Research on Multi-server Lightweight Multi-factor Authentication Protocol in Telemedicine Environment

doi:10.3969/j.issn.1671-1122.2019.10.006

Abstract

Abstract:

The existing telemedicine environment identity authentication is aimed at a single server environment. With the development of telemedicine systems, users have access to multiple hospital servers to query for medical conditions, as well as hospital server and commercial insurance or other third-party servers. Therefore, the research on multi-server identity authentication scheme in telemedicine environment has positive significance. In 2019, BARMAN et al. proposed a multi-server identity authentication scheme for telemedicine environment, but there are still many security problems in this scheme, such as poor scalability, vulnerable to privileged attacks, and inability to implement access control. In order to solve the above problems, this paper proposes a multi-factor identity authentication scheme based on Fuzzy Commitment and HMAC algorithm. Through analysis, it can be seen that the proposed scheme can solve the security threats of BARMAN’s scheme though the computation and communication increased slightly.

Key words: multi-factor authentication, HMAC, multi-server, light weight, fuzzy commitment

CLC Number:

TP309

Min ZHANG, Chunxiang XU, Minying HUANG. Research on Multi-server Lightweight Multi-factor Authentication Protocol in Telemedicine Environment[J]. Netinfo Security, 2019, 19(10): 42-49.

Figures/Tables 11

References 19

[1]	WU Zhenyu, LEE Y C, LAI Feipei, et al.A Secure Authentication Scheme for Telecare Medicine Information Systems[J]. Journal of Medical Systems, 2012, 36(3): 1529-1535.
[2]	HE Debiao, CHEN Jianhua, ZHANG Rui.A More Secure Authentication Scheme for Telecare Medicine Information Systems[J]. Journal of Medical Systems, 2012, 36(3): 1989-1995.
[3]	ZHU Zhian.An Efficient Authentication Scheme for Telecare Medicine Information Systems[J]. Journal of Medical Systems, 2012, 36(6): 3833-3838.
[4]	GUO Dianli, WEN Qiaoyan, LI Wenmin, et al.An Improved Biometrics-based Authentication Scheme for Telecare Medical Information Systems[J]. Journal of Medical Systems, 2015, 39(3): 20-35.
[5]	AWASTHI A K, SRIVASTAVA K.A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce[J]. Journal of Medical Systems, 2013, 37(5): 9964-9983.
[6]	ARSHAD H, NIKOOGHADAM M.Three-factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems[J]. Journal of Medical Systems, 2014, 38(12): 136-148.
[7]	CHUANG M C, CHEN Mengchang.An Anonymous Multi-server Authenticated Key Agreement Scheme Based on Trust Computing Using Smart Cards and Biometrics[J]. Expert Systems with Applications, 2014, 41(4): 1411-1418.
[8]	MISHRA D, DAS A K, MUKHOPADHYAY S.A Secure User Anonymity-preserving Biometric-based Multi-server Authenticated Key Agreement Scheme Using Smart Cards[J]. Expert Systems with Applications, 2014, 41(18): 8129-8143.
[9]	LU Yanrong, LI Lixiang, YANG Xing, et al.Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-server Environments Using Smart Cards[J]. PLoS One, 2015, 10(5): 126-136.
[10]	WANG Chengqi, ZHANG Xiao, ZHENG Zhimin.Cryptanalysis and Improvement of a Biometric-based Multi-server Authentication and Key Agreement Scheme[J]. PLoS One, 2016, 11(2): 149-173.
[11]	REDDY A G, DAS A K, ODELU V, et al.An Enhanced Biometric Based Authentication with Key-agreement Protocol for Multi-server Architecture Based on Elliptic Curve Cryptography[J]. PloS One, 2016, 11(5): 154-168.
[12]	IRSHAD A, CHAUDHRY S A, KUMARI S, et al.An Improved Lightweight Multiserver Authentication Scheme[J]. International Journal of Communication Systems, 2017, 30(17): 33-51.
[13]	REDDY A G, YOON E J, DAS A K, et al.Design of Mutually Authenticated Key Agreement Protocol Resistant to Impersonation Attacks for Multi-server Environment[J]. IEEE Access, 2017, 18(5): 3622-3639.
[14]	BARMAN S, DAS A K, SAMANTA D, et al.Provably Secure Multi-server Authentication Protocol Using Fuzzy Commitment[J]. IEEE Access, 2018, 25(6): 8578-8594.
[15]	BARMAN S, SHUM H P H, CHATTOPADHYAY S, et al. A Secure Authentication Protocol for Multi-server-based e-Healthcare Using a Fuzzy Commitment Scheme[J]. IEEE Access, 2019, 26(7): 12557-12574.
[16]	ZHANG Min, HE Yuande, ZHANG Yang.Authentication Scheme for Multi-server Enviroment Based on Chebyshev Chaotic Map with Access Control[J]. Computer Engineering and Applications, 2017, 53(17): 123-129.
	张敏,何远德,张阳.多服务器环境下可实现访问控制的身份认证方案[J].计算机工程与应用,2017,53(17):123-129.
[17]	JUELS A, WATTENBERG M. A Fuzzy Commitment Scheme[EB/OL]. , 2019-2-11.
[18]	BELLARE M, CANETTI R, KRAWCZYK H.Message Authentication Using Hash Functions: The HMAC Construction[J]. RSA Laboratories’ CryptoBytes, 1996, 2(1): 12-15.
[19]	ZHANG Min.Research and Design of Remote Identity Authentication Schemes Based on Three-factor in Multi-environments[J]. Chengdu: Southwest Jiaotong University, 2017.
	张敏. 多环境下基于三因素的远程身份认证协议研究与设计[D].成都:西南交通大学,2017.

符号	描述
RC, K_RC	注册中心标识、注册中心密钥
	用户身份标识、用户口令、用户生物特征、转换参数、可撤除生物模板、转换函数
	应用服务器身份标识、应用服务器密钥
	纠错码技术的编码和解码算法
	用户选择的密钥K、将K通过纠错码编码后生成K_CW,
	异或运算、连接符、哈希运算
	判断是否相等

	BARMAN^[15]等人方案	本文方案
扩展性良好	否	是
应用服务器密钥安全	否	是
抵御特权攻击	否	是
实现访问控制	否	是
实现用户匿名	是	是
实现相互认证	是	是
抵御中间人攻击	是	是
协商会话密钥	是	是

符号	描述
	P相信X
	P收到X
	P曾经说过X
	P对X有仲裁权
	X是新鲜的,意味X是新生成的随机数
	K是P和Q之间共享的密钥
	X被密钥K加密
U/AS	U表示用户,AS表示服务器

方案	登录阶段	认证阶段	总开销	所需时间/ms
BARMAN^[15]等人方案	T_fcs?3T_h	11T_h	T_fcs?14T_h	2.2582
本文方案	T_fcs?5T_h	9T_h?T_H	T_fcs?14T_h?T_H	2.2605

方案	用户传输数据	RC传输数据	应用服务器传输数据	总开销	数据长度/bit
BARMAN^[15]等人方案	5L_h?2L_t	0	2L_h?L_t	7L_h?3L_t	1216
本文方案	8L_h?L_t	4L_h	2L_h	14L_h?L_t	2272