The evolution of cloud computing and Internet of Things (IoT) paradigms has made real time monitoring of patients by remote medical professionals feasible and patients take benefits of healthcare services at home. In these situations patient data gets stored at the centralized healthcare center, from where it can be accessed by a medical professional at regular intervals. However, this makes the patient’s privacy a critical issue due to the open wireless environment. Recently, many authentication schemes for healthcare services have been proposed in the literature and it has been observed that most of the schemes cannot completely achieve the security requirements and they furthermore do not consider the issue of how a medical professional access cloud server data. In this paper, we propose a multi-factor authentication scheme based on elliptic curve cryptography which allows only a legal medical professional to access patient’s medical data stored on the cloud server. Furthermore, the web based AVISPA tool is used for formal analysis and it confirms that the scheme is secure against active and passive attacks including replay and man-in-the-middle attacks. Also, a comparison of security features and performance analysis proves that the scheme offers a strong defense against security attacks and also achieves session key agreement.
H.Alemdar and C.Ersoy, Wireless sensor networks for healthcare: A survey, Computer Networks54(15) (2010), 2688–2710. doi:10.1016/j.comnet.2010.05.003.
2.
R.Amin and G.P.Biswas, A secure three-factor user authentication and key agreement protocol for TMIS with user anonymity, Journal of Medical Systems39(8) (2015), 78. doi:10.1007/s10916-015-0258-7.
3.
A.Armando, D.Basin, J.Cuellar, M.Rusinowitch and L.Viganò, AVISPA: Automated validation of internet security protocols and applications, ERCIM News64 (2006).
4.
H.Arshad and M.Nikooghadam, Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems, Journal of Medical Systems38(12) (2014), 136. doi:10.1007/s10916-014-0136-8.
5.
H.Chen, L.Ge and L.Xie, A user authentication scheme based on elliptic curves cryptography for wireless ad hoc networks, Sensors15(7) (2015), 17057–17075. doi:10.3390/s150717057.
6.
T.-H.Chen, Y.-C.Chen, W.-K.Shih and H.-W.Wei, An efficient anonymous authentication scheme for mobile pay-TV, Journal of Network and Computer Applications34(4) (2011), 1131–1137. doi:10.1016/j.jnca.2010.11.005.
7.
A.K.Das, Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards, IET Information Security5(3) (2011), 145–151. doi:10.1049/iet-ifs.2010.0125.
8.
M.L.Das, Two-factor user authentication in wireless sensor networks, IEEE Transactions on Wireless Communications8(3) (2009), 1086–1090. doi:10.1109/TWC.2008.080128.
9.
H.Debiao, C.Jianhua and Z.Rui, A more secure authentication scheme for telecare medicine information systems, Journal of Medical Systems36(3) (2012), 1989–1995. doi:10.1007/s10916-011-9658-5.
10.
P.K.Dhillon and S.Kalra, A lightweight biometrics based remote user authentication scheme for IoT services, Journal of Information Security and Applications34 (2017), 255–270. doi:10.1016/j.jisa.2017.01.003.
11.
P.K.Dhillon and S.Kalra, Secure multi-factor remote user authentication scheme for Internet of Things environments, International Journal of Communication Systems30(16) (2017), e3323. doi:10.1002/dac.3323.
12.
P.K.Dhillon and S.Kalra, Multi-factor user authentication scheme for IoT-based healthcare services, Journal of Reliable Intelligent Environments4(3) (2018), 141–160. doi:10.1007/s40860-018-0062-5.
13.
Y.Dodis, L.Reyzin and A.Smith, Fuzzy extractors: How to generate strong keys from biometrics and other noisy data, in: International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2004, pp. 523–540. doi:10.1007/978-3-540-24676-3_31.
14.
D.Dolev and A.Yao, On the security of public key protocols, IEEE Transactions on Information Theory29(2) (1983), 198–208. doi:10.1109/TIT.1983.1056650.
15.
A.V.Halteren, R.Bults, K.Wac, D.Konstantas, I.Widya, N.Dokovsky, G.Koprinkov, V.Jones and R.Herzog, Mobile patient monitoring: The mobihealth system, Journal on Information Technology in Healthcare2(5) (2004), 365–373. doi:10.1109/IEMBS.2009.5333477.
16.
X.Hao, J.Wang, Q.Yang, X.Yan and P.Li, A chaotic map-based authentication scheme for telecare medicine information systems, Journal of Medical Systems37(2) (2013), 9919. doi:10.1007/s10916-012-9919-y.
17.
T.Hayajneh, P.Krishnamurthy, D.Tipper and A.Le, Secure neighborhood creation in wireless ad hoc networks using hop count discrepancies, Mobile Networks and Applications17(3) (2012), 415–430. doi:10.1007/s11036-011-0334-2.
18.
F.Hu, M.Jiang, M.Wagner and D.-C.Dong, Privacy-preserving telecardiology sensor networks: Toward a low-cost portable wireless hardware/software codesign, IEEE Transactions on Information Technology in Biomedicine11(6) (2007), 619–627. doi:10.1109/TITB.2007.894818.
19.
Y.-M.Huang, M.-Y.Hsieh, H.-C.Chao, S.-H.Hung and J.H.Park, Pervasive secure access to a hierarchical sensor-based healthcare monitoring architecture in wireless heterogeneous networks, IEEE Journal on Selected Areas in Communication27(4) (2009), 400–411. doi:10.1109/JSAC.2009.090505.
20.
Q.Jiang, J.Ma, X.Lu and Y.Tian, Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems, Journal of Medical Systems38(2) (2014), 12. doi:10.1007/s10916-014-0012-6.
21.
H.H.Kilinc and T.Yanik, A survey of SIP authentication and key agreement schemes, IEEE Communications Surveys and Tutorials16(2) (2004), 1005–1023. doi:10.1109/SURV.2013.091513.00050.
22.
N.Koblitz, A.Menezes and S.Vanstone, The state of elliptic curve cryptography, Designs, Codes and Cryptography19(2–3) (2000), 173–193. doi:10.1023/A:1008354106356.
23.
X.H.Le, M.Khalid, R.Sankar and S.Lee, An efficient mutual authentication and access control scheme for wireless sensor networks in healthcare, Journal of Networks6(3) (2011), 355–364. doi:10.4304/jnw.6.3.355-364.
24.
F.T.Lee, An efficient chaotic map-based authentication and key agreement scheme using smart cards for telecare medicine information systems, Journal of Medical Systems37(6) (2013), 9985. doi:10.1007/s10916-013-9985-9.
25.
C.-T.Li, T.-Y.Wu, C.-L.Chen, C.-C.Lee and C.-M.Chen, An efficient user authentication and user anonymity scheme with provably security for IoT-based medical care system, Sensors17(7) (2017), 1482. doi:10.3390/s17071482.
26.
C.T.Li and C.C.Lee, A novel user authentication and key agreement scheme with smart cards over insecure networks, International Information Institute (Tokyo). Information17(4) (2014), 1271–1284.
27.
C.Liu and Y.Chung, Secure user authentication scheme for wireless healthcare sensor networks, Computers and Electrical Engineering59 (2017), 250–261. doi:10.1016/j.compeleceng.2016.01.002.
28.
Y.Lu, L.Li, H.Peng and Y.Yang, An enhanced biometric based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem, Journal of Medical Systems39(3) (2015), 32–39. doi:10.1007/s10916-015-0221-7.
29.
C.Lv, M.Ma, H.Li, J.Ma and Y.Zhang, An novel three-party authenticated key exchange protocol using one-time key, Journal of Network and Computer Applications36(1) (2013), 498–503. doi:10.1016/j.jnca.2012.04.006.
30.
K.Malasri and L.Wang, Design and implementation of a secure wireless mote-based medical sensor network, Sensors9(8) (2009), 6273–6297. doi:10.3390/s90806273.
31.
V.S.Miller, Use of elliptic curves in cryptography, in: Conference on the Theory and Application of Cryptographic Techniques, Springer, Berlin, Heidelberg, 1985, pp. 417–426. doi:10.1007/3-540-39799-X_31.
32.
D.Mishra, S.Mukhopadhyay, S.Kumari, M.K.Khan and A.Chaturvedi, Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce, Journal of Medical Systems38(5) (2014), 41. doi:10.1007/s10916-014-0041-1.
33.
J.Mohammed, C.-H.Lung, A.Ocneanu, A.Thakral, C.Jones and A.Adler, Internet of Things: Remote patient monitoring using web services and cloud computing, in: Internet of Things (iThings), 2014 IEEE International Conference on, and Green Computing and Communications (GreenCom), IEEE and Cyber, Physical and Social Computing (CPSCom), IEEE, 2014, pp. 256–263. doi:10.1109/iThings.2014.45.
34.
L.Shi, M.Li, S.Yu and J.Yuan, BANA: Body area network authentication exploiting channel characteristics, in: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2012, pp. 27–38. doi:10.1145/2185448.2185454.
35.
W.Shi and P.Gong, A new user authentication scheme for wireless sensor networks using elliptic curves cryptography, International Journal of Distributed Sensor Networks9(4) (2013), 730831. doi:10.1155/2013/730831.
36.
K.Srivastava, A.K.Awasthi and R.Mittal, A review on remote user authentication schemes using smart cards, in: Quality, Reliability, Security and Robustness in Heterogeneous Networks, Springer, 2013, pp. 729–749. doi:10.1007/978-3-642-37949-9_64.
37.
Z.Tan, An efficient biometrics-based authentication scheme for telecare medicine information systems, Network2(3) (2013), 200–204.
38.
D.Thilakanathan, S.Chen, S.Nepal, R.Calvo and L.Alem, A platform for secure monitoring and sharing of generic health data in the Cloud, Future Generation Computer Systems35 (2014), 102–113. doi:10.1016/j.future.2013.09.011.
39.
H.-R.Tseng, R.-H.Jan and W.Yang, An improved dynamic user authentication scheme for wireless sensor networks, in: IEEE GLOBECOM 2007 – IEEE Global Telecommunications Conference, 2007, pp. 986–990. doi:10.1109/GLOCOM.2007.190.
40.
R.Watro, D.Kong, S.Cuti, C.Gardiner, C.Lynn and P.Kruus, TinyPK: Securing sensor networks with public key technology, in: Proceedings of the 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks, 2004, pp. 59–64. doi:10.1145/1029102.1029113.
41.
J.Wei, H.Xuexian and W.Liu, An improved authentication scheme for telecare medicine information systems, Journal of Medical Systems36(6) (2012), 3597–3604. doi:10.1007/s10916-012-9835-1.
42.
K.H.M.Wong, Y.Zheng, J.Cao and S.Wang, A dynamic user authentication scheme for wireless sensor networks, in: IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC ’06), Vol. 1, 2006, pp. 1–8. doi:10.1109/SUTC.2006.1636182.
43.
F.Wu, L.Xu, S.Kumari, X.Li, A.K.Das and J.Shen, A lightweight and anonymous RFID tag authentication scheme with cloud assistance for e-healthcare applications, Journal of Ambient Intelligence and Humanized Computing9 (2018), 919–930. doi:10.1007/s12652-017-0485-5.
44.
Z.Y.Wu, C.Y.Lee, F.Lai, C.H.Lee and Y.Chung, A secure authentication scheme for telecare medicine information systems, Journal of Medical Systems36(3) (2012), 1529–1535. doi:10.1007/s10916-010-9614-9.
45.
X.Xu, P.Zhu, Q.Wen, Z.Jin, H.Zhang and L.He, A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems, Journal of Medical Systems38(1) (2014), 9994. doi:10.1007/s10916-013-9994-8.
46.
X.Yan, W.Li, P.Li, J.Wang, X.Hao and P.Gong, A secure biometrics-based authentication scheme for telecare medicine information systems, Journal of Medical Systems37 (2013), 9972. doi:10.1007/s10916-013-9972-1.
47.
H.-L.Yeh, T.-H.Chen, P.-C.Liu, T.-H.Kim and H.-W.Wei, A secured authentication scheme for wireless sensor networks using elliptic curves cryptography, Sensors11(5) (2011), 4767–4779. doi:10.3390/s110504767.
48.
E.-J.Yoon and K.-Y.Yoo, A new biometric-based user authentication scheme without using password for wireless sensor networks, in: Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), 2011 20th IEEE International Workshops on, 2011, pp. 279–284. doi:10.1109/WETICE.2011.47.
49.
J.Yuan, C.Jiang and Z.Jiang, A biometric-based user authentication for wireless sensor networks, Wuhan University Journal of Natural Sciences15(3) (2010), 272–276. doi:10.1007/s11859-010-0318-2.
50.
Z.Zhang, H.Wang, A.V.Vasilakos and H.Fang, ECG-cryptography and authentication in body area networks, IEEE Transactions on Information Technology in Biomedicine16(6) (2012), 1070–1078. doi:10.1109/TITB.2012.2206115.
51.
Z.Zhao, An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem, Journal of Medical Systems38(2) (2014), 1–7. doi:10.1007/s10916-014-0013-5.
52.
Z.Zhu, An efficient authentication scheme for telecare medicine information systems, Journal of Medical Systems36(6) (2012), 3833–3838. doi:10.1007/s10916-012-9856-9.
