Authenticated Key Agreement Scheme with Strong Anonymity for Multi-Server Environment in TMIS.

Abstract

The technology of Internet of Things (IoT) has appealed to both professionals and the general public to its convenience and flexibility. As a crucial application of IoT, telecare medicine information system (TMIS) provides people a high quality of life and advanced level of medical service. In TMIS, smart card-based authenticated key agreement schemes for multi-server architectures have gathered momentum and positive impetus due to the conventional bound of a single server. However, we demonstrate that most of the protocols in the literatures can not implement strong security features in TMIS, such as Lee et al.'s and Shu's scheme. They store the identity information directly, which fail to provide strong anonymity and suffer from password guessing attack. Then we propose an extended authenticated key agreement scheme (short for AKAS) with strong anonymity for multi-server environment in TMIS, by enhancing the security of the correlation parameters stored in the smart cards and calculating patients' dynamic identities. Furthermore, the proposed chaotic map-based scheme provides privacy protection and is formally proved under Burrows-Abadi-Needham (BAN) logic. At the same, the informal security analysis attests that the AKAS scheme not only could resist the multifarious security attacks but also improve efficiency by 21% compared with Lee et al.'s and Shu's scheme.