Cryptanalysis and improvement of'a secure authentication scheme for telecare medical information system' with nonce verification

In 2009, Xu et al. presented an improved smartcard based authentication scheme while using a security model previously applied by Bellare et al. to prove the security of their authentication methods. Later on, in 2012, Wu et al. pointed out number of authentication attacks in Xu et al. scheme. To ad...

Full description

Saved in:
Bibliographic Details
Main Authors: Siddiqui, Z., Abdullah, A. H., Khan, M. K., Alghamdi, A. S.
Format: Article
Published: Springer New York LLC 2016
Subjects:
Online Access:http://eprints.utm.my/id/eprint/72164/
https://www.scopus.com/inward/record.uri?eid=2-s2.0-84929649859&doi=10.1007%2fs12083-015-0364-9&partnerID=40&md5=9f211fdc771dd2cd0b085593366037a3
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Teknologi Malaysia
id my.utm.72164
record_format eprints
spelling my.utm.721642017-11-20T08:18:52Z http://eprints.utm.my/id/eprint/72164/ Cryptanalysis and improvement of'a secure authentication scheme for telecare medical information system' with nonce verification Siddiqui, Z. Abdullah, A. H. Khan, M. K. Alghamdi, A. S. QA75 Electronic computers. Computer science In 2009, Xu et al. presented an improved smartcard based authentication scheme while using a security model previously applied by Bellare et al. to prove the security of their authentication methods. Later on, in 2012, Wu et al. pointed out number of authentication attacks in Xu et al. scheme. To address these issues, Wu et al. presented a Smartcard based Two-Factor Authentication (2FA) scheme for Telecare Medical Information System (TMIS) facility. In this study, we prove that authentication scheme of Wu et al. is still vulnerable to impersonation attack, offline password guessing attack, forgery attack and many other attacks. Moreover, number of performance and verification issues are also outlined in the authentication scheme of Wu et al. To overcome these issues, an improved and enhanced 3FA Smartphone based authentication method is proposed on a Cloud Computing environment. The proposed scheme is further corroborated using Burrows-Abadi-Needham logic (BAN logic) nonce verification. The detailed BAN logic verification and further security analysis shows that the proposed authentication protocol is highly reliable and secure in terms of message verifications, message freshness and trustworthiness of its origin. Moreover, the comparative security, performance and feature analysis shows that the proposed work yields an even more improved and enhanced authentication framework as compared to Wu et al. authentication scheme. Springer New York LLC 2016 Article PeerReviewed Siddiqui, Z. and Abdullah, A. H. and Khan, M. K. and Alghamdi, A. S. (2016) Cryptanalysis and improvement of'a secure authentication scheme for telecare medical information system' with nonce verification. Peer-to-Peer Networking and Applications, 9 (5). pp. 841-853. ISSN 1936-6442 https://www.scopus.com/inward/record.uri?eid=2-s2.0-84929649859&doi=10.1007%2fs12083-015-0364-9&partnerID=40&md5=9f211fdc771dd2cd0b085593366037a3
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Siddiqui, Z.
Abdullah, A. H.
Khan, M. K.
Alghamdi, A. S.
Cryptanalysis and improvement of'a secure authentication scheme for telecare medical information system' with nonce verification
description In 2009, Xu et al. presented an improved smartcard based authentication scheme while using a security model previously applied by Bellare et al. to prove the security of their authentication methods. Later on, in 2012, Wu et al. pointed out number of authentication attacks in Xu et al. scheme. To address these issues, Wu et al. presented a Smartcard based Two-Factor Authentication (2FA) scheme for Telecare Medical Information System (TMIS) facility. In this study, we prove that authentication scheme of Wu et al. is still vulnerable to impersonation attack, offline password guessing attack, forgery attack and many other attacks. Moreover, number of performance and verification issues are also outlined in the authentication scheme of Wu et al. To overcome these issues, an improved and enhanced 3FA Smartphone based authentication method is proposed on a Cloud Computing environment. The proposed scheme is further corroborated using Burrows-Abadi-Needham logic (BAN logic) nonce verification. The detailed BAN logic verification and further security analysis shows that the proposed authentication protocol is highly reliable and secure in terms of message verifications, message freshness and trustworthiness of its origin. Moreover, the comparative security, performance and feature analysis shows that the proposed work yields an even more improved and enhanced authentication framework as compared to Wu et al. authentication scheme.
format Article
author Siddiqui, Z.
Abdullah, A. H.
Khan, M. K.
Alghamdi, A. S.
author_facet Siddiqui, Z.
Abdullah, A. H.
Khan, M. K.
Alghamdi, A. S.
author_sort Siddiqui, Z.
title Cryptanalysis and improvement of'a secure authentication scheme for telecare medical information system' with nonce verification
title_short Cryptanalysis and improvement of'a secure authentication scheme for telecare medical information system' with nonce verification
title_full Cryptanalysis and improvement of'a secure authentication scheme for telecare medical information system' with nonce verification
title_fullStr Cryptanalysis and improvement of'a secure authentication scheme for telecare medical information system' with nonce verification
title_full_unstemmed Cryptanalysis and improvement of'a secure authentication scheme for telecare medical information system' with nonce verification
title_sort cryptanalysis and improvement of'a secure authentication scheme for telecare medical information system' with nonce verification
publisher Springer New York LLC
publishDate 2016
url http://eprints.utm.my/id/eprint/72164/
https://www.scopus.com/inward/record.uri?eid=2-s2.0-84929649859&doi=10.1007%2fs12083-015-0364-9&partnerID=40&md5=9f211fdc771dd2cd0b085593366037a3
_version_ 1643656370293047296