1 Introduction

As the wireless multimedia communications and Internet technologies have been proliferating all the corners of the world, thus the tools of which the former and latter technologies have been incorporated, are necessitated to verify the legitimacy of remote-user logon request. In the remote-user logon-cum-authentication process, a remote-server should be able to authenticate a registered user/client related to his/her confidential data. Nowadays, the development tools such as the Internet and multimedia become continuous and moreover its related services such as health/tele-care medical information system personal business-activities, administrative document-activities and social activities can be served through the source of Internet. Since the devices/technologies of telecommunication have been able to reside in any place, the medical devices, such as tele-medicine system can be brought into the home of the patient, by which the doctor and patient can directly be connected through the tele-care machine to ensure the current condition of the patient’s health.

As a consequence, the tele-care machine, like Tele-care Medical Information System (TMIS) should ensure the authentication key factors, such as data-integrity, confidentiality, privacy, mutual authenticity, less computation, communication and execution cost for the sake of sever client security efficiency. The authentication key factors are necessitated to place the limit on the access of server resources, and thus guarantee that the server resources can’t be available to the ill-legitimate users. On the other hand, in the process of server client authentication, the systems like server and client should use the session key to guarantee that the systems are established the connection over a secure channel. Thus, the ill-legitimate users can’t access the server resources. For the ease of security, many researchers have proposed the password schemes of authentication [121] and in which the smart card system has been used as common.

Besides, the researchers are used to define the users’ identities as static as to all the service session transactions and it may provide some information leak to the ill-legitimate users to initiate a threat of identity (ID) theft. To address the issue of ID-theft, the authors of Das et al. [2] proposed a dynamic authentication scheme for the ID-based systems. The authors of Wang et al. [3] proven that the scheme of Das et al. [2] is totally unsecured for the support of password independence. Moreover, it does not offer the security feature of mutual authentication and suffer from the fake-server attack. In the scheme of Wang et al., the ID-based scheme was developed as dynamic, and thus it can be more secure and efficient than the scheme of Wang et al. The author of Khan et al. [5] projected out the practical difficulties of Wang et al., and so the scheme of Wang et al. is not suited for the real-time analysis.

Subsequently, the Khan et al. presented an extended version of authentication scheme to mitigate the computational complexities of smart card systems. Besides, the Khan et al. scheme offers some special provisional features, such as lost/stolen smart card revocation and expiry time-checkup for the authentication. But, the author of Chen et al. [6] showed off that the scheme of Khan et al. [5] does not provide the client-anonymity feature, and hence it is susceptible to the insider attack since all the legal systems share the common session key. So, the authors of Chen et al. proposed an efficient dynamic ID-based authentication scheme and it was validated under the system of TMIS. The scheme of Chen et al. was also provided a unique feature of client anonymity with un-traceability. To provide the distinguished feature, the authors of Chen et al. utilized the cipher block chaining (CBC) mode while the symmetric-encryption was applied in the TMIS system.

Later on, the authors of Kumari et al. [12] proved that the attacks, like password-guessing, user-key impersonation and denial-of-service (DoS) and key disclosure (session) are probable in the authentication scheme of Jiang et al. [8]. To resolve the issue of attack weaknesses, the authors of Kumari et al. developed an improved authentication scheme. The authors of Li and Hwang [13] presented an efficient authentication scheme and it relates to the biometric verification systems, smart card devices and hashing functions, but then the author of Das et al. [14] told that the scheme of Li and Hwang acquires several security flaws. To address the security flaws, the authors of Das et al. developed an extended authentication protocol version. Besides, the authors of Li et al. [15] pointed that the scheme of Das et al. does not provide the security reliably,and hence they proposed an improved authentication version over the Das et al. scheme’s.

The authors of Chang et al. [16] incorporated the features of uniqueness and anonymity preservation for the healthcare connection systems through the remote-user authentication scheme. The scheme of Chang et al. uses the users/clients identities to authenticate the users’ biometric system and it verifies its authentication using the Bio-hashing function. Besides, this scheme has one-way hashing and exclusive-or (X-OR) for the efficient usage, though in the recent authentication scheme of Das et al. [17], the authors of Das et al. projected several authentication weaknesses, such as flaws in design (logon, mutual authentication and password update) and privilege insider-attack for the scheme of Chang et al. Furthermore, the authors of Das et al. presented an authentication mechanism to resolve the design flaws of the scheme of Chang et al. Also, the authors of Das et al. validated their proposed scheme in the popular tool of AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and the tool was used to ensure the security against the attacks, like active and passive.

In the recent study, the authors, like Younghwa An and Khurram et al. [22, 23] proposed the biometric-based authentication schemes to resolve the security flaws, such as client anonymity,un-traceability, masquerade attack, password guessing and insider attack, but they failed to evaluate the schemes in the real time system tools. Besides, the authors, like Younghwa An and Khurram et al. failed to mention about the nature of user entities, that is, whether static or dynamic. Importantly, the authors have not shown any real time experimental analysis of the safe and secure for the schemes. Thus, we aim to design a mechanism of dynamic-identity based multimedia server client authentication scheme to prevent various attacks and mitigate the computational and communication overheads. Then, We design, develop and integrate the proposed and some recent existing mechanisms, such as Younghwa An, Khurram et al., Das et al. and Chang et al. in the real time tele-care multimedia medical server client system (RTT-MMSCS) to cross-examine some conditional metrics of the systems, such as call setup time, bandwidth consumption and signal congestion. Table 1 illustrates the important notation and description.

Table 1 Important notation and description
Full size table

The remaining sections are devised as follows. Section 2 demonstrates the real time testbed of tele-care multimedia medical server client systems. Section 3 presents the scheme of dynamic-identity based multimedia server client authentication scheme. Section 4 discusses the comparison and computation efficiencies of secure authentication schemes, namely Younghwa An, Khurram et al., Das et al., Chang et al. and proposed scheme. Section 5 shows the real time multimedia medical information system to probe the metrics, like call setup time, signal congestion and bandwidth consumption. Section 6 concludes the research work.

2 Related Works

Wu et al. [29] presented a two-factor mutual authentication scheme for the Telecare Medicine Information System (TMIS). Debiao et al. [30] determined that the scheme of Wu et al. cannot be resilient to the attacks, such as insider and key-impersonation. In addition, the authors of Debiao et al. improved the earlier version of two-factor authentication scheme using smart-card device. But, Wei et al. [31] found that the schemes, namely Wu et al. and Debiao et al. cannot prevent the attack of offline-password guessing, and thus the authors of Wei et al. presented an authentication scheme to overcome the pitfalls of [29, 30]. In 2012, Wu et al. [32] developed a novel two-factor authentication scheme for the integration of electronic-patient record systems; though the authors of Islam and Biswas [33] analyzed and found that the scheme of Wu et al. cannot withstand for the attacks, namely offline-password guessing, lost-smartcard, privileged-insider and secret-leakage.

Moreover, the scheme of Wu et al. have not had any proviso for the attacks, like lost (revocation) of smartcard and users’-anonymity. The phase of the password update of Wu et al. cannot update the users’ password until the server is permitted to do so. Therefore, it has more computation to be performed to execute the phase of password update. To mitigate the computation and communication overheads, the authors of Pu et al. [34] introduced a novel two-factor authentication scheme using elliptic-curve cryptography (ECC). On the other hand, the authors of Chen et al. [6] presented a dynamic ID-based authentication scheme for the system of TMIS.

In 2013, the authors of Jiang et al. [8] analyzed and found that the scheme of Chen et al. cannot offer a feature of user/client anonymity, and thus the authors of Jiang et al. presented an enhanced authentication scheme based on the symmetric cryptographic technique with mode of cipher-block chaining. But, the authors of Kumari et al. [12] proved that the scheme of Jiang et al. cannot be resilient to the attacks, such as password-guessing, key-impersonation and denial of service (DoS). Since the adversary can compromise the secret-key values which is shared between the users and server for the sake of connection establishment sessions, the protocol scheme of Jiang et al. cannot achieve a true mutual authentication service.

3 Real Time Tele-Care Multimedia Medical Server Client System

Session Initiation Protocol (SIP) [24] is used as a standard signaling protocol for the management of multimedia server and client sessions. The key features are scalability and textual-based structure. The former feature provides a capability of new service integration to the developers, whereas the latter feature provides a suitability of service time sensitivity. Figure 1 demonstrates the real time tele-care multimedia medical information systems. The multimedia server [27] issues the pseudonyms to recognize the legitimate multimedia user [28]. It can be either SIP URI private identity or public identity. The identities namely public and private SIP URI are used to provide user identification and authentication. As and when the user wants the access of multimedia service, he/she should handshake with the proxy call session control function (PCSCF). It declares that he/she is an authorized user and also it makes his/her credential as public as on the networks.

Fig. 1
figure 1

Real time tele-care multimedia medical information systems

Full size image

After user credentials being available on the public networks, the interrogating call session control function (ICSCF) raises a query to the home subscriber server (HSS) and that provides an appropriate serving call session control function (SCSCF) to execute the rest of the user authentication procedure. Then, the PCSCF challenges the user devices with a SIP response of ‘401 Unauthorized Nonce’ which includes some random numbers such as \( N_{{once_{i} }} \) and \( N_{{once_{j} }} \) for the user device authentication. Upon receiving the SIP challenge response, the user device sends its private identity along with the authentication scheme to the server component of SCSCF. If the user authentication is successful, then the multimedia server responses back with ‘200 OK’. We should note that the user devices send the authentication procedure as in the form of clear-text. So any snooper may tamper the user credentials to behave as a legitimate user and he/she may use such credentials to spoil the integrity of the server system.

Moreover, the snoopers may conjoin the user credentials with some other social networks to misuse the real identity of the server system. To stop such illegal activity, Dynamic-Identity Based Multimedia Server Client Authentication Scheme is proposed. It is designed and integrated in the form of 3GPP (Third Generation Partnership Project) [25, 26] in the real time multimedia medical information system. As like, to show the significances like call setup time, signal congestion and bandwidth consumption, the schemes such as Younghwa An [22], Khurram et al. [23], Das et al. [17] and Chang et al. [16] are integrated in the same real time multimedia medical information system. Since our proposed protocol is based on the random nonce strategy, it will definitely yield better results in comparison with the existing authentication schemes. The details of such results are elaborately discussed in Sect. 5.

4 Dynamic-Identity Based Multimedia Server Client Authentication Scheme

The proposed scheme of dynamic-identity based multimedia server client authentication scheme is composed of four phases: client registration phase, client login phase, server client verification phase and session key update phase. The phases involve three major entities, such as multimedia client (MC i ), multimedia server (MS j ) and home subscriber server center (H SS ). H SS selects the master-key m k and session key s k to determine h(m k  ∥ s k ) and h(s k ). Then, it shares them with MS j over a secure channel. Only H SS is aware of master-key m k and secret key s k .

4.1 Client registration phase

When any multimedia client (MC i ) wishes to access the (MS j ) system, then he/she has to enter credentials, such as sip uri , Re alm and secret key to H SS . The steps of client registration phase are as follows:

Step 1: \( MC_{i} \Rightarrow H_{SS} : sip_{uri} , H\left( {x \oplus secret_{key} } \right) \). MC i may freely opt his/her credentials, such as sip uri and secret key to determine \( H\left( {x \oplus secret_{{key_{i} }} } \right) \), where x is a random integer given by MC i . Later, MC i sends sip uri and \( H\left( {x \oplus secret_{{key_{i} }} } \right) \) to the H SS to register over a secure channel.

Step 2: Then, H ss determines:

$$ P_{i} = H\left( {sip_{uri} \parallel m_{k} } \right) $$
$$ S_{\varvec{i}} = \varvec{ }TS_{i} \oplus H\left( {sip_{uri} \parallel H\left( {x \oplus secret_{{key_{i} }} } \right)} \right) $$
$$ I_{i} = H\left( {H\left( {x \oplus secret_{{key_{i} }} } \right)\parallel H\left( {m_{k} \parallel s_{k} } \right)} \right) $$
$$ h_{i} = H\left( {TS_{i} } \right) $$

Step 3: \( H_{SS} \Rightarrow MC_{i} \): H SS runs the multimedia server MS j components (proxy, serving and interrogating) and the server components comprises of \( \left\{ {P_{i} , S_{i} , I_{i} , h_{i} , H\left( . \right),H\left( {s_{k} } \right)} \right\}. \)

Step 4: MC i enters the credentials x into the multimedia system MS j , then the multimedia server MS j contains \( \left\{ {P_{i} , S_{i} , I_{i} , h_{i} , x,H\left( . \right),H\left( {s_{k} } \right)} \right\}. \)

4.2 Client Login Phase

After execution of multimedia server MS j components, the multimedia clients MC i can log on to MS j to access the services, like voice and data. The steps of multimedia client login are as follows:

Step 1: MC i runs the application software on the Linux platform and then it enters the input credentials, such as \( sip_{uri} {\text{and }}secret_{key} \) in the running application. After that, the multimedia server MS j determines \( P_{i} = S_{i} \oplus H\left( {sip_{uri} \parallel H\left( {x \oplus secret_{{key_{i} }} } \right)} \right) \) and h * i  = H(T i ) and then, MS j verifies whether h * i is as same as h i or not. If they are found as same, then MC i continue to the next step. Otherwise, MS j rejects the MC i logon request.

Step 2: After the successful verification, MS i starts to generate a nonce \( N_{{once_{i} }} \) and determines

$$ F_{i} = H\left( {P_{i} \parallel H\left( {s_{k} } \right)\parallel N_{{once_{i} }} } \right) $$
$$ C_{{ID_{i} }} = H\left( {x \oplus secret_{{key_{i} }} } \right) \oplus H\left( {P_{i} \parallel F_{i} \parallel N_{{once_{i} }} } \right) $$
$$ G_{ij} = P_{i} \oplus H\left( {H\left( {s_{k} } \right)\parallel N_{{once_{i} }} \parallel S_{{ID_{j} }} } \right) $$
$$ E_{i} = H\left( {I_{i} \parallel F_{i} \parallel N_{{once_{i} }} } \right) $$

Step 3: \( MC_{i} \to MS_{j} :C_{{ID_{i} }} ,G_{ij} ,E_{i} ,N_{{once_{i} }} \)

4.3 Server and Client Authentication Phase

When MS j receives the MC i logon request, MS j executes the following steps to validate the client’s logon request. The execution steps are as follows:

Step 1: After receiving the logon-request: \( \{ C_{{ID_{i} }} ,G_{ij} ,E_{i} ,N_{{once_{i} }} \} \) MS j determines \( P_{i} = G_{ij} \oplus H\left( {H\left( {s_{k} } \right)\parallel N_{{once_{i} }} \parallel S_{{ID_{j} }} } \right) \), \( F_{i} = H\left( {P_{i} \parallel H\left( {s_{k} } \right)\parallel N_{{once_{i} }} } \right) \), \( H\left( {x \oplus secret_{{key_{i} }} } \right) = C_{{ID_{i} }} \oplus H\left( {P_{i} \parallel F_{i} \parallel N_{{once_{i} }} } \right) \) and \( I_{i} = H\left( {H\left( {x \oplus secret_{{key_{i} }} } \right)\parallel h\left( {s_{k} \parallel m_{k} } \right)} \right) \) from the received logon-request message \( C_{{ID_{i} }} , G_{ij} , N_{{once_{i} }} \} \), H(s k ) and h(s k  ∥ m k ).

Step 2: MS j determines \( H\left( {I_{i} \parallel F_{i} \parallel N_{{once_{i} }} } \right) \) and then, it verifies it with E i . If they are not equal, then MS j rejects the client logon-request and terminate the session. Otherwise, MS j accepts the client logon-request and determine a nonce \( N_{{once_{j} }} \) to compute \( MS_{ij}^{'} = H\left( {I_{i} \parallel N_{{once_{i} }} \parallel F_{i} \parallel S_{{ID_{j} }} } \right). \) Lastly, MS j sends the server-response message \( \left\{ {MS_{ij}^{{\prime }} ,N_{{once_{j} }} } \right\} \) to the client MC i .

Step 3: After receiving the server-response message \( \left\{ {MS_{ij}^{'} ,N_{{once_{j} }} } \right\} \) from MS j , MC i determines \( H\left( {I_{i} \parallel N_{{once_{i} }} \parallel F_{i} \parallel S_{{ID_{j} }} } \right) \) and then, it checks whether it is as same as the server-response message or not. If they are not same, then MC i rejects the server-response message and terminate the session with the server MS j . Otherwise, MC i successfully authenticates the server MS j and determines \( MS_{ij}^{{\prime \prime }} = H\left( {I_{i} \parallel N_{{once_{j} }} \parallel F_{i} \parallel S_{{ID_{j} }} } \right). \) Lastly, MC i sends back the client-response message {MS ij } to MS j .

Step 4: Upon receiving the client-response message {MS ij }, MS j determines \( H\left( {I_{i} \parallel N_{{once_{i} }} \parallel F_{i} \parallel S_{{ID_{j} }} } \right) \) and verifies whether it is as same as the client-response message or not. If they are same, then MS j successfully authenticates MC i . After the completion of verification phase, MC i and MS j may compute a common session key \( CS_{key} = H\left( {I_{i} \parallel N_{{once_{i} }} \parallel N_{{once_{j} }} \parallel F_{i} \parallel S_{{ID_{j} }} } \right) \) to secure the communication of multimedia server and client systems.

4.4 Session Key Update Phase

In this phase, MC i may change his/her secret key as and when he/she desires the change. The steps of session key update are as follows:

Step 1: MC i enters his/her credentials such as \( sip_{uri} {\text{and}} secret_{key} \) into the multimedia system MS j .

Step 2: MS j determines \( P_{i} = S_{i} \oplus H\left( {sip_{uri} \parallel H\left( {x \oplus secret_{{key_{i} }} } \right)} \right) \) and h * i  = H(P i ) and then, it verifies whether h * i is as same as h i . If they are equal, then MC i opts his/her new secret key \( secret_{{key_{new} }} \) and random integer x new to determine \( H\left( {x_{new} \parallel secret_{{key_{new} }} } \right) \) and \( S_{new} = P_{i} \oplus H\left( {sip_{uri} \parallel H\left( {x_{new} \parallel secret_{{key_{new} }} } \right)} \right) \). Lastly, MC i and sip uri and \( H\left( {x_{new} \parallel secret_{{key_{new} }} } \right) \) to H SS over a secure channel.

Step 3: H SS determines \( x_{new} = H\left( {H\left( {x_{new} \parallel secret_{{key_{new} }} } \right)\parallel H\left( {s_{k} \parallel m_{k} } \right)} \right) \). Then, H SS sends back {x new } to MC i .

Step 4: Lastly, the multimedia server MS j modifies S i and I i with S New and B New .

5 Analysis of Proposed Scheme

In this section, we will discuss the safe and security of our dynamic-identity based authentication mechanism. We model our proposed protocol as a game as between the challenger \( {\mathfrak{C}} \) and adversary \( {\mathfrak{A}} \). The following activities are triggered to the Game-On. At first, the \( {\mathfrak{C}} \) activates the client login phase. Followed by, the \( {\mathfrak{A}} \) who is given of the system (public) parameters, and so has the access to the system oracle model. When we execute the authentication mechanism with the Oracle’s authentication, the \( {\mathfrak{A}} \) can raise a query in the form of a polynomial to probe the security parameter s k . If the random number y = 0, then the MC i randomly compute the session key to send forward to MS j , whereas if y = 1, then it sends forward its own computed session key to MS j . As like, \( {\mathfrak{A}} \) continuously sends the queries to the oracle; but it does not reveal or corrupt the oracle testing.

Eventually, the output of \( {\mathfrak{A}} \) may assume its guessing as y′ for y, if the chances of correct guessing is negligible; then we can also assure that the scheme is safe and secure. The following algorithm will show that the \( {\mathfrak{A}} \) can attack the authentication system of the proposed scheme.

Algorithm 1

For an adversary \( {\mathfrak{A}}, \)

  1. 1.

    Run to execute the \( Send\left( {MC_{i} ; MS_{j} } \right) \) and \( Send\left( {MS_{j} ; MC_{i} } \right) \); and also raise a login query \( Login\left( {MC_{i} ; MS_{j} } \right) \) if it is necessary.

  2. 2.

    Run to \( Verify\_Execution\left( {MC_{i} ; MS_{j} } \right) \) to run the execution process of oracle testing

Run to execute the Query_Test(MC i ).

  1. 3.

    Guess to find a bit of y, if y is correct, then the \( {\mathfrak{A}} \) wins the game.

Theorem 1

The proposed scheme can resist against the hash function collision

Proof

In the login phase, the adversary \( {\mathfrak{A}} \) may trigger some queries, like \( Send\left( {MC_{i} ; MS_{j} } \right) \) and \( Send\left( {MS_{j} ; MC_{i} } \right) \) to infer some system parameters, like \( \left\{ {P_{i} , S_{i} , I_{i} , h_{i} , x,H\left( . \right),H\left( {s_{k} } \right)} \right\} \) and \( \left\{ {P_{i} , S_{i} , I_{i} , h_{i} , x,H\left( . \right),H\left( {s_{k} } \right)} \right\} \) from the modeling of oracle. Then, the \( {\mathfrak{A}} \) initiates a verifier query \( Verify\_Execution\left( {MC_{i} ; MS_{j} } \right) \) and collects the following parameter information, such as \( C_{{ID_{i} }} = H\left( {x \oplus secret_{{key_{i} }} } \right),P_{i} , F_{i} \,{\text{and}} \,N_{{once_{i} }} \) from the oracle modeling. Before execute a query testing, \( {\mathfrak{A}} \) pre-generate the numerous polynomial queries. At last, \( {\mathfrak{A}} \) executes the Query_Test(MC i ) to flip the query coin. If the query is coined as 1, then the oracle modeling exhibits a fresh x; otherwise it returns the random string which is equal to the length of y. Then, the \( {\mathfrak{A}} \) should expel one bit to verify the answer with the Query_Test. Since the proposed scheme is bound of secure hash-function \( H\left( {x \oplus secret_{{key_{i} }} } \right) \oplus H\left( {P_{i} \parallel F_{i} \parallel N_{{once_{i} }} } \right), \) the adversary can’t infer the session key from the random generated strings. Thus, the chance of \( {\mathfrak{A}} \)’s successful is negligible. Besides, the Theorem 1 is proven. Table 2 summarizes the security properties of multimedia authentication schemes.

Table 2 Security properties of multimedia authentication schemes
Full size table

5.1 Identity (ID)-Theft Atack

In the phase of proposed server and client authentication, MC i commonly transfers a value of client-variant ID as \( C_{{ID_{i} }} \) as to hide its original identity over an insecure communication channel. Since the client-variant ID is chosen randomly, it is certain that the proposed scheme can resist the identity (ID) theft attack and it can also keep the anonymity properties in safe. Younghwa An, Khurram et al., Das et al. and Chang et al.

5.2 Replay Attack and Problem of Clock Un-synchronization

As already mentioned in [20], the authentication mechanism which is based on the timestamp, may seriously suffer from the attack of replay;since the delay transmission is unpredictable in the networks. To avoid such drawback, we change the timestamp based scheme into the nonce based scheme. Thus, our proposed scheme can able to avoid the problem of clock un-synchronization. Besides, in the phase of server client authentication, the adversary \( {\mathfrak{A}} \) may deduce the MC i previous login-request, and then the \( {\mathfrak{A}} \) may use that information as a new login-request to the MS j ; though in our scheme the \( C_{{ID_{i} }} \) value is not permitted to be used as session to session. Thus, the \( {\mathfrak{A}} \) can’t complete the process of verification at the server system with the legitimate value of previous login-request. Consequently, it is certain that our proposed can resist the replay attack.

5.3 Server Client Anonymity

In our proposed authentication scheme, client/server (MC i /MS j ) preserves their login-request credentials confidentially; since our scheme shares the credentials of server/client by means of client identity (\( C_{{ID_{i} }} \))/server identity (\( S_{{ID_{i} }} \)). We compute the client anonymous identities from \( C_{{ID_{i} }} = H\left( {x \oplus secret_{{key_{i} }} } \right) \oplus H\left( {P_{i} \parallel F_{i} \parallel N_{{once_{i} }} } \right) \) and the server anonymous identities from \( S_{{ID_{i} }} = TS_{i} \oplus H\left( {sip_{uri} \parallel H\left( {x \oplus secret_{{key_{i} }} } \right)} \right) \). These identities will keep changing for the every attempt of login-request; since the former and latter expressions are calculated from the random integer x. Later, the server and client systems retrieve their identities to share the session keys and to hide their identities during the login-request transmission. So that, we confidently assert that the identity of the client \( C_{{ID_{i} }} \) Can only be recovered from the server and vice versa. Thus, in the proposed scheme of authentication, no identities can be recovered by any of the adversaries/attackers/intruders.

5.4 Session Key Agreement

In the phase of key authentication, our proposed scheme can provide the session key \( CS_{key} = H\left( {I_{i} \parallel N_{{once_{i} }} \parallel N_{{once_{j} }} \parallel F_{i} \parallel S_{{ID_{j} }} } \right) \) and it is shared mutually between the server MS j and client MC i systems. The value of F i is determined by \( F_{i} = H\left( {P_{i} \parallel H\left( {s_{k} } \right)\parallel N_{{once_{i} }} } \right) \) and the parameter values, such as \( N_{{once_{i} }} ,N_{{once_{j} }} , S_{{ID_{j} }} \) are determined in sequence to find a reliable mutual authentication session key. Besides, the value CS key will often change for every login-session, and thus the expired session keys can’t be reused for the purpose of re-login. So that, we confidently assert that the anonymous users can’t reuse the expired session to the request of re-login. Thus, the proposed scheme holds the property of session-key agreement as safe and secure.

5.5 (Perfect) Forward Secrecy

A protocol can be (perfect) forward secrecy, if the private keys of the participants/clients do not breach the previous session keys securities. It has two notions, such as perfect and master-key forward secrecies. The former secrecy does not harm the previous session-keys, whereas the latter secrecy can be satisfied as and when the master server-key is compromised. Our proposed protocol can be able to satisfy both the former and latter secrecies from the usage of \( P_{i} = G_{ij} \oplus H\left( {H\left( {s_{k} } \right)\parallel N_{{once_{i} }} \parallel S_{{ID_{j} }} } \right) \) and \( H\left( {x \oplus secret_{{key_{i} }} } \right) = C_{{ID_{i} }} \oplus H\left( {P_{i} \parallel F_{i} \parallel N_{{once_{i} }} } \right) \) to share the common session keys. The adversary may determine the parameter such as s k , though he/she can’t determine the rest of the parameters, like G ij , \( N_{{once_{i} }} \), \( S_{{ID_{j} }} \), \( secret_{{key_{i} }} \) and F i . Thus, the proposed protocol satisfies the secrecies, like perfect and master-key.

5.6 No-Key Compromise Impersonation

Since our proposed protocol often changes the common session key CS key for every login-session request, we thus confidently assert that the adversaries can’t infer server/client identities \( S_{{ID_{j} }} /C_{{ID_{i} }} \) neither. So, our proposed protocol holds the property of no-key compromise impersonation.

5.7 No-Unknown Key-Share

A protocol can be unknown key-share, if the adversaries can’t be able to determine the secret-key of the client systems. Because the client’s secret key can only be determined from the key generation center (KGC). To infer the client’s secret key, the adversary should learn some hidden entities, such as \( C_{{ID_{i} }} , G_{ij} ,N_{{once_{i} }} ,S_{{ID_{j} }} ,secret_{{key_{i} }} \) and F i . Otherwise, the adversary can’t deduce any bit of details to crack the client’s secret key. Thus, we assert that our proposed protocol has some hidden parameters of no-unknown key-share.

5.8 Malicious Server Attack

In the malicious server attack, the malicious server MS j behaves as a legitimate multimedia server MS j to monitor and collect some information related to the multimedia client MC i and it especially occurs during the client login-request process. In the process of client login-request, the malicious server can be able to infer only one parameter of the legitimate client that is s k . But, it does not determine the values such as \( C_{{ID_{i} }} , G_{ij} ,N_{{once_{i} }} ,S_{{ID_{j} }} ,secret_{{key_{i} }} \) and F i to forge the client. Thus, we assert that our proposed withstands for the malicious server attack.

5.9 Stolen Server Component Attack

In the stolen server component attack, the malicious user MC i tries to collect the information related to the server components of multimedia server MS j if he/she steals the component details of multimedia servers. Our proposed protocol has the parameters like P i , S i and I i for all the server components of multimedia server, and thus we confidently assert that the malicious user can’t acquire any details of server components unless they exploits their related parameters. Since the server component parameters are closely related to each other, thus the malicious user can’t steal their details easily. Hence, our proposed protocol withstands for the stolen server component attack.

5.10 Verifier Leakage Attack

In the verifier leakage attack, the malicious user MC i may forge the information related to the server components of multimedia, namely P i , S i and I i in order to behave as a legitimate user. In our proposed protocol, the identities of users change often, and so the malicious user MC i can’t tamper any details from the previous login-session. Moreover, the related parameters of the server component such as P i , S i and I i can’t be inferred to compute the secret session keys of multimedia server client systems. Hence, our proposed protocol withstands for the verifier leakage attack.

5.11 Mutual Authentication (Server and Client)

Our proposed protocol involves of two major entities, namely multimedia client MC i and server MS j that mutually authenticate each other before they agree upon a common session key. The common session \( CS_{key} = H\left( {I_{i} \parallel N_{{once_{i} }} \parallel N_{{once_{j} }} \parallel F_{i} \parallel S_{{ID_{j} }} } \right) \) is derived from the parameters, namely \( N_{{once_{i} }} ,N_{{once_{j} }} \) F i , SID j and I i that is later used to authenticate the service sessions of multimedia server and client systems. The multimedia server and client systems validate their related entities from the parameters like \( C_{{ID_{i} }}\, {\text{and}}\, S_{{ID_{j} }} \) to authenticate the request service session of multimedia client MC i . Hence, we assert that our proposed protocol achieves the mutual authentication for the multimedia server client systems.

5.12 Denail of Service (DoS) attack

In the DoS attack, the malicious user MC i may impede the legitimate user from the login-request and it is done to update the password verification to some random values. But, in our proposed protocol even if the malicious client steals some important credentials of multimedia server, he/she is supposed to proceed the process of session key update before he/she starts changing the verification details. First and foremost, the malicious user should guess the prompt info such as \( P_{i} , S_{i} , I_{i} \,\text{and}\, x \) to compute its related expression like \( P_{i} = G_{ij} \oplus H\left( {H\left( {s_{k} } \right)\parallel N_{{once_{i} }} \parallel S_{{ID_{j} }} } \right) \) and \( H\left( {x \oplus secret_{{key_{i} }} } \right) = C_{{ID_{i} }} \oplus H\left( {P_{i} \parallel F_{i} \parallel N_{{once_{i} }} } \right) \). Then, the expressions which are computer should undergo into the session key update phase to satisfy the verification details. It is practically not possible to speculate the parameters, namely \( P_{i} , S_{i} , I_{i} \,{\text{and}} \,x \) spontaneously. Hence, we assert that our proposed protocol withstands for the DoS attack.

5.13 Man-in-the-Middle Attack

In the man-in-the-middle attack, the malicious user MC i overhears on the communication channel and he/she also seizes the messages of server and client systems to send the messages back. In the seize of server and client communication, the malicious user may behave to the client as a legitimate user/server. In our proposed protocol, the malicious user may try to intercept the communication of multimedia server and client systems, but he/she can infer the common session key \( CS_{key} = H\left( {I_{i} \parallel N_{{once_{i} }} \parallel N_{{once_{j} }} \parallel F_{i} \parallel S_{{ID_{j} }} } \right) \) since it relies on the \( N_{{once_{i} }} ,N_{{once_{j} }} \), F i , SID j and I i which are chosen to be fresh or each service session. Hence, we assert that our proposed protocol withstands for the man-in-the-middle attack.

5.14 Parallel-Session Attack

In the parallel-session attack, the malicious user MC i may establish a parallel-session along with the legitimate multimedia user MC i to listen, modify and resend the original messages to the legitimate multimedia server MS j . The malicious activities such as listen, modify and resend are done within the stipulated duration of the frame window. In our proposed protocol, the malicious user MC i may try to masquerade as a legitimate multimedia user to resend the session login-request. But, he/she can’t compute the common session key \( CS_{key} = H\left( {I_{i} \parallel N_{{once_{i} }} \parallel N_{{once_{j} }} \parallel F_{i} \parallel S_{{ID_{j} }} } \right) \) since it is partially related to the random nonce values \( N_{{once_{i} }} \) and \( N_{{once_{j} }} \) which are always chosen to be a fresh for each login-session. Hence, we assert that our proposed protocol withstands for the parallel-session attack.

5.15 Comparative Efficiencies of Authentication Schemes

In the comparative efficiencies, we cross-analyze the proposed authentication scheme by means of its security properties and we examine such properties in one by one with the existing authentication schemes, namely Younghwa An, Khurram et al., Das et al. and Chang et al. Table 2 illustrates the comparative efficiencies of multimedia authentication schemes. We can observe from the Table 2 that our proposed authentication scheme is able to withstand with the most of the attacks, whereas the existing authentication schemes [16, 17, 22, 23] are not able to do such prevention as what the proposed scheme does so. Besides, our proposed scheme is able to offer privacy preservation for both server and client systems, whereas the existing schemes [16, 17, 22, 23] fail to do so.

In addition, the proposed and existing authentication schemes are evaluated using the real time Testbed For Tele-Care Multimedia Medical Information System and the examination results are revealed that the proposed authentication scheme can also mitigate the end-to-end delay, signal congestion and bandwidth consumption to offer a feature of scalability, whereas the existing authentication scheme [16, 17, 22, 23] can’t be able to do as such mitigation. Table 3 depicts the compuation efficiencies of multimedia authentication schemes. As we can observe from the Table 3, the proposed scheme is almost carrying the hash function as double as comparing with the existing authentication scheme [16, 17, 22, 23]. To conceal the identities of the server and client systems on the networks, we additionally overload the hash functions, but it achieves the most important feature of privacy preservation.

Table 3 Compuation efficiencies of multimedia authentication schemes
Full size table

6 Results and Discussion

To evaluate the major significances such as call setup time, signal congestion and bandwidth consumption of the proposed and existing authentication schemes, the OpenIMSCore server [27] and UCTIMS clients [28] have been utilized. On both the server and client sides, the authentication schemes, namely proposed and existing have been designed and implemented in the form of 3GPP standard. Besides, the server components, namely proxy, interrogating and serving have been modified to make the authentication schemes (proposed and existing) to use the message authentication header of the SIP. Figure 2 depicts the real time testbed for Tele-Care Multimedia Medical Information System. The systems like OpenIMSCore and UCTIMS have been installed in the high-end processor which is capable of Intel i3 core processor with 4 GB RAM and the systems are installed on Linux Mint (version 14) operating system.

Fig. 2
figure 2

Real Time testbed for tele-care multimedia medical information system

Full size image

For the users such as patient and doctor, we generate the random identities under the modulo inversion of chosen a random prime number. Besides, we monitor the call setup time of server client systems for every login-request over the normal wireless traffic. To provide an authentic login-request, we have collected and fed the private medical hospital information of doctors’ and patients’ in the database of multimedia (HSS). As for real time practice, the laptops (100 Nos’) of which we have issued, are installed UCTIMS client and also configured of patients’/doctors’ info. To cross-examine the call setup time, the proposed and existing authentication schemes are implemented. The schemes, such as proposed and existing will be authenticated as and when the multimedia server and client are sought for the service connection establishment.

In order to cross-examine the proposed and existing authentication schemes, we execute the authentication schemes, namely Younghwa An, Khurram et al., Das et al. and Chang et al. in parallel between the multimedia server client systems. In the cross-analysis, we have examined the authentication scheme as Server-Client with Youngwa An, Khurram et al., Das et al. Chang et al. and proposed protocol. To realize as a real time processing system, we have utilized the real time components (such as proxy, serving and interrogating) as the integral components of multimedia server.

To conceal the users identity in the public network domain, we have done some important changes in the message header format. The changes are:

  1. 1.

    ‘Header’: represents that the users are intended to hide the private info and the server components, such as proxy and the home subscriber server are responsible to hide such intentional infos’ of users.

  2. 2.

    ‘Session’: The keys which are generated by the authentication schemes are to be used by the users to hide his/her private infos’ included in the Session Description Protocol (SDP) over the public network domain.

  3. 3.

    ‘Users’: It sends the login-request in which it represents that the network should provide the privacy service since it is incompetent to provide such feature.

  4. 4.

    ‘None’: Server provides the privacy service to the users, other than that, none of the service like privacy will be appended to the users’ message.

  5. 5.

    ‘Critical’: It represents for the critical situation of privacy function. As if such situation is arisen, then the service will automatically reject the users’ service to ensure a feature of privacy preservation. Besides, it re-run the proxy server to resolve the critical error of the multimedia server.

Though this mechanism is susceptible for the bid-down attack, thus the adversary may be able to strip out the message without the desirable feature of privacy protection. Besides, it does not conceal the private identity in the first hop and thus, it can’t conceal the identity of an authentic user in the authorization header. Hence, the server and client systems are required for re-authentication. To strengthen the end-to-end communication, the authentication schemes (proposed and existing) of multimedia client and server systems are configured with a security layer of IPSec (Internet Protocol Security).

We utilize 100 users to establish the voice call connection over a single network domain. We interface the multimedia client and server in the wireless access router of 802.11 g and then we initiate the voice call connections between the multimedia clients over a campus wifi network domain. Before the service establishment, we evaluate the authentication schemes to ensure the privacy preservation. To prove the major significances of the proposed protocol, we cross-examine the metrics, like call setup time, signal congestion and bandwidth consumption with the other authentication schemes such as Younghwa An, Khurram et al., Das et al. and Chang et al. for a day. The cross-examination results of which we describe below are the cumulative result of one day.

The multimedia server has been executed in one day in which all the hundred client systems have initiated the service of voice call connection through the exchange of authentication schemes. Figure 3 illustrates Call Setup Time. The inspection results reveal that the proposed protocol is often mitigated the delay transmission at around 0.223 s and thus, it infers minimum delay, whereas the authentication schemes, such as Younghwa An, Khurram et al., Das et al. and Chang et al. are able to stabilize the delay transmission (at around 0.348, 0.341, −.37 and 0.363 s), but then it has higher call setup time in relation to the proposed protocol.

Fig. 3
figure 3

Call setup time

Full size image

Our proposed protocol conceals the parameter like private key (CID i /SID i from the anonymous user so as to avoid the re-authentication when the user experiences timeout. Besides, our proposed curtails the pairing computational time of the multimedia server client systems. This curtailing of computational time stabilizes the message transmission of the proposed protocol. Hence the computational time of the proposed authentication minimizes the traffic congestion of the multimedia server client systems. Figure 4 illustrates signal congestion. The proposed protocol has much less signal congestion in comparison with the other existing schemes, namely Younghwa An, Khurram et al., Das et al. and Chang et al.

Fig. 4
figure 4

Signal congestion

Full size image

The network capacity is specially classified into two key issues. KeyIssue1 divulges the bandwidth requirement of each user. KeyIssue2 divulges the rate of bandwidth usage. Figure 5 illustrates the bandwidth consumption. To analyze the bandwidth, this research chooses the voice call. To inspect the bandwidth usage, the usage rate is set as ~10 Mbps for the wifi access point. The inspection result is shown that the proposed authentication mechanism has minimize the bandwidth usage, and thus it can be able to offer the feature of service scalability, whereas the other authentication mechanism, such as Younghwa An, Khurram et al., Das et al. and Chang et al. have arbitrary usage of bandwidth, and so they can’t offer the service reliability and scalability as well.

Fig. 5
figure 5

Bandwidth consumption

Full size image

7 Conclusion

This paper proves that the authentication schemes such as Younghwa An, Khurram et al., Das et al. and Chang et al. are susceptible to several major security threats. We prove that the schemes of [16, 17, 22, 23] fails to resist the attacks, like stolen server component attack, mutual authentication, server client anonymity, parallel session and identity theft, verifier leakage, session key agreement and hash function collision. Besides, we also find that the existing schemes [16, 17, 22, 23] fails to offer the significant services, like privacy preservation, Problem of Clock Un-synchronization and service scalability. Thus, we have proposed a reliable dynamic-identity based multimedia server client authentication scheme so as to resolve those major security threats. Moreover, a testbed of multimedia medical information system has been designed and developed to investigate the metrics, such as call setup time, signal congestion and bandwidth consumption as in real time practice. The cross-examination results proves that the proposed authentication scheme is able to mitigate delay transmission, signal congestion and bandwidth consumption notably in comparison with the other authentication schemes [16, 17, 22, 23]. Also, our authentication scheme abides all the security features of 3GPP to achieve the security goals of multimedia medical information system.