Abstract
Telecare medical information systems (TMIS) allow patients remotely login medical service providers to acquire their medical information and track their health status through unsecured public networks. Hence, the privacy of patients is vulnerable to various types of security threats and attacks, such as the leakage of medical records or login footprints and the forgery attacks. Many anonymous three-factor authentication and key agreement (AKA) schemes have been proposed for TMIS with single server, but none of them is suited for TMIS with multiple servers. In this paper, we propose a biometric-based three-factor AKA scheme to protect user anonymity and untraceability in TMIS with multiple servers. We will construct a security model of a three-factor AKA scheme with user anonymity in TMIS with multiple servers, and give a formal security proof of the proposed scheme. The security of the proposed scheme is based on the elliptic curve decisional Diffie-Hellman problem assumption and hash function assumption. We will show that the proposed scheme is efficient enough for low-power mobile devices.
Highlights
The demand for telemedicine services grows rapidly with the rise of health consciousness, the development of Internet of Things (IoT), and the dramatic growth of the world’s older population
OUR CONTRIBUTION In this paper, we proposed a secure three-factor AKA scheme for a Telecare medical information systems (TMIS) with multiple servers, which achieves user anonymity and untraceability; no public keys and password tables need to be maintained
Definition 5: A three-factor AKA scheme for TMIS with multiple servers offers existential unforgeability and maintains session key secrecy, full forward secrecy, and user anonymity against adaptive chosen ID attacks if no probabilistic polynomial time adversary A has a non-negligible advantage in the following game played between an adversary A and infinite set of oracles s α for α
Summary
The demand for telemedicine services grows rapidly with the rise of health consciousness, the development of Internet of Things (IoT), and the dramatic growth of the world’s older population. In 2015, Lu et al [20] proposed a biometrics and smart cards-based authentication scheme for multi-server environments that provides strong user anonymity. In 2017, Chandrakar and Om [26] showed that Amin-Biswas scheme [24] cannot prevent identity and password guessing, user untraceability, user-server impersonation, and privileged insider attacks. A. OUR CONTRIBUTION In this paper, we proposed a secure three-factor AKA scheme for a TMIS with multiple servers, which achieves user anonymity and untraceability; no public keys and. If a user wants to protect his/her real identity from the logged-in servers, he/she can use a pseudonym as his/her identity in the registration phase to achieve strong anonymity
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
