A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC

Abstract

Background and objectivesTelecare Medicine Information System (TMIS) enables physicians to efficiently and conveniently make certain diagnoses and medical treatment for patients over the insecure public Internet. To ensure patients securely access to medicinal services, many authentication schemes have been proposed. Although numerous cryptographic authentication schemes for TMIS have been proposed with the aim to ensure data security, user privacy and authentication, various forms of attacks make these schemes impractical. MethodsTo design a truly secure and practical authentication scheme for TMIS, a new biometrics-based authentication key exchange protocol for multi-server TMIS without sharing the system private key with distributed servers is presented in this work. ResultsOur proposed protocol has perfect security features including mutual authentication, user anonymity, perfect forward secrecy and resisting various well-known attacks, and these security feathers are confirmed by the BAN logic and heuristic cryptanalysis, respectively. ConclusionsA secure biometrics-based authentication key exchange protocol for multi-server TMIS is presented in this work, which has perfect security properties including perfect forward secrecy, supporting user anonymity, etc., and can withstand various attacks such as impersonation attack, off-line password guessing attack, etc.. Considering security is the most important factor for an authentication scheme, so our scheme is more suitable for multi-server TMIS.