Abstract
Biometrics is an emerging technology for patient authentication due to its advantages over the other methods, as passwords and smart cards. However, in mobile environments, it introduces hard constraints on computation, storage and communication, respectively, when analyzing, saving and transmitting the patient biometric data. In this paper, we address these challenges and we propose a secure and lightweight remote patient authentication scheme for mobile healthcare environments. The proposed scheme translates the patient biometric data to ECC-based keys. When a remote diagnostic is required or an unexpected incident underwent on the health of a patient, the latter can be securely and cost-effectively authenticated without needing to save or communicate its biometric template. Through simulations, we conduct an overall evaluation of the proposed scheme compared to concurrent solutions. The results indicate out performance of the proposed scheme while providing effective security.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
1 Introduction
The mobile devices such as cell phones, personal digital assistants and smartphones, have gained increasingly popular due to their portability (Stojmenović 2002). People use these devices to accomplish remote operations anytime and anywhere (Yoon et al. 2012). In distributed healthcare applications, these devices are now able to collect individual health-related data and report them to healthcare professionals situated anywhere. These data allow for distributed care, enabling remote diagnoses, alerting doctors for an emergency intervention or to changing conditions as they occur and providing the total picture of the patient’s health so that necessary care can be administered. When an unexpected incident underwent on the health of a patient, the latter may be not able to authenticate itself using something he/she knows as passwords. In such critical situation, the authentication process should be done automatically without the patient intervention. A biometric-based authentication scheme responds well to this important requirement.
Biometrics (Ross et al. 2008; Doshi and Nirgude 2015) is the study of measuring physiological or behavioral characteristics of a person to verify or recognize his or her identity. These characteristics include features, like fingerprints, face, hand geometry, voice and iris (Jain et al. 2004; Sonkamble et al. 2010; Jayaram and Fleyeh 2013). Every person possesses biometric features, which are unique and its properties remain stable during one’s lifetime (Moolla et al. 2012; Al-Ani 2014; Doshi and Nirgude 2015; Sabah et al. 2015). In classical biometric-based authentication methods, the identification of a user is performed through a specific analytical comparison between the introduced user’s biometric data and the prior stored one (Tong et al. 2007). In mobile environments, this process introduces hard constraints on computation, storage and communication, respectively, when analyzing, saving and transmitting this type of complex data. An extensive analysis of the literature has shown that various biometric-based remote patient authentication schemes have been proposed. However, the previously proposed schemes are much more complex, present performance limits and do not show a sufficient security level against attacks. In this paper, we address these limits and we propose a secure and lightweight remote authentication scheme for mobile healthcare environments. The proposed scheme is based on Elliptic Curve Cryptography (ECC) (Miller 1986; Koblitz 1987), in which a correspondence is established between the biometric template of a patient and its cryptographic keys. After extracting the patient’s biometric template, its key pair is computationally derived from that template. The key pair is used to produce a Diffie–Hellman-based session key (Diffie and Hellman 1976) with the remote server for mutual authentication. Through the security analysis and simulations, we conduct an overall comparison to concurrent schemes, where the proposed scheme demonstrates promising results.
The contributions of this work are quintuple: (1) the proposed scheme translates the patient biometric data to ECC-based key pair and it does not require to save or to communicate the patient’s biometric template; (2) it transforms the biometric inputs before their use, so that the transformed template be revocable, non-invertible, reliable, and respects the patient privacy; (3) it performs in four rounds of communication in both phases: registration and authentication; (4) it provides an effective robustness against replay, impersonation, server spoofing, anonymity, insider, man-in-the-middle, physical, parallel session, reflection and denial of service attacks; and (5) it operates with a lightweight load of storage, communication and computation.
The remaining of this paper is organized as follows. In Sect. 2, we review the related work. In Sect. 3, we present the detailed description of the proposed scheme. In Sect. 4, we analyze its security against malicious attacks. In Sect. 5, we provide the simulation results with comparison to the literature. Finally, we conclude this paper in Sect. 6.
2 Related work
Several biometric-based remote user authentication schemes have been proposed. The authors of Mastali and Agbinya (2010), Peralta et al. (2015) and Limbasiya and Doshi (2017), summarize a good representative part of them. In this section, we review from the literature some relevant and recent schemes.
In Khan et al. (2008), the authors have proposed a chaotic hash-based biometric remote user authentication scheme using mobile devices. The solution is a two-factor authentication scheme using passwords and fingerprints. The aim of this scheme lies in the fact that it allows commercial companies to provide for the mobile users the ability to remotely access to their resources such as e-banking, e-commerce, e-health, etc., in full security. Once a user needs to access a commercial company service, he firstly must execute the authentication system using his own mobile device to access the desired service.
In Chen et al. (2012), the authors have demonstrated that the scheme of Khan et al. (2008) is vulnerable to the impersonation attack by using information leaked from the mobile device. Besides, the intruder can analyze these information and forge form them secret parameters. In remedy of these drawbacks, Chen et al. have proposed an improved scheme, which is a combination of a fingerprint biometric and passwords. In order to improve the security of the scheme, they have used hash functions instead of the chaotic functions. The authors have claimed that their scheme is more secure and efficient while providing a low computation requirement.
In Truong et al. (2012), the authors have demonstrated that the scheme of Chen et al. (2012) fails to replay attack, server and user spoofing attacks and lacks the user’s anonymity, and they have proposed enhancements. The latter resides in the mitigation and isolation of theft risk of the user’s identity, which could be used by an intruder to re-register him to the service provider. This is done so that the intruder could obtain a secret key to impersonate either the legitimate user or the server. The authors have claimed that their scheme provides greater security and is practical for wireless communication systems.
In Khan et al. (2014), the authors have shown that the scheme of Truong et al. (2012) is vulnerable to other attacks, such as password guessing, user and server impersonation attacks by using the information extracted from the user’s mobile device and the intercepted login request. They have proposed an improved scheme, which overcomes not only the attacks, but also inherits the original merits of the two previous schemes (Khan et al. 2008; Chen et al. 2012). However, the solution presents performance limits regarding the storage, computation and communication overhead. On top of that, the solution is unable to achieve user’s anonymity and still vulnerable to user impersonation, and desynchronization attacks (Wu et al. 2015).
In Mishra et al. (2014), the authors have proposed a biometric-based authenticated key agreement scheme using smart cards. The solution is an improvement of Chuang and Chen (2014), which has been elaborated for the expert systems to achieve the user’s anonymity in the multi-server environments. The authors have claimed that their improved scheme eradicates the loopholes originate from the basic scheme. However, later, Wang et al. (2016) have stated that the scheme of Mishra et al. (2014) is susceptible to some malicious attacks, such as replay, user and server masquerade, denial of service attacks, and does not provide both user’s anonymity and perfect forward secrecy. To strengthen the security aspect, Lu et al. (2015) have introduced a more secure three-factor authentication scheme to conquer the drawbacks of the scheme of Mishra et al. (2014). The authors have focused on the scheme security while addressing the issue of password change phase.
In Reddy et al. (2016), the authors have pointed out that the scheme of Lu et al. (2015) suffers from some attacks including, clock synchronization problem, man-in-the-middle attack, impersonation attack, attack against anonymity, and it does not provide perfect forward secrecy. The conventional authentication schemes based upon passwords and smart cards are not appropriate for the distributed multi-server network environment due to the difficulties of remembering the access passwords related to each service provider. For that reason, He and Wang (2015) have proposed an authentication scheme based on biometric inputs using ECC to overcome the aforementioned shortcoming. Although the solution is the first truly three-factor authenticated scheme, the integration of the registration center provides high computation requirements (Reddy et al. 2017). Additionally, Odelu et al. (2015) have pointed out that the scheme of He and Wang (2015) suffers from some security weaknesses, including user’s anonymity, impersonation, and known session-specific temporary information attacks.
In Lu et al. (2016), the authors have proposed another three-factor authentication scheme for the Session Initiation Protocol (SIP), which is largely needed in the multimedia services. Lu et al.’s scheme improves Zhang et al. (2014). However, Kumari et al. (2017) have shown that the scheme of Lu et al. (2016) cannot withstand the impersonation attack, it does not provide the user’s anonymity, and still failed to achieve mutual authentication between the communicating parties.
In Jung et al. (2017), the authors have proposed an anonymous user authentication scheme with session key agreement for the integrated Electronic Patient Records (EPR) information system. The solution is an extended of three-factor user authentication scheme, which has been proposed to remedy the flaws of Li et al. (2015) scheme in order to protect the user information. However, the solution is vulnerable to denial of service and impersonation attacks, and fails to preserve the user’s anonymity.
3 The proposed scheme
In this section, we give the overview and assumptions followed by the detailed description of the proposed scheme.
3.1 System model
There are three parties involved in the proposed scheme: the remote server S, the patient \(P_i\) and its own mobile device. The latter could be a personal digital assistant or a smartphone, which acts as a sink and collects information regarding the patient’s medical information. The supervision process could be realized through a wireless body area network (Bradai et al. 2011; Aqsa et al. 2015), where sensors are deployed on or around the patient’s body. The mobile device communicates the patient’s data to the remote server via the Internet. The remote server keeps electronic medical data of the registered patients. These data are shared among authorized users, such as the healthcare staff, researchers, government agencies and/or insurance companies (Li et al. 2010; Elgazzar et al. 2012; Chatterjee et al. 2013). The remote server is a trusted party, which is responsible for initializing the system, publishing the system parameter and outputting the authentication credentials for the system patients.
We do not focus on a particular biometric feature. Furthermore, we assume that each patient is equipped with a biometric data reader specific to the targeted type of application. The proposed scheme is executed in three phases: (1) the system initialization, (2) the patient registration; and (3) the mutual authentication with session key agreement. The overall framework of the proposed scheme is illustrated in Fig. 1. Table 1 summarizes the main used notations and the following subsections describe the operations of each phase.
3.2 System initialization phase
In this phase, two distinct operations are involved, namely the cancellable biometric template extraction and the system parameter generation.
3.2.1 Cancellable biometric template extraction
The generation of a cryptographic key using biometric inputs has emerged as one of the most effective process used to overcome the security weakness in classical methods based on passwords, tokens, etc. However, the biometric data cannot be used directly in the cryptographic operations because (Boyen et al. 2005; Bo et al. 2009):
-
1.
The biometric data are not uniformly distributed.
-
2.
Two different biometric impressions of the same person are infrequently identical, and hence, this type of data is not accurately reproducible.
Furthermore, the biometric data is a personal feature usually non-cancellable, because when there is theft or forgery, it is not possible to change it as in case of Personal Identification Number (PIN-codes) or passwords (Belguechi et al. 2011; Barman et al. 2015). In this study, we address these limitations by the computation of the patient’s key pair from its cancellable biometric template.
In order to obtain the cancellable biometric template, the patient imprints his biometric data \(B_{i}\) using the mobile device, which extracts the minutiae points as features. The extraction process of these features involves four major steps (Lalithamani and Soman 2009; Andalib and Abdulla-Al-Shami 2013): (1) normalization; (2) orientation and frequency estimation; (3) phase estimation; and (4) minutiae points detection. Actually, several embedded biometric recognition devices are used to retrieve the minutiae points from the acquired fingerprint image (e.g., Lumidigm M301 web (Bayometric 2017a), Suprema BioMini web (Bayometric 2017b), Verifi P5100 web (Neuro Technology 2017), etc.).
The acquired biometric data are subject to significant variations. Thus, the minutiae points can disappear from an extraction to another. According to the literature, the number of minutiae points collected from a good quality of biometric readers contain usually between 40 and 100 minutiae (Hong et al. 1998). Nevertheless, this number is reduced to between 20 and 30 minutiae (Zaeri 2011), when are collected from a latent or a partial template. The minutiae points set of the acquired patient \(P_i\)’s biometric data \(B_i\) is denoted by \(M_i\) such as
where u is the total number of minutiae points extracted from the patient’s biometric template, \((x_k, y_k)\) are the point \(m_k\)’s Cartesian-coordinates, and \(\theta _k\) is the point \(m_k\)’s orientation. The distance between any pair of minutiae points \(m_k\) and \(m_l\), with coordinates \((x_k, y_k)\) and \((x_l, y_l)\), respectively, is computed by the Cartesian-distance.
To generate the cancellable biometric template from the acquired minutiae points, first, we compute the distance between each pair of minutiae points. Then, the obtained values are structured and sorted in a matrix, denoted by \(A_i\) such as
Note that \(\forall k,l \in \{1, u \}^2, d_{kl} = d_{lk}\), where the set of \(d_{kl}\) represent the coefficients. We consider either the upper or lower triangular part of \(A_i\). For instance, in case of the upper part, the patient \(P_i\)’s cancellable biometric template \(\gamma _i\) is computed such as
To protect the extracted minutiae points \(M_i=\big \{m_k\big \}\), the latter set is completed by a set of chaff points \(C_i\) such as \(C_i=\big \{c_l\big \}\) with \(m_k\ne m_l\). The aim of the shuffling is to avoid all the attempts, which can be used to distinct between genuine and chaff points. On the mobile device is kept \(C_i\) secretly, which can be used to recover the genuine minutiae from \(M_i \cup C_i\). In Fig. 2, we illustrated an example of shuffling in case of fingerprint template.
3.2.2 System parameter generation
In the server side, S chooses an elliptic curve \(E_{q}(a, b)\) with an order n, where n is a large number for security considerations. Then, it selects a base point G with an order n over \(E_{q}(a, b)\), chooses its private key \(\widehat{K}_S\in [1, n-1]\), and computes the corresponding public key \(K_S=\langle Q_S, G\rangle\) such as
Afterwards, it chooses a secure one-way hash function \(H:\{0, 1\}^{*} \rightarrow Z^*_{p}\), where \(Z^*_{p}\) is a cyclic group of an order \(p-1\). Finally, it keeps secretly \(\widehat{K}_S\) and publishes \(\langle K_S, n, G, H \rangle\) as system parameters.
In the patient side, the key pair is computationally derived from its biometric template. First, by using the biometric reader, the mobile device extracts the patient \(P_i\)’s biometric template \(B_{i}\) and computes its corresponding cancellable biometric template \(\gamma _i\) using the genuine minutiae points (cf. Sect. 3.2.1). Then, the mobile device computes its private key \(\widehat{K}_i\) such as
Finally, it computes its public key \(K_i=\langle Q_i,G\rangle\) such as
Note that it is hard to forge \(\widehat{K}_i\) from \(Q_i\) and G because of the Elliptic Curve Discrete Logarithm Problem (ECDLP).Footnote 1
3.3 Patient registration phase
This process is executed at the first interaction of a patient \(P_i\) with the remote server S. All the operations performed by the patient \(P_i\) are executed by its mobile device. First, by using the biometric reader, the mobile device extracts the patient \(P_i\)’s biometric template \(B_{i}\) and computes his/her cancellable biometric template \(\gamma _i\). Then, it computes the matching index \(V_i\) such as
and sends the registration request \(\langle V_i, ID_i, K_i \rangle _{K_S}\) to the remote sever S, where \(ID_{i}\) represents the patient’s identity (the mobile’s serial number is recommended). The parameter \(V_i\) matches the patient’s identity to its private key that is already linked to its biometric template. Upon receiving the request, the remote server S generates a random number \(r_S\in [1, n-1]\) and computes the patient’s authentication information \(AI_{i}\) such as
where T is the current timestamp of the remote server S. Finally, it saves \(\langle ID_{i}, AI_{i} \rangle\) in its locally and sends \(\langle ID_{i},V_i, AI_{i} \rangle _{K_i}\) to the patient’s mobile device.
3.4 Mutual authentication with session key agreement phase
The parameter \(B_i\) represents the patient \(P_i\) biometric template from which is already generated the key pair during the system initialization. Later, when a given user pretends to be the patient \(P_i\), the mobile device extracts its biometric data, denoted by \(B'_i\), and checks its correspondence to the generated keys. In this context, the patient \(P_i\)’s mobile device extracts the minutiae set \(M'\) by using the embedded biometric module and recovers the genuine minutiae points from \(M_i \cup C_i\). If the similarity degree between the sets \(M'\) and M is unacceptable regarding a predetermined threshold \(\tau\), the mobile device rejects the login request. Otherwise, the mobile device computes the patient’s cancellable biometric template \(\gamma _i\) from which it computes the key pair \(\langle \widehat{K}_i, K_i\rangle\). Then, it computes \(V'_{i}\) such as
If the matching index is invalid, i.e., \(V'_{i}\ne V_i\), then the mobile device rejects the login request. This process authenticates the patient \(P_i\) by its own mobile device, restricting the usage of the latter only by its proper owner. If the patient \(P_i\) is authenticated, the mobile device selects a secret random number \(r_{i}\in [1, n-1]\), computes
and finally the secret authentication information by
The mobile device computes the session key \(\ell\) such as
and the patient \(P_i\)’s dynamic identity \(DI_{i}\) such as
where \(T_{i}\) denotes the current timestamp of the mobile device. Finally, the mobile device sends \(\langle Q_i, DI_{i}, D_{i},T_{i}, R_{i}, \langle W_{i}, H\big (R_{i}\Vert SAI_{i}\Vert T_{i}\big )\rangle _\ell \rangle\) to the remote server S. Upon receiving, the remote server S extracts \(T_i\). Then, it checks the timestamp validity, such as \(T_{S}-T_{i}\le \Delta T\), where \(T_S\) and \(\Delta T\) denote, respectively, the current timestamp of the remote server and the expected valid time interval of the transmission delay. If \(T_{S}-T_{i}> \Delta T\), a replay attack is suspected and then, the remote server S rejects the login request. Otherwise, the remote server S computes in its side the session key such as
Note that the session key \(\ell\) is shared between the patient \(P_i\) and the remote server S and both of them computes it without any anterior interaction. In the patient side, the mobile device by holding the remote server S’s public key \(K_S=\langle Q_S, G\rangle\), it has already computed
which represents the same session key computed in the remote server side. Next, it computes \(\langle r_{i} \cdot V_i \rangle\) such as
The remote server S can check the patient identity by verifying the following equality
Otherwise, it rejects the login request. In the other case, it decrypts \(\langle W_{i}, H\big (R_{i}\Vert SAI_{i}\Vert T_{i}\big )\rangle _\ell\), computes \(H\big (R_{i}\Vert SAI_{i}\Vert T_{i}\big )\) and compares the result to the already stored value. If it holds, the remote server S authenticates the patient \(P_i\), or else, the login request is rejected.
In order to authenticate the remote server S, the latter selects a secret random number \(r_{S}\in [1, n-1]\), computes
and responds to the patient \(P_i\) with \(\langle W_{i}\oplus W_{S},T_{S}, \langle H\big (W_{S}\Vert SAI_{i}\Vert T_{S}\big ) \rangle _\ell \rangle\). Upon receiving, the mobile device checks the validity of the timestamp, such as \(T_i-T_S \le \Delta T\). If it not holds, the mobile device rejects the request. Otherwise, it decrypts the message by computing
extracts \(W_{S}\) from \(\langle W_{i}\oplus W_{S} \rangle\), computes
and finally verifies if \(h=h'\). If it holds, the patient \(P_i\) authenticates the remote server S.
4 Security analysis
In this section, we analyze the security of the proposed scheme against well known threats. Its robustness is effective against the following attacks:
-
Replay attack: an adversary may try replaying the exchanged messages between a patient \(P_i\) and the remote server S. Suppose that he/she has already intercepted a valid login request previously sent-out by the patient \(P_i\). If he/she replays the login request, the remote server S detects the attack by verifying the timestamp \(T_{i}\) of the received request, which will be rejected if \(T_{S}-T_{i}> \Delta T\). In the other hand, the adversary cannot succeed replaying the remote server S’s login request. The patient \(P_i\) detects such attack by verifying the inequality \(T_{i}-T_{S}> \Delta T\).
-
Impersonation attack: an adversary may try impersonating a legitimate patient through the intercepted messages from the previous sessions. Assume that the adversary has already intercepted a valid login request previously sent-out by the patient \(P_i\) or by the remote server S. The adversary cannot succeed the patient impersonation attack because he/she cannot create a forged login request for the fresh timestamps without holding the private keys \(\widehat{K}_i\) and \(\widehat{K}_S\).
-
Server spoofing attack: an adversary may try masquerading as a remote server to discover the patient’s long-term secret by intercepting \(\langle Q_i, DI_{i}, D_{i},T_{i}, R_{i}, \langle W_{i}, H\big (R_{i}\Vert SAI_{i}\Vert T_{i}\big )\rangle _\ell \rangle\) of a previous session. It is impossible for the adversary to figure-out \(W_{i}\) or \(H\big (R_{i}\Vert SAI_{i}\Vert T_{i}\big )\) from the message without holding the session key \(\ell\). Moreover, it is not possible to forge a valid login request \(\langle W_{i}\oplus W_{S},T_{S}, \langle H\big (W_{S}\Vert SAI_{i}\Vert T_{S}\big ) \rangle _\ell \rangle\) without holding the private keys \(\widehat{K}_i\) and \(\widehat{K}_S\), and he/she cannot compute \(\langle r_{i}\cdot V_i \rangle\) or \(W_{S}\) from \(D_{i}\) and \(\langle W_{i}\oplus W_{S} \rangle\).
-
Attack against anonymity: from the login request, an adversary has no way to guess or to compute the patient’s original identity \(ID_i\) from its dynamic identity \(DI_i\) without holding the session key \(\ell\). Also, the biometric template is used only when generating the key pair. Hence, the proposed scheme preserves the patient’s anonymity.
-
Insider attack: from the registration request \(\langle V_i, ID_i, K_i \rangle _{K_S}\) sent-out by the patient to the remote server, the privileged insider cannot obtain from this request any secret information without holding the server private key \(\widehat{K}_S\). Moreover, the proposed scheme does not require any password. Hence, the privileged-insider cannot impersonate any legitimate patient.
-
Man-in-the-middle attack: the first authentication step is accomplished directly between the patient and its mobile device without any intermediate entity. Therefore, the man-in-the-middle attack cannot succeed. In the second authentication step, an adversary may attempt to stand between the mobile device and the remote server S. However, since the exchanged messages are authenticated, the adversary has no possibility to impersonate anyone of them.
-
Physical attack: assume that an adversary finds or steals the patient’s mobile device and attempts to obtain the confidential parameters \(\langle ID_{i}, AI_{i} \rangle\). In that situation, it is impossible for him/her to figure-out any secret information from these parameters without holding the server’s private key \(\widehat{K}_S\) and the corresponding timestamp.
-
Parallel session attack: assume that an adversary intercepts the exchanged messages between a patient \(P_i\) and the remote server S, and then try to open a parallel session with the remote server S (respectively to the patient \(P_i\)). The remote server S (respectively the patient \(P_i\)) detects such attack by verifying the freshness of the timestamp \(T_i\) (respectively \(T_S\)) of the received request.
-
Reflection and denial of service attacks: it is impossible for an adversary to forge a valid login request out of those intercepted between the two communication parties without holding the secret parameters: \(\ell\), \(\widehat{K}_i\), \(\widehat{K}_S\), \(r_{i}\), and \(r_{S}\). The denial of service attack is countered by the inability of the adversary to introduce both a valid biometric template \(B_{i}\) and a correct identity \(ID_{i}\).
In Table 2, we summarize the overall security analysis of the proposed scheme with comparison to the related works.
5 Performance evaluation
In this section, we provide the simulation results comparing the proposed scheme to some relevant schemes presented in Sect. 1. The simulations are developed on a Samsung Galaxy S6 smartphone characterized by a processing rate of 2.1 GHz, a memory of 3 Go, and a wireless transmission rate of 5.76 Mbps. The smartphone interacts with a server machine characterized by a processing rate of 2.3 GHz, a memory of 4 Go, and a wireless transmission rate of 54 Mbps. The authentication process is performed through the fingerprint-based biometric feature.
The performance evaluation is performed for both mobile and server sides, covering three major metrics: (1) the communication cost, which represents the amount of transmitted data traffic per session of authentication, (2) the processing time, which represents the time spent in computation per session of authentication, and (3) the storage cost, which represents the memory space spent for the system parameters per session of authentication. These metrics are evaluated according to three hash function families: MD5 (128 bits), SHA-1 (160 bits) and SHA-256 (256 bits).
Figures 3 and 4 illustrate the obtained results in terms of communication cost, respectively, in the mobile device and the remote server side. We note that the communication overhead increases for all the compared schemes when increasing the hash function output size. The results denote out performance of the proposed scheme compared to the other solutions. In fact, the proposed scheme performs the mutual authentication process in two rounds of communication. Both mobile device and remote server compute, independently, an identical session key without extra communication. The schemes of Khan et al. (2008); Chen et al. (2012) perform the mutual authentication process in four rounds of communication, achieving better results in the mobile device side compared to the schemes of Truong et al. (2012), Khan et al. (2014), Lu et al. (2015) ad Jung et al. (2017) operating in five rounds.
Figures 5 and 6 illustrate the obtained results in terms of processing time, respectively, in the mobile device and remote the server side. We note that the processing time increases for all the compared schemes when increasing the hash function output size. The results denote out performance of the proposed scheme compared to the other solutions. Indeed, the proposed scheme uses a symmetrical session key in the mutual authentication process. In the two rounds of communication, both the mobile device and the remote server perform one operation of encryption in their side, and hence, reducing significantly the computational overhead.
Figures 7 and 8 illustrate the obtained results in terms of storage cost, respectively, in the mobile device and the remote server side. We note that the storage cost increases for all the compared schemes when increasing the hash function output size. The results denote out performance of the proposed scheme compared to the other solutions. Following the other schemes, an important number of cryptographic parameters are stored in both mobile device and remote server side. These parameters are necessarily required to achieve the authentication process. In the proposed scheme, two cryptographic information are maintained per one mobile and all the other parameters and keys are dynamically computed.
6 Conclusion
In this paper, we have proposed a secure and lightweight remote patient authentication scheme with biometric inputs for mobile healthcare environments. The proposed scheme translates the biometric input of a patient to ECC-based keys, which are used instead of the patient’s biometric template in the authentication process. The proposed scheme offers several advantages: (1) it provides mutual authentication with session key agreement; (2) it does not require remote transmission of the patients biometric data; (3) it does not hold a database of correspondence binding the patients to their biometric templates; (4) it does not need to analyze biometric data and the computational cost is thoroughly minimized; and (5) it resists against various attacks, namely replay, impersonation, server spoofing, anonymity, insider, man-in-the-middle, physical, parallel session, reflection and denial of service attacks. We have performed an overall evaluation of the proposed scheme through simulations. The results indicate out performance of our proposal while providing effective security.
Notes
Given two points Q and G over an elliptic curve, it is computationally hard to find an integer \(k\in [1, n-1]\) such as \(Q = k\cdot G\). This means that, for a big integer n, there is no polynomial-time bounded algorithm allowing to compute k in a reasonable time due to the high number of possible combinations. This problem is known, in the literature, as Elliptic Curve Discrete Logarithm Problem (ECDLP). For more detail about the ECDLP, kindly refer to Hankerson et al. (2003) and Cohen et al. (2005).
References
Bayometric (2017a) Lumidigm m301 multispectral fingerprint scanner. https://www.bayometric.com/fingerprint-scanner-lumidigm-mercury-m301-m30x-sensor/. Accessed 26 Aug 2017
Bayometric (2017b) Suprema biomini usb fingerprint reader/scanner. https://www.bayometric.com/suprema-biomini-biometric-usb-fingerprint-reader-scanner/. Accessed 26 Aug 2017
Neuro Technology (2017) Zvetco verifi p5100. http://www.neurotechnology.com/fingerprint-scanner-zvetco-verifi-p5100.html. Accessed 26 Aug 2017
Al-Ani M (2014) Biometrics: identification and security, multidisciplinary perspectives in cryptology and information security. IGI Glob Chapter 14 4(1):343–364. doi:10.4018/978-1-4666-5808-0.ch014
Andalib A, Abdulla-Al-Shami M (2013) A novel key generation scheme for biometric cryptosystems using fingerprint minutiae. In: Proceedings of the international conference on informatics, electronics and vision, pp 1–6. doi:10.1109/ICIEV.2013.6572670
Aqsa M, Junaid Q, Basharat A, Kok-Lim A, Ubaid U (2015) Qos in ieee 802.11-based wireless networks: a contemporary review. J Netw Comput Appl 55:24–46. doi:10.1016/j.jnca.2015.04.016
Barman S, Samanta D, Chattopadhyay S (2015) Revocable key generation from irrevocable biometric data for symmetric cryptography. In: Proceedings of the third IEEE international conference on computer, communication, control and information technology, pp 1–4. doi:10.1109/C3IT.2015.7060182
Belguechi R, Le-goff T, Cherrier E, Rosenberger C (2011) Study of the robustness of a cancelable biometric system. In: Proceedings of the conference on network and information systems security, pp 1–7. doi:10.1109/SAR-SSI.2011.5931387
Bo Y, Aidong S, Wenzheng Z (2009) A fully robust fuzzy extractor. In: Proceedings of the international conference on cyber-enabled distributed computing and knowledge discovery, pp 392–395. doi:10.1109/CYBERC.2009.5342191
Boyen X, Dodis Y, Katz J, Ostrovsky R, Smith A (2005) Secure remote authentication using biometric data. In: Proceedings of the 24th annual international conference on the theory and applications of cryptographic techniques EUROCRYPT: advances in cryptology, part of the lecture notes in computer science book series 3494:147–163. doi:10.1007/11426639_9
Bradai N, Chaari L, Kamoun L (2011) A comprehensive overview of wireless body area networks (WBAN). Int J E-Health Med Commun 2(3):1–30. doi:10.4018/jehmc.2011070101
Chatterjee S, Das A, Sing J (2013) A novel and efficient user access control scheme for wireless body area sensor networks. J King Saud Univ Comput Inf Sci 26(2):181–201. doi:10.1016/j.jksuci.2013.10.007
Chen C, Lee C, Hsu C (2012) Mobile device integration of a fingerprint biometric remote authentication scheme. Int J Commun Syst 25(5):585–597. doi:10.1002/dac.1277
Chuang M, Chen M (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41(4):1411–1418. doi:10.1016/j.eswa.2013.08.040
Cohen H, Frey G, Avanzi R, Doche C, Lange T, Nguyen K, Vercauteren F (2005) Handbook of elliptic and hyperelliptic curve cryptography. Chapman and Hall, Boca Raton
Diffie W, Hellman M (1976) New directions in cryptography. IEEE Transactions in Information Theory 22(6):644–654. doi:10.1109/TIT.1976.1055638
Doshi A, Nirgude M (2015) Biometric recognition techniques. Int J Adv Res Comput Netw Wirel Mobile Commun 2(1):143–152
Elgazzar K, Aboelfotoh M, Martin P, Hassanein H (2012) Ubiquitous health monitoring using mobile web services. Procedia Comput Sci 10:332–339. doi:10.1016/j.procs.2012.06.044
Hankerson D, Menezes A, Vanstone S (2003) Guide to elliptic curve cryptography. Springer, New York. doi:10.1007/b97644
He D, Wang D (2015) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823. doi:10.1109/JSYST.2014.2301517
Hong L, Wan Y, Jain A (1998) Fingerprint image enhancement: algorithms and performance evaluation. IEEE Trans Pattern Anal Mach Intell 20(8):777–789. doi:10.1109/34.709565
Jain A, Ross A, Prabhakar S (2004) An introduction to biometric recognition. IEEE Trans Circ Syst Video Technol 14(1):4–20. doi:10.1109/TCSVT.2003.818349
Jayaram M, Fleyeh H (2013) Soft computing in biometrics: a pragmatic appraisal. Am J Intell Syst 3(3):105–112. doi:10.5923/j.ajis.20130303.01
Jung J, Kang D, Lee D, Won D (2017) An improved and secure anonymous biometric-based user authentication with key agreement scheme for the integrated EPR information system. PLoS One 12(1):e0169,414. doi:10.1371/journal.pone.0169414
Khan M, Jiashu Z, Wang X (2008) Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos Solitons Fractals 35(3):519–524. doi:10.1016/j.chaos.2006.05.061
Khan M, Kumari S, Gupta M (2014) More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816. doi:10.1007/s00607-013-0308-2
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:203–209. doi:10.1090/S0025-5718-1987-0866109-5
Kumari S, Karuppiah M, Das A, Li X, Wu F, Gupta V (2017) Design of a secure anonymity preserving authentication scheme for session initiation protocol using elliptic curve cryptography. J Ambient Intell Hum Comput. doi:10.1007/s12652-017-0460-1
Lalithamani N, Soman K (2009) An effective scheme for generating irrevocable cryptographic key from cancelable fingerprint templates. Int J Comput Sci Netw Secur 9(3):183–193. http://paper.ijcsns.org/07_book/200903/20090325.pdf. Accessed 26 Aug 2017
Li C, Weng C, Lee C, Wang C (2015) A hash based remote user authentication and authenticated key agreement scheme for the integrated epr information system. J Med Syst 39(144):1–11. doi:10.1007/s10916-015-0322-3
Li M, Lou W, Ren K (2010) Data security and privacy in wireless body area networks. IEEE Wirel Commun 17(1):51–58. doi:10.1109/MWC.2010.5416350
Limbasiya T, Doshi N (2017) An analytical study of biometric based remote user authentication schemes using smart cards. Comput Electr Eng 59:305–321. doi:10.1016/j.compeleceng.2017.01.026
Lu Y, Li L, Yang X, Yang Y (2015) Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS One 10(5):e0126,323. doi:10.1371/journal.pone.0126323
Lu Y, Li L, Peng H, Yang Y (2016) A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl 9(2):449–459. doi:10.1007/s12083-015-0363-x
Mastali N, Agbinya J (2010) Authentication of subjects and devices using biometrics and identity management systems for persuasive mobile computing: a survey paper. In: Proceedings of the 5th international conference on broadband and biomedical communications, pp 1–6. doi:10.1109/IB2COM.2010.5723618.
Miller V (1986) Uses of elliptic curves in cryptography. In: Proceedings of the conference on the theory and application of cryptographic techniques CRYPTO 1985: advances in cryptology—CRYPTO ’85. Springer, LNCS 218, pp 417–426. doi:10.1007/3-540-39799-X_31
Mishra D, Das A, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143. doi:10.1016/j.eswa.2014.07.004
Moolla Y, Viriri S, Nelwamondo F, Tapamo J (2012) Handwritten signature verification using weighted fractional distance classification. In: Proceedings of the international conference on signal processing, communication and computing, pp 212–217. doi:10.1109/ICSPCC.2012.6335587
Odelu V, Das A, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans Inf Forensics Sec 10(9):1953–1966. doi:10.1109/TIFS.2015.2439964
Peralta D, Galar M, Triguero I, Paternain D, Garcia S, Barrenechea E, Benitez J, Bustince H, Herrera F (2015) A survey on fingerprint minutiae-based local matching for verification and identification: taxonomy and experimental evaluation. Inf Sci 315:67–87. doi:10.1016/j.ins.2015.04.013
Reddy A, Das A, Odelu V, Yoo K (2016) An enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography. PLoS One 11(5):e0154,308. doi:10.1371/journal.pone.0154308
Reddy A, Yoon E, Das A, Odelu V, Yoo K (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5:3622–3639. doi:10.1109/ACCESS.2017.2666258
Ross A, Nandakumar K, Jain A (2008) Introduction to multibiometrics. In: Jain AK, Flynn P, Ross A (eds) Handbook of biometrics, vol 14. Springer, New York. doi:10.1007/978-0-387-71041-9
Sabah B, Shabir S, Shubham A, Sanyam S (2015) Unimodal and multimodal biometric recognition techniques a survey. Int J Comput Sci Netw 4(1):148–155. http://ijcsn.org/articles/0401/Unimodal-&-Multimodal-Biometric-Recognition-Techniques-A-Survey.html. Accessed 26 Aug 2017
Sonkamble S, Thool R, Sonkamble B (2010) Survey of biometric recognition systems and their applications. J Theoret Appl Inf Technol 11(1):45–51. http://www.jatit.org/volumes/eleventh_volume_1_2010.php. Accessed 26 Aug 2017
Stojmenović I (2002) Handbook of wireless networks and mobile computing. Wiley, Oxford. doi:10.1002/0471224561
Tong VVT, Sibert H, Lecour J, Girault M (2007) Fingerkey, un cryptosystème biométrique pour l’authentification. In: Proceedings of the conference on network and information systems security \(<\)hal-00156447\(>\), pp 1–10
Truong T, Tran M, Duong A (2012) Robust mobile device integration of a fingerprint biometric remote authentication scheme. In: Proceedings of the 26th IEEE international conference on advanced information networking and applications, pp 678–685. doi:10.1109/AINA.2012.47
Wang C, Zhang X, Zheng Z (2016) Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PLoS One 11(2):e0149,173. doi:10.1371/journal.pone.0149173
Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Comput Electr Eng 45(5):274–285. doi:10.1016/j.compeleceng.2015.02.015
Yoon E, Choi S, Yoo K (2012) A secure and efficiency id-based authenticated key agreement scheme based on elliptic curve cryptosystem for mobile devices. Int J Innov Comput Inf Control 8(4):2637–2653. https://pdfs.semanticscholar.org/7273/c09fbd67ea221ff94204374ea39dec8dc011.pdf. Accessed 26 Aug 2017
Zaeri N (2011) Minutiae-based fingerprint extraction and recognition. In: Jucheng Y (Ed) Biometrics. InTech. doi:10.5772/17527 (ISBN: 978-953-307-618-8)
Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong H (2014) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 74(10):3477–3488. doi:10.1007/s11042-014-1885-6
Acknowledgements
This work was carried out in the framework of research activities of the laboratory LIMED, which is affiliated to the Faculty of Exact Sciences of the University of Bejaia. It was done in collaboration with the Labex MS2T, which was funded by the French Government, through the program “Investments for the future” managed by the National Agency for Research (Reference ANR-11-IDEX-0004-02).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mohammedi, M., Omar, M. & Bouabdallah, A. Secure and lightweight remote patient authentication scheme with biometric inputs for mobile healthcare environments. J Ambient Intell Human Comput 9, 1527–1539 (2018). https://doi.org/10.1007/s12652-017-0574-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-017-0574-5