Secure two-factor mutual authentication scheme using shared image in medical healthcare environment

Abstract

The cloud healthcare system has become the essential online service during the COVID-19 pandemic. In this type of system, the authorized user may login to a distant server to acquire the service and resources they demand, we need full security procedures that cover criteria such as authentication, privacy, integrity, and availability. The journey of security for any healthcare system starts with the authentication of users based on their privileges. Traditional user authentication mechanisms, such as password and personal identification number (PIN) typing, are vulnerable to malicious attacks like on/offline, insider, replay, guessing, and shoulder surfing. To address these issues, we proposed a secure authentication scheme that uses the authenticated delegating mechanism based on two factors: a one-time password and generating a secure variable vector from a legible user's digital image to enable the permission of a user through the back-end database of a cloud server. The proposed mutual authentication can protect the information against well-known attacks, ensure the user's privacy, and key management. Moreover, comparisons with existing schemes show that the proposed scheme supplies more privacy, security metrics, and resistance to attacks than the others while being more efficient in computation and communication costs.