Cryptanalysis and improvement of ‘a secure authentication scheme for telecare medical information system’ with nonce verification

Dr. Zeeshan Siddiqui, Muhammad Khurram Khan, Abdul Hanan Abdullah, Abdullah Alghamdi

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

In 2009, Xu et al. presented an improved smartcard based authentication scheme while using a security model previously applied by Bellare et al. to prove the security of their authentication methods. Later on, in 2012, Wu et al. pointed out number of authentication attacks in Xu et al. scheme. To address these issues, Wu et al. presented a Smartcard based Two-Factor Authentication (2FA) scheme for Telecare Medical Information System (TMIS) facility. In this study, we prove that authentication scheme of Wu et al. is still vulnerable to impersonation attack, offline password guessing attack, forgery attack and many other attacks. Moreover, number of performance and verification issues are also outlined in the authentication scheme of Wu et al. To overcome these issues, an improved and enhanced 3FA Smartphone based authentication method is proposed on a Cloud Computing environment. The proposed scheme is further corroborated using Burrows-Abadi-Needham logic (BAN logic) nonce verification. The detailed BAN logic verification and further security analysis shows that the proposed authentication protocol is highly reliable and secure in terms of message verifications, message freshness and trustworthiness of its origin. Moreover, the comparative security, performance and feature analysis shows that the proposed work yields an even more improved and enhanced authentication framework as compared to Wu et al. authentication scheme.
Original languageEnglish
Pages (from-to)841-853
Number of pages13
JournalPeer-to-Peer Networking and Applications
Volume9
Issue number5
Early online date23 May 2015
DOIs
Publication statusE-pub ahead of print - 23 May 2015
Externally publishedYes

Fingerprint

Medical information systems
Authentication
Smartphones
Cloud computing

Keywords

  • Smartphone
  • Smartcard
  • remote user authentication
  • Authentication protocols
  • Three-factor authentification
  • Telecare medical information system
  • TMIS
  • BAN logic
  • Cloud computing

Cite this

@article{4d15c9ac46634732bc43faffa42b7bef,
title = "Cryptanalysis and improvement of ‘a secure authentication scheme for telecare medical information system’ with nonce verification",
abstract = "In 2009, Xu et al. presented an improved smartcard based authentication scheme while using a security model previously applied by Bellare et al. to prove the security of their authentication methods. Later on, in 2012, Wu et al. pointed out number of authentication attacks in Xu et al. scheme. To address these issues, Wu et al. presented a Smartcard based Two-Factor Authentication (2FA) scheme for Telecare Medical Information System (TMIS) facility. In this study, we prove that authentication scheme of Wu et al. is still vulnerable to impersonation attack, offline password guessing attack, forgery attack and many other attacks. Moreover, number of performance and verification issues are also outlined in the authentication scheme of Wu et al. To overcome these issues, an improved and enhanced 3FA Smartphone based authentication method is proposed on a Cloud Computing environment. The proposed scheme is further corroborated using Burrows-Abadi-Needham logic (BAN logic) nonce verification. The detailed BAN logic verification and further security analysis shows that the proposed authentication protocol is highly reliable and secure in terms of message verifications, message freshness and trustworthiness of its origin. Moreover, the comparative security, performance and feature analysis shows that the proposed work yields an even more improved and enhanced authentication framework as compared to Wu et al. authentication scheme.",
keywords = "Smartphone, Smartcard, remote user authentication, Authentication protocols, Three-factor authentification, Telecare medical information system, TMIS, BAN logic, Cloud computing",
author = "Siddiqui, {Dr. Zeeshan} and Khan, {Muhammad Khurram} and Abdullah, {Abdul Hanan} and Abdullah Alghamdi",
year = "2015",
month = "5",
day = "23",
doi = "10.1007/s12083-015-0364-9",
language = "English",
volume = "9",
pages = "841--853",
journal = "Peer-to-Peer Networking and Applications",
issn = "1936-6442",
publisher = "Springer",
number = "5",

}

Cryptanalysis and improvement of ‘a secure authentication scheme for telecare medical information system’ with nonce verification. / Siddiqui, Dr. Zeeshan; Khan, Muhammad Khurram; Abdullah, Abdul Hanan; Alghamdi, Abdullah.

In: Peer-to-Peer Networking and Applications, Vol. 9, No. 5, 23.05.2015, p. 841-853.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Cryptanalysis and improvement of ‘a secure authentication scheme for telecare medical information system’ with nonce verification

AU - Siddiqui, Dr. Zeeshan

AU - Khan, Muhammad Khurram

AU - Abdullah, Abdul Hanan

AU - Alghamdi, Abdullah

PY - 2015/5/23

Y1 - 2015/5/23

N2 - In 2009, Xu et al. presented an improved smartcard based authentication scheme while using a security model previously applied by Bellare et al. to prove the security of their authentication methods. Later on, in 2012, Wu et al. pointed out number of authentication attacks in Xu et al. scheme. To address these issues, Wu et al. presented a Smartcard based Two-Factor Authentication (2FA) scheme for Telecare Medical Information System (TMIS) facility. In this study, we prove that authentication scheme of Wu et al. is still vulnerable to impersonation attack, offline password guessing attack, forgery attack and many other attacks. Moreover, number of performance and verification issues are also outlined in the authentication scheme of Wu et al. To overcome these issues, an improved and enhanced 3FA Smartphone based authentication method is proposed on a Cloud Computing environment. The proposed scheme is further corroborated using Burrows-Abadi-Needham logic (BAN logic) nonce verification. The detailed BAN logic verification and further security analysis shows that the proposed authentication protocol is highly reliable and secure in terms of message verifications, message freshness and trustworthiness of its origin. Moreover, the comparative security, performance and feature analysis shows that the proposed work yields an even more improved and enhanced authentication framework as compared to Wu et al. authentication scheme.

AB - In 2009, Xu et al. presented an improved smartcard based authentication scheme while using a security model previously applied by Bellare et al. to prove the security of their authentication methods. Later on, in 2012, Wu et al. pointed out number of authentication attacks in Xu et al. scheme. To address these issues, Wu et al. presented a Smartcard based Two-Factor Authentication (2FA) scheme for Telecare Medical Information System (TMIS) facility. In this study, we prove that authentication scheme of Wu et al. is still vulnerable to impersonation attack, offline password guessing attack, forgery attack and many other attacks. Moreover, number of performance and verification issues are also outlined in the authentication scheme of Wu et al. To overcome these issues, an improved and enhanced 3FA Smartphone based authentication method is proposed on a Cloud Computing environment. The proposed scheme is further corroborated using Burrows-Abadi-Needham logic (BAN logic) nonce verification. The detailed BAN logic verification and further security analysis shows that the proposed authentication protocol is highly reliable and secure in terms of message verifications, message freshness and trustworthiness of its origin. Moreover, the comparative security, performance and feature analysis shows that the proposed work yields an even more improved and enhanced authentication framework as compared to Wu et al. authentication scheme.

KW - Smartphone

KW - Smartcard

KW - remote user authentication

KW - Authentication protocols

KW - Three-factor authentification

KW - Telecare medical information system

KW - TMIS

KW - BAN logic

KW - Cloud computing

U2 - 10.1007/s12083-015-0364-9

DO - 10.1007/s12083-015-0364-9

M3 - Article

VL - 9

SP - 841

EP - 853

JO - Peer-to-Peer Networking and Applications

JF - Peer-to-Peer Networking and Applications

SN - 1936-6442

IS - 5

ER -