials. IEEE. Trans. Circ. Syst. I 52:1382–1393, 2005.
Lumini, A., and Nanni, L., An improved biohashing for human authentication. Pattern Recognition 40(3):1057–1065, 2007.
Das, A.K., and Goswami, A., An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function. J. Med. Syst 38(6):27, 2014.
Burrow, M., Abadi, M., Needham, R., A logic of authentication. ACM Trans on Compu. Syst. 8:18–36, 1990.
Zhao, D.W., Peng, H.P., Li, L.X., Yang, Y.X., A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wireless Pers. Commun 78:247–269, 2013. doi:10.1007/s11277-014-1750-y.
Lamport, L., Password authentication with insecure communication. Commun.ACM 24(11):770–772, 1981.
Odelu, V., Das, A.K., Goswami, A., A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inform Sciences 269(10):270–285, 2014.
Das, A.K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system, J. Med. Syst 37:9969, 2013.
Acknowledgments
The authors would like to thank all the anonymous reviewers for their helpful advice. This paper is supported by the National Natural Science Foundation of China (Grant No. 61121061), the Beijing Natural Science Foundation (Grant No. 4142016), and the Asia Foresight Program under NSFC Grant (Grant No. 61411146001).
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Mobile Systems
Rights and permissions
About this article
Cite this article
Lu, Y., Li, L., Peng, H. et al. Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps. J Med Syst 39, 65 (2015). https://doi.org/10.1007/s10916-015-0229-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-015-0229-z