An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function

• Published in: Journal of medical systems Vol. 38; no. 6; pp. 27 - 19
• Main Authors: Das, Ashok Kumar, Goswami, Adrijit
• Format: Journal Article
• Language: English
• Published: Boston Springer US 01.06.2014; Springer Nature B.V
• Subjects: Algorithms; Anonymity; Authentication; Authentication protocols; Biometric Identification - instrumentation; Biometric Identification - standards; Biometrics; Chaos theory; Computer Security - instrumentation; Computer Security - standards; Cybersecurity; Hash based algorithms; Health Informatics; Health Information Exchange - standards; Health Sciences; Information systems; Medicine; Medicine & Public Health; Nonlinear Dynamics; Passwords; Security; Statistics for Life Sciences; Telecare; Telemedicine; Telemedicine - instrumentation; Telemedicine - standards; Topical Collection on Transactional Processing Systems; Transactional Processing Systems; Biometrics; Telecare medicine information systems; Chaotic hash function; Anonymity; AVISPA; Biohashing; Security; Password
• ISSN: 0148-5598; 1573-689X; 1573-689X
• DOI: 10.1007/s10916-014-0027-z

Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava’s scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava’s scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava’s scheme.