Secure ECC-Based Three-Factor Mutual Authentication Protocol for Telecare Medical Information System

Abstract

In the recent COVID-19 situation, Telecare Medical Information System (TMIS) is attracting attention. TMIS is one of the technologies used in Wireless Body Area Network (WBAN) and can provide patients with a variety of remote healthcare services. In TMIS environments, sensitive data of patients are communicated via an open channel. An adversary may attempt various security attacks including impersonation, replay, and forgery attacks. Therefore, numberous authentication schemes have been suggested to provide secure communication for TMIS. Sahoo <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> proposed a mutual authentication scheme based on biometrics and Elliptic Curve Cryptography (ECC) in 2020. However, we find out that Sahoo <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> ’s scheme cannot resist insider and privileged insider attacks and cannot guarantee patient anonymity. In this paper, we propose a secure ECC-based three-factor mutual authentication protocol that guarantees the privacy of patients for TMIS. We conduct informal security analysis to prove that our protocol is secure from various security attacks. In addition, we perform formal security analyses using the Automated Validation of Internet Security Protocols and Applications (AVISPA), Burrows-Abadi-Needham (BAN) logic, and the Real-Or-Random (ROR) model. Furthermore, we assess our protocol’s performance and compare it to other protocols. As a result, our protocol has lower communication costs, and better security features compared to related existing protocols. Therefore, our protocol is more appropriate for TMIS environments than other related protocols.