Secure-user sign-in authentication for IoT-based eHealth systems

Deebak, B. D.; Al-Turjman, Fadi

doi:10.1007/s40747-020-00231-7

Secure-user sign-in authentication for IoT-based eHealth systems

Original Article
Open access
Published: 03 January 2021

Volume 9, pages 2629–2649, (2023)
Cite this article

Download PDF

You have full access to this open access article

Complex & Intelligent Systems Aims and scope Submit manuscript

Secure-user sign-in authentication for IoT-based eHealth systems

Download PDF

3670 Accesses
18 Citations
Explore all metrics

Abstract

Sustainable Computing has advanced the technological evolution of the Internet and information-based communication technology. It is nowadays emerging in the form of the Cloud of Medical Things (CoMT) to develop smart healthcare systems. The academic community has lately made great strides for the development of security for the CoMT based application systems, such as e-healthcare systems, industrial automation systems, military surveillance systems, and so on. To the architecture of CoMT based Smart Environment, Chebyshev Chaotic-Map based single-user sign-in (S-USI) is found as a significant security-control mechanism. To ensure the fidelity, the S-USI assigns a unary-token to the legal users to access the various services, provided by a service provider over an IP-enabled distributed networks. Numerous authentication mechanisms have been presented for the cloud-based distributed networks. However, most of the schemes are still persuasible to security threats, such as user-anonymity, privileged-insider, mutual authentication, and replay type of attacks. This paper applies a sensor/sensor-tag based smart healthcare environment that uses S-USI to provide security and privacy. To strengthen the authentication process, a robust secure based S-USI mechanism and a well-formed coexistence protocol proof for pervasive services in the cloud are proposed. Using the formal security analysis, the prominence of the proposed strategies is proven to show the security efficiency of proposed S-USI. From the formal verification, the comparison results demonstrate that the proposed S-USI consumes less computation overhead; and thus it can be more suitable for the telecare medical information systems.

RETRACTED ARTICLE: A Review and State of Art of Internet of Things (IoT)

Article 14 July 2021

Smart home security: challenges, issues and solutions at different IoT layers

Article 10 May 2021

CryptoHHO: a bio-inspired cryptosystem for data security in Fog–Cloud architecture

Article 06 April 2024

Introduction

Of late, smart sustainable cities have been engaged in the recreation activities of the individual. It is nowadays converging the technological aspects of IoT and its associated big data applications to develop intelligent computing systems [1]. This is underlying as the technological core in the construction of numerous transformations. To exhibit the data characteristics, the state of the attributes such as monitoring, collecting, processing, and analyzing are explicitly regenerated that controls the environmental condition of smart cities. Various intelligent systems such as energy, automation, infrastructure, and transport utilize the core developments of IoT and big data applications to build sustainable environs. Smart sustainable cities typically meet the standard requirements of pervasive and mobile intelligence [2]. It uses distributed computing to establish communication between the IoT objects that offer informational services to the urbanites [3]. A technological change characterizes the significance of disruptive technologies that embed the techniques of ICT to address the complexities of techno-urban systems.

The urban domains may apply ICT technologies to implicate the environment features [1]. The technological evolution emerges the ICT visions to develop sustainable computing systems including infrastructure, facilities, services, resources, design, etc. The pervasive intelligence may integrate these important features to manage environmental issues [2]. A computing paradigm may use big data analytics to realize the key factors of novel applications that stimulate the development of sustainable systems. In the past, the ICT has dramatically changed for the maximization of service connectivity that closely associates with the cloud computing systems as a platform to enable environmental services. Most of the information services integrate PaaS to operate computing services through centralized systems. According to Statista, the cloud market is expected to grow $ {{\$ }}163 {\text{billion}} $ in 2021 that increases the connectivity of IoT devices to improve communication efficiency [4].

The convergence technologies such as augmented reality, autonomous driving, and smart cities are continuously being transformed to meet the standard requirements such as communication speed, bandwidth, and low-latency. It may synergize with IoT technology to improve service efficiency, which unifies the network structures to manage the high-level services. However, it has three major perspectives to address security issues: (1) drive the network traffic to examine the device connectivity; (2) increase the service connection over a cloud platform; (3) integrate the heterogeneous network to identify security issues. In the advancement of cloud computing technologies, the cloud assistive electronic healthcare systems are growing rapidly for remote e-healthcare services. Various security solutions with different application aspects [5, 6] shave been proposed for cloud-computing systems that are very much suitable to build a secure e-healthcare system.

A popular domain, known as TMIS [7, 8] has been one of the more suitable applications for remote electronic healthcare systems. However, the TMIS application can be emerged with a cloud assistive cognitive aware e-healthcare system to facilitate the medical diagnosis and the storage of healthcare records. The medical entities such as medi-expert, patient, and server-database are preferred to transmit the medi-data over insecure public networks. The data fabrication may lead to severe hazards; and thus it should be kept secret to provide patient’s privacy and convenient access. Therefore, a secure data transmission in TMIS has become a hot issue for wireless channel access. For the protection of information access over public networks [9], a method such as AKA has been chosen i.e. for the communication processes [10, 11].

Moreover, a secret password and a data storage like a smartcard or smart device comprising of secret-data possessed by the authentic-user is applied in the remote user authentication system. This communication device is distributed as a trustworthy server that wants the user to submit his/her information such as patient identity and string preprocessor to the registration server. As the network-based application system exists with various malicious activities, they may even forge or overhear the data transmission to disrupt the legal communication access. Most dangerous attacks such as server spoofing, key impersonation, and offline guessing have been addressed by various existing authentication schemes [12,13,14]. In urban cities, hospital management systems are growing rapidly to offer emergency services that meet the medical demands of the common people.

CoMT uses distributed networks that provide legal user access to disseminate the private user information, whereby less power computation is achieved with the available devices [15]. In general, the public or private service provider is nominated to distribute the authentic accesses, which deliver the application services to gain the network resources more efficiently. Generally speaking, the application should obtain a reliable transmission region to gain network access of the service provider. It has different users with distinct identities/secret key pairs to gain the exclusive rights of resource usage [16]. Figure 1 shows the electronic healthcare architecture using a CoMT. The biological sensors estimate the physiological conditions of the patient to feed the patients’ information i.e. to the smart computing devices whereby the data are transmitted through the knowledge of healthcare service providers over public Internet access.

Upon the information access, the data storage server accommodates the PHI of patients that gains the user access to grant the implementation policy governed by the policy certification server. After the successful authentication, the authentication server shows the data blocks comprising of patient info, medi-expert, authentic server, and TMIS. In electronic healthcare systems, the patients acquire the PHI to monitor the patient’s health condition that is very much useful to provide a medical prescription. In an emergency, a smart ambulance service can be initiated to offer timely user access to extend medi-service to the casualty before they reach the hospital. Importantly, the research and development process intensively analyzes the sensor input/output to envisage the critical condition of the patient.

Various key authentication mechanisms have been presented using the two-factor and three-factor authentication protocol that was introduced in [17]. As the Lamport scheme was very generic to access the remote-server i.e. user name and password, it could not provide user privacy and anonymity to address the major concern of the electronic healthcare system. In 1990, Hwang has initially presented the two-factor authentication, whereas, in the early 21st century, the three-factor authentication and key agreement protocol was proposed. Commonly, the electronic healthcare system initiates the system registration phase to gain remote user access with TMIS. Upon successful registration, the user gains the authentication to grant access to TMIS. Generally speaking, the one-factor authentication was much easier to remember as the user tries to provide the user name and password to obtain the desirable authentication process, whereas the two-factor additionally incorporates the entities known as smartcard that could subdue the user comforts. In the three-factor, the user may involve biometric information in addition to the real-time entities namely smartcard, username, and password to process the service authentication.

The authentication process comprises of four system phases that are as follows:

System registration In registration, the user wishes to provide the credentials with TMIS such as personal identities and information. Upon which they may choose a secret password at the registration or later phase. Moreover, it is subjected to alter their secret password after the successful login.

System login and authentication In login and authentication, the user may gain the service access provided by TMIS upon the verification of user credentials.

Session key update This phase is employed to change the user credentials secretly that reduces the attack vulnerabilities owing to the use of identical secret-key.

Key revocation This phase is employed to revoke the user credentials in case of key compromising.

Though the user terminal or device has a valid secret key to gain the medical services of the network, the massive data access may be prone to severe network risk, communication, and storage overhead. Therefore, the recent authentication mechanisms have constructed a strategy of control access using advanced mobile computing systems. Of late, three-party authentication and key agreement schemes have been proposed for WMSNs using a smartcard [18, 19]. The design objectives of their system were to provide an effective security mechanism in WSNs. Though their schemes cannot be practically implemented to exercise a time-synchronization mechanism. Moreover, it can be preferred to annul the clock time regulation between the communication parties. Therefore, the S-USI is proposed, which applies a mechanism of unary control access to monitor the device activities. This proposed mechanism annuls the clock synchronization problem for pervasive services in the cloud. In addition, a smart S-USI mechanism demands the multimedia medical sensor network to sense, monitor, and analyze the patient’s information effectively. The major contributions are as follows:

1.
Design a robust secure based S-USI mechanism to annul the clock synchronization in a pervasive computing environment.
2.
Apply unary control access to infer the activities of the medical sensor networks that provide service-level agreement to mitigate the cost of the communication device.
3.
Perform the formal analysis using AKE session-key security and BAN logic to prove the security efficiencies of the proposed S-USI including session-key protection.
4.
Analyze the key factors including computation, communication, and storage to guarantee the system features of the computing paradigms.

The rest of the sections are devised follows: “Research background” discusses related authentication schemes, important notation, assumption of Chebyshev chaotic maps, and the attacker model. "Proposed single user sign-in (S-USI) mechanism" presents a proposed S-USI mechanism that is completely based on the extended Chebyshev chaotic-map. "Security analysis” demonstrates the security analysis of the proposed S-USI mechanism using AKE session-key security and BAN logic. “Discussions” discusses the challenges of user authentication protocols. “Conclusion” concludes the research work.

Research background

This section summarizes the related authentication schemes, important notation, assumption of Chebyshev chaotic maps, and attacker model.

Emerging computing paradigm

The computing paradigm becomes more prevalent to standardize the parallel and distributed system that consists of visualized and interconnected devices to offer unified computing resources [20]. It is provisionally based on service-level agreement to negotiate the resources between the consumers and the service providers. Moreover, it has an intelligent model to enable on-demand network access to share a pool of computing resources. It can be provisionally released to manage the resources with minimal efforts or over service provider interaction [21]. Senyo et al. [22] outlined cloud computing as ‘IT infrastructure, application service, and resource delivery coexist to meet the demands of the individual or organization over a dedicated Internet platform’. The definition can hardly integrate the feature characteristics to consider the subsets of visualized computing systems. Hence, the NIST asserts three different service models such as IaaS, PaaS, and SaaS to claim a variant of security as a service. It is specifically considered for the development of IT infrastructure and application services. It has new phenomena as anything as a service or XaaS to offer minimal interaction with service providers including a pay-per-use basis.

In spite of its pervasiveness, emerging technologies are still active in the area of cloud computing. It has technological convergence to cover the performance aspects such as service automation, service provision, dynamic workloads, resource sharing, multiple tenancies, energy management, virtual machine migration, etc. [23]. The other direction includes benchmark evaluation, reliability, efficiency, scalability, and elasticity to meet the decision supports of cloud computing services. In addition, it has some computing factors namely trustworthiness, readiness, security, privacy, cost, pricing, etc. to adopt the management benefits [24]. Of late, it has emerged several research directions including e-government, e-learning, eHealth, big-data, data processing, and analytics for the prevalence of mobile computing platforms. It refers to smart devices, which are portable, programmable, and scalable to achieve convenient access. These device features are considered as an essential part to meet the service demands including voice communication, data storage, and social interactivity. It is nowadays converging in some specific domains such as m-Health, m-Learning, m-Commerce, etc. that typically focus on drug discovery, online learning, and commercial transaction. The smart device integrates the sensor packages and hardware components to extract the context features. As a result, several context-aware applications have been developed for significant services such as location tracking, proximity measurement, service rating, prediction, etc. [25].

The computing paradigms including mobile, cloud, and IoT emerge as the future dominants to consider the pairwise intersections. It has several areas such as mobile edge computing, web of things, mobile cloud, semantic web of things, cloudlet computing, etc. to explore the property of seamless connectivity [26]. Figure 2 shows the intersection areas of emerging computing paradigms. The convergence technologies such as IoT, cloud, and mobile envision to obtain the human-centric data that differentiates the evolution of pervasive and ubiquitous computing to provide seamless connectivity and human interaction. The interconnected things use sensors and actuators to integrate low-power wireless devices such as IoMT, IoNT, and IoUT to develop an IoT-enabled platform. The futuristic IoT-based healthcare scenarios include remote monitoring, service availability, accessibility, drug management, to offer seamless connectivity via wireless technologies such as Bluetooth, Zigbee, Infrared, and 4G/5G. Since the eHealth data is open to access in the public network, it is highly demanding a secure cryptography protocol to achieve distinct features such as immutable, timestamped, and decentralized. In eHealth, various sensory technologies are integrated to provide an effective solution including end-to-end connectivity, data analysis, tracking, medical alerts, and assistance.

The IoT-based computing systems leverage the automation process, workflow management, and risk deduction to save human life. However, it has several open challenges such as device integration, security, privacy, and data overloading to degrade the efficiency of the healthcare systems. To address the issues, computing paradigms such as fog, edge, cloudlet, and crowdsensing are preferred. It can apply the cryptography protocol to analyze the cloud data via dedicated gateways that address the security challenges among the mobile devices and hubs. The major significances are as follows:

1.
Edge computing is an avenue to resolve the issues of low latency and user proximity to the existing IoT users.
2.
The other computing solves the research perspectives including location-aware, user-centric, and provisional access to eHealth domains.
3.
Scalability is a specific feature to improve the efficiency of the sensory system that integrates the sensor platform to meet the requirements of distributed networks.
4.
QoS is more significant to improve the service efficiency of the healthcare systems.

Table 1 summarises the key challenges of the existing works. The personalized healthcare system has some major significances such as reliability, interoperability, and scalability to meet the challenges of IoT [27] that emerges the application requirements of eHealth. Balli et al. [28] reviewed the service features of the electronic devices that materialize the demands of the system design. Chandhuri et al. [29] studied different types of healthcare data and management techniques. Suguna et al. [30] discussed several diagnostic mechanisms under the strategies of IoT protection. Gandhi et al. [31] introduced healthcare intelligence to examine the process of IoT framework. Khan et al. [32] studied various healthcare mechanisms to analyze security features. Darshan et al. [33] examined the novel frameworks and challenges to investigate the challenges. Deebak et al. [34] designed a smart mutual authentication protocol for cloud-based medical healthcare. Deebak et al. [35] introduced a lightweight authentication framework for smart IoT system. Deebak et al. [36] presented a seamless authentication mechanism for edge computing systems. Al-Turjman et al. [6] proposed an intelligent authentication for smart industrial system.

Table 1 Key challenges of the related existing works

Full size table

Related works

A theory, known as Chebyshev chaotic map is widely employed for cryptography systems i.e. for S-boxes and hashing function. Lately, the client–server authentication protocols have been adopted using TMIS [37]. In 2010, Guo and Zhang [38] proven that Xiao et al. [39] is still susceptible to server-spoofing attack. In 2012, Xue et al. [40] presented an extended version of the authentication protocol using a chaotic map. Tan [41] demonstrated that Xue et al. scheme is vulnerable to man-in-the-middle attack with inadequate user anonymity. In 2013, Guo et al. [42] introduced a chaotic-map based authentication scheme using a smartcard. However, Hao et al. [43] found that Guo et al. cannot offer user untraceability. In addition, they consume two secret-key to provide more computation overhead. To address effectively, an extended version was proposed. Jiang et al. [44] and Lee [45] shown the security weaknesses of Hao et al. namely stolen smartcard attack. Subsequently, they presented the extended version of the authentication mechanism for TMIS. Mishra et al. [46] demonstrated the security deficiency of Jiang et al. such as the desynchronization attack, which may lack the order of continuity. This attack may infer the user information that demonstrates the occurrence of the next successive session of the participants to experience the DoS attack i.e. to block the execution of user authentication.

Li et al. [47] discovered that schemes such as Jiang et al. [44] and Lee [45] were found to be insecure in the user authentication process. In 2014, Lin proposed a dynamic-identity based authentication protocol using a chaotic-map. Unfortunately, Wang et al. [48] demonstrated that the Li et al. scheme is still insecure to provide user anonymity and key impersonation attack. Subsequently, they presented an extended version using mobile-device and chaotic-map for the TMIS. However, Bergamo et al. [49] are vulnerable to offline guessing, key impersonation, and desynchronization attack. Moreover, the Wang et al. scheme cannot provide session-key agreement and user anonymity. In 2015, Lee [50] cannot be resisting the offline key guessing attack. In 2016, Islam et al. [51] demonstrated the security weakness of user anonymity, key impersonation, and forward secrecy existing in Lin scheme [52]. Also, Liu and Xue [53] projected that the Lee scheme [50] was complex to design asymmetric encryption. However, the Liu and Xue scheme has a security weakness containing no password friendliness and user anonymity.

To administrate the service providers and service access, medical applications should maintain a reliable database system. It applies two-factor or three-factor authentication mechanisms to offer a systematic registration procedure that allows smart devices to acquire system access from the available network providers. As a result, data redundancy or duplication may be prevented to improve system performance. Deebak et al. [7] designed a dynamic identity-based authentication for TMIS, which preserves the medical data and avoids the clock un-synchronization to prevent potential threats. Of late, several dynamic authentication mechanisms [7, 52] have been considered for the improvisation of security efficiencies and minimization of system computation cost. However, their schemes cannot support multi-server architecture to improve system performance.

Madhusudhan et al. [54] and Biswas et al. [55] have presented static and dynamic identity-based authentication for the enrichment of security efficiencies. The former strategy prevents data leakage, whereas the latter applies a two-factor strategy including device identity and secret key to provide to serve remote-server authentication. As a consequence, several dynamic-identity based authentication mechanisms have been presented for the preclusion of client anonymity [56]. These schemes frequently change client identities using the login and authentication phase to prevent data disclosure and stolen-verifier. However, the remote-server cannot employ password-based authentication to preserve user identities and passwords during the login phase. Since the application and its related services may grow exponentially in real-time, a suitable dynamic identity-based authentication is considered to improve the efficiency factors of the server. It has a service provider that uses a multi-server environment to provide seamless connectivity [26]. In the client registration, each phase executes the authentication module to improve the security efficiencies.

As the application device repetitively invokes the login phase, it can easily be prone to data duplication and information leakage. Most importantly, cloud servers offer IoT services to real-time users over an insecure wireless channel that highly demands data confidentiality to authenticate the service access in IoT-based cloud computing systems. It uses trusted third parties to authorize the user access that obtains the IoT services through the knowledge of the cloud server. It has a registration center to restrict the service access between the cloud server and smart device. It may achieve a proper mutual authentication to secure the communication channel to acquire: (1) the device or user terminal should be legal to gain the server access; (2) the service provider should authenticate the application services to improve system efficiencies; and (3) the client device has a common session key to preserve data confidentiality and user privacy [57].

In eHealth, the IoT-based cloud computing systems should have essential characteristics of the security framework to analyze the vulnerabilities and threats [58]. It has a robust security mechanism to protect network access. The system layer handles the privacy issues proactively to enhance the feature of privacy protection. The eHealth has medical experts and service providers to store the sensitive information of the patients on the local system [59]. It demands an effective infrastructure to exchange the medical data between a patient and medical experts while patient privacy is guarded. The system deployment measures privacy awareness to classify the nature of potential risks, which comply with industrial standards, framework, regulation, and ethical requirements. To provide an effective design, the IoT applications integrate the privacy framework. It can apply the technical strategies including identification, authentication, and authorization to improve the property of data privacy. Most of the healthcare applications integrate IoT and cloud computing to signify the purpose of state definition, cluster formation, device category, and dimensional access [60]. The general security and privacy concerns are as follows:

1.
In accordance with the rules and regulations, the patient data should be gathered and processed promptly to ensure device safety and liveliness.
2.
Without proper privacy protection and adequate security strength, the patient data cannot be accessible over any public or private network.
3.
The IoT device should process data transmission over any network access without compromising the data integrity and reliability.
4.
The communication network and application devices should provide comprehensive protection to prevent unauthorized access.
5.
The authorized applications should employ defined data protocols to restrict data collection and transmission.

Important key notations

The important key parameters of the proposed single user sign-in (S-USI) are illustrated in Table 2. The tabulation is as follows:

Table 2 System parameters used in proposed S-USI

Full size table

Mathematical assumption of Chebyshev Chaotic-Map

This assumption defines the Chebyshev chaotic-map that represents a Chebyshev polynomial $ T_{n} ( x ) $, where $ \left\langle x \right\rangle $ is a degree of $ \left\langle n \right\rangle $. It can be defined as:

$$ T_{n} ( x ) = \cos n\theta ,{\text{ where}}\;x = \cos \theta $$

This assumption also defines the recurrence relation $ T_{n} ( x ) $, which can be expressed as: $ T_{n} ( x ) = 2xT_{n - 1} ( x ) - T_{n - 2} ( x ) $, for any $ n \ge 2 $ with the assumption of $ T_{0} ( x ) = 1 $ and $ T_{1} ( x ) = x $.

This assumption also defines the semi-group property of Chebyshev polynomial to satisfy the given expression:

$$ T_{r} ( {T_{s} ( x ) } ) = T_{sr} ( x ) = T_{s} ( {T_{r} ( x ) } ),\;{\text{for}}\;s,r \in {\text{\rm Z}}^{ + } . $$

This assumption also defines the chaotic property of Chebyshev polynomial, where $ n > 1 $ represents a polynomial map $ T_{n} :\left[ { - 1,1} \right] \to \left[ { - 1,1} \right] $ for the degree $ \left\langle n \right\rangle $ with its relevant invariant density:$ f^{*} ( x ) = {\raise0.7ex\hbox{$1$} \!\mathord{\left/ {\vphantom {1 {( {\pi \cdot \sqrt {( {1 - x^{2} } )} } )}}}\right.\kern-0pt} \!\lower0.7ex\hbox{${( {\pi \cdot \sqrt {( {1 - x^{2} } )} } )}$}} $, for an exponent of Lyapunov i.e. $ \ln n > 0 $ [61].

Zhang [63] improved the authentication protocol using Chebyshev chaotic-map to prevent the security weakness demonstrated by Bergamo et al. [49]. To strengthen the security mechanism, the Bergamo et al. extended the Chebyshev polynomial to satisfy the properties of semi-group and commutative i.e. in the interval of $ \left\langle { - \infty ,\infty } \right\rangle $ [62]. The expression is as follows:

$$ T_{n} ( x ) \equiv 2xT_{n - 1} ( x ) - T_{n - 2} ( x ) \mod p, $$

where $ n \ge 2, \forall x \in \left\langle { - \infty ,\infty } \right\rangle $ and $ p $ is a large prime integer. It can be further defined as:

$$ T_{r} ( {T_{s} ( x ) } ) = T_{sr} ( x ) = T_{s} ( {T_{r} ( x ) } ) \mod p. $$

This improved Chebyshev chaotic-map shows the assumptions of discrete logarithm and Diffie Hellman [63]. The basic mathematical assumptions are as follows:

Extended Chebyshev chaotic-map based discrete-logarithm problem $ ( {\text{DLP}} ) $: Assume that $ x $, $ y $ and $ p $ are the integers to determine the parameter $ \left\langle r \right\rangle $ that is much helpful to satisfy $ y = T_{r} ( x ) \mod p $ i.e. computationally infeasible. The major advantage is that the adversary $ A_{\text{dv}}^{\text{DLP}} $ may try to solve the extended Chebyshev chaotic-map-based $ {\text{DLP}} $ i.e. computationally negligible.

Extended Chebyshev chaotic-map based Computational Diffie Hellman problem $ ( {\text{CDHP}} ) $: Assume that $ T_{r} ( x ) $, $ T_{s} ( x ) $, $ T( { . } ) $, $ x $ and $ p $ where $ r, s \ge 2 $, $ x \in \left\langle { - \infty ,\infty } \right\rangle $ and $ p $ is a large prime integer to calculate:

$ T_{rs} ( x ) \equiv T_{r} ( {T_{s} ( x ) } ) \equiv T_{s} ( {T_{r} ( x ) } ) \mod p, $ which is computationally infeasible to solve the extended Chebyshev chaotic-map based Computational Diffie Hellman problem, denoted as $ A_{\text{dv}}^{\text{CDHP}} $. Therefore, it is considered to be insignificant.

Extended Chebyshev chaotic-map based decisional Diffie Hellman problem $ ( {\text{DDHP}} ) $: Assume that the parameters such as $ T_{r} ( x ) $, $ T_{s} ( x ) $, $ T( { . } ) $, $ x $ and $ p $ are considered to decide:

$ T_{rs} ( x ) \equiv T_{z} ( x ) \mod p $, which is considered to hold or impracticable. The benefit is that $ A_{\text{dv}} $ can solve the problem of extended Chebyshev chaotic-map based decisional Diffie-Hellman problem, denoted as $ A_{\text{dv}}^{\text{DDHP}} $. Therefore, it is computationally negligible.

Attacker model

As referred to [64], an adversary $ A_{\text{dv}} $ is supposed to have the following essential abilities informally. This is to note that this paper does not primly focus on how $ A_{\text{dv}} $ can achieve the security goals, but the examination is only assumed to results analysis, which can be:

1.
$ A_{\text{dv}} $ may try to overhear or eavesdrop the data transmission over public channel access i.e. between the legal user and remote server under the three-factor system environment.
2.
$ A_{\text{dv}} $ may wish to steal the user’s particulars e.g. smartcard or mobile-device to retrieve the confidential information from the stolen device [65].
3.
$ A_{\text{dv}} $ cannot infer the confidential parameters such as random integer, hash function, and private secret-key $ s_{\text{k}} $ from the remote server $ R_{\text{S}} $ within the execution of polynomial time. It is presumed that the above computation could at least achieve a minimum-security length [66].
4.
$ A_{\text{dv}} $ may deduce the communication parameters such as secret password and user identity from the two finite sets. Therefore, $ A_{\text{dv}} $ has the possibility to perceive the above information in the given polynomial time.
5.
$ A_{\text{dv}} $ may try to deceive the remote server $ R_{\text{S}} $ to know the confidential information i.e. specifically to enact or behave as a genuine user [67].
6.
$ A_{\text{dv}} $ may try to perceive or guess a low entropy i.e. identity or password apart from others. However, the rules of the polynomial equation may not be violated to reveal the confidential data i.e. identity or secret password at the same execution time. Assume that the user identity length and secret password has $ n $ for each parameter to derive the probability $ 1/2^{6n} $ [68] i.e. for $ n $ character long-string.
7.
To achieve the property of forward secrecy demonstrated in [69], $ A_{\text{dv}} $ may try to collect the long-term information including user identity, secret password, storage data, and a remote server. Though $ A_{\text{dv}} $ perceives the above confidential data, he/she cannot compute the previous session. Thus, this proposed mechanism satisfies the property of forward secrecy.

Proposed single user sign-in (S-USI) mechanism

This section presents a proposed S-USI mechanism that is completely based on the extended Chebyshev chaotic-map. As the secret session-key is constructed using $ {\text{CDHP}} $, none of adversary $ A_{\text{dv}} $ can precompute the secret session-key. In other words, as the proposed scheme is based on Chebyshev’s chaotic-map, a malicious adversary cannot compute a shared session-key to establish secure communication between the user and the remote server to forge a valid request message or impersonate as a legal user. Moreover, in the secret-key update phase of S-USI, the timestamp always guarantees the data freshness to validate the data from the remote server. Thus, the proposed S-USI can prevent privileged-insider, redirection, and a data forgery attack. This proposed scheme comprises of five communication phases, such as system initialization, registration, login and authentication, secret key update, and smartcard revocation. The initialization phase uses Chebyshev chaotic-map to invoke a parameter of $ \left\langle x \right\rangle $ on the given interval $ ( { - \infty ,\infty } ) $ that wants a large prime integer $ \left\langle p \right\rangle $ to perform a modular arithmetic operation to maintain a smartcard revocation during the system initialization phase.

Assume $ G, g \, {\text{and}}\, q $ are defined to the parameters of the cyclic group. It has a public key encryption $ {\text{PE}}_{k} $, secure-session key $ {\text{SS}}_{k} $, $ {\text{PE}}_{k}^{'} $(Conjugate of $ {\text{PE}}_{k} $), $ {\text{SS}}_{k}^{'} $ (Conjugate of $ {\text{SS}}_{k} $) and multimedia server $ M_{\text{S}} $. Moreover, it maintains a long-term secret key $ S_{k} $ with a random string length $ k $. Let $ H:\left\{ {0,1} \right\}^{*} \to \left\{ {0,1} \right\}^{k} $ represents a one-way hash function to prevent target collision, whereas $ {\text{PRF}}_{{S_{k} }} :\left\{ {0,1} \right\}^{k} \to \left\{ {0,1} \right\}^{k} $ denotes a pseudo-random function key. Also a one-way hash (conjugate) function $ H^{\prime}:\left\{ {0,1} \right\}^{*} \to \left\{ {0,1} \right\}^{k} $ is defined to preserve client identities. In S-USI, $ H^{\prime}( {S_{k} } ) $ assumes $ S_{k} $ as an input key to initiate the authentication procedure.

System initialization phase Remote-server $ R_{\text{S}} $ builds a system communication parameters to perform the following execution steps:

Step 1 $ R_{\text{S}} $ chooses a random integer $ p_{k} $ to define a private secret-key that has a random computation parameter $ x \in \left\langle { - 1, + 1} \right\rangle $.

Step 2 $ R_{\text{S}} $ generates a master secret-key $ m_{\text{sk}} $ that applies a secure symmetric encryption and decryption algorithm, which is $ E_{k} ( { . } )/D_{k} ( { . } ) $ and one-way hash operation function $ h( { .} ) $.

System registration phase $ R_{\text{S}} $ issues a secure communication gateway to the multimedia device $ M_{\text{d}} $/medical sensor $ M_{\text{s}} $ to guarantee key security and data privacy.

Step 1 $ M_{\text{d}} /M_{s} $ arbitrarily chooses an identity of unary-token $ I_{\text{d}} $ along with user identity $ U_{\text{id}} $ and secret password $ P_{\text{wd}} $ and then sends the identity $ I_{\text{d}} $ to $ R_{\text{S}} $ over public access networks.

Step 2 In pursuit of receiving $ I_{\text{d}} $, $ M_{\text{S}} $ determines $ {\text{key}} = {\text{PRF}}_{{S_{k} }} ( {H( {I_{\text{d}} } )} ) \oplus H^{\prime}( {S_{{k_{0} }} } ) $, $ R = E_{\text{S}} ( {I_{\text{d}} \parallel H} ) $ and $ D = H \oplus ( {x\parallel T_{r} ( x )} ) $ using $ m_{\text{sk}} $ where $ S_{{{\text{k}}_{0} }} $ is a session key to validate whether it is newly generated or not to authorize user access.

Step 3 $ R_{\text{S}} $ connects an authentic gateway, which has the system parameters as $ I_{\text{d}} ,{\text{Key}},R,D,h( { .} ),E_{k} ( { .} ) $ to setup a connection. In practice, the system parameters are predefined to exclude any additional key exchanges to secure gateway access. As a result, the gateway is equipped to configure with any $ M_{\text{d}} /M_{\text{s}} $ to store the communication parameters in the smartcard $ S_{\text{C}} $.

Step 4 Upon the successful configuration, the client devices namely $ M_{\text{d}} / M_{\text{s}} $ setup a session-key to confirm the user privacy to $ R_{\text{S}} $ over a secure gateway.

System login and key-authentication phase user namely $ M_{\text{d}} / M_{\text{s}} $ enters a secret session-key to access the private information of patients. A secure gateway retrieves the value of the secret session-key $ {\text{Key}}_{\text{verif}} = {\text{Key}}_{1} \oplus H^{\prime}( {S_{k} } ) $. Then, the users’ and $ M_{\text{s}} $ use $ {\text{Key}}_{\text{verif}} $ as the secret-key to perform the following computation (Fig. 3):

$$ U_{\text{sr}} \to M_{\text{s}} :U_{\text{id}} , S_{\text{id}} ,g^{{S_{k} }} $$

$$ U_{\text{sr}} \to M_{\text{s}} :M_{{{\text{id}}^{\text{S}} }} , S_{\text{id}} ,g^{{S_{k} }} , {\text{Key}}_{{{\text{SS}}_{k}^{'} }} ( {M_{{{\text{id}}^{\text{S}} }} , U_{\text{id}} ,S_{\text{id}} ,g^{{S_{k} }} } ) $$

$$ U_{\text{sr}} \to M_{\text{s}} :U_{\text{id}} ,S_{\text{id}} , c = {\text{Key}}_{{{\text{PE}}_{k}^{'} }} ( {{\text{Key}}_{\text{verif}} ,U_{\text{id}} ,S_{\text{id}} , g^{{S_{k} }} } ) $$

Step 1 $ U_{\text{sr}} $ inserts his/her $ S_{\text{C}} $ to provide an input $ P_{\text{wd}} $ to compute $ H = h( {P_{\text{wd}} \parallel t} ) $ and $ R = ( {R \oplus H} ) \oplus H $. The above computation is used to generate a random integer $ m $ that computes $ P_{1} = T_{m} ( x ) \mod p $, $ K = T_{m} ( {T_{r} ( x ) } ) \mod p $, $ Q = h( {I_{\text{d}} \parallel U_{\text{id}} \parallel H\parallel {\text{TS}}_{1} } ) $ and $ P_{2} = E_{k} ( {Q\parallel R} ) $, where $ {\text{TS}}_{1} $ is the current timestamp. Finally, the communication parameters $ M_{{{\text{sg}}1}} = \left\langle {P_{1} ,P_{2} ,{\text{TS}}_{1} } \right\rangle $ are dispatched to $ R_{\text{S}} $.

Step 2 Upon receiving the message transmission $ M_{\text{sg1}} $, $ R_{\text{S}} $ checks whether $ ( {{\text{TS}}^{'} - {\text{TS}}_{1} } ) \le \Delta_{\text{TS}} $ is valid or not. If the message transmission is unsuccessful, then $ R_{\text{S}} $ aborts the service request. Otherwise, $ R_{\text{S}} $ determines $ K = T_{r} ( {P_{1} } ) \mod p $ to obtain $ ( {Q\parallel R} ) $ by the decryption process $ P_{2} $ with $ K $. In addition, it obtains $ ( {U_{\text{id}} \parallel H\parallel C_{\text{NT}} } ) $ by the process of decryption with $ m_{\text{sk}} $. Then, $ R_{\text{S}} $ verifies whether $ ( {U_{id} ,C_{NT} } ) $ is stored in the revocation table or not to examine $ Q = ?h( {I_{\text{d}} \parallel U_{\text{id}} \parallel H\parallel {\text{TS}}_{1} } ) $. If the verification is unsuccessful, then $ R_{\text{S}} $ simply rejects the service authentication request. Otherwise, $ R_{\text{S}} $ generates a random integer $ n $ to compute $ Q_{1} = T_{n} ( x ) \mod p $ to obtain $ \lambda = T_{n} ( {T_{m} ( x ) } ) \mod p $ and $ Q_{2} = h( {\lambda \parallel U_{\text{id}} \parallel Q_{1} \parallel {\text{TS}}_{2} } ) $, where $ {\text{TS}}_{2} $ is the current server timestamp. Finally, $ R_{\text{S}} $ dispatches $ M_{\text{sg2}} = \left\langle {Q_{1} ,Q_{2} ,{\text{TS}}_{2} } \right\rangle $ to $ U_{\text{sr}} $.

Step 3 After receiving the message transmission $ M_{\text{sg2}} $, $ U_{\text{sr}} $ validates whether $ ( {{\text{TS}}^{''} - {\text{TS}}_{2} } ) \le \Delta_{\text{TS}} $ is valid or not. If the validation was unsuccessful, then $ U_{\text{sr}} $ terminates the user authentication request. Otherwise, $ U_{\text{sr}} $ determines a secure session-key $ \lambda = T_{m} ( {Q_{1} } ) \mod p $ to verify whether $ Q_{2} = ? $ $ ( {\lambda \parallel U_{\text{id}} \parallel Q_{1} \parallel {\text{TS}}_{2} } ) $ is valid or not. If unsuccessful, $ U_{\text{sr}} $ terminates the user authentication request.

System secret-key update phase In this secret-key update phase, a legitimate user $ U_{\text{sr}} $ inserts his/her $ S_{\text{C}} $ to enter the old secret-password $ P_{\text{wd}} $ to change or modify into new secret-password $ P_{\text{wd}}^{*} $. The execution steps are as follows:

Step 1 $ S_{\text{C}} $ performs a computation of $ H = h( {P_{\text{wd}} \parallel t} ) $ and $ H^{*} = h( {P_{\text{wd}}^{*} \parallel t} ) $ to generate a random integer $ m $ to recalculate $ P_{1} = T_{m} ( x ) \mod p $, $ K = T_{m} ( {T_{r} ( x ) } ) \mod p $, $ Q = h( {I_{\text{d}} \parallel U_{\text{id}} \parallel H\parallel {\text{TS}}_{1} } ) $, $ R = ( {R \oplus H} ) \oplus H $ and $ P_{2} = E_{k} ( {H^{*} \parallel Q\parallel R} ) $, where $ {\text{TS}}_{1} $ is the current timestamp. Lastly, $ M_{\text{sg1}} = \left\langle {P_{1} ,P_{2} ,{\text{TS}}_{1} } \right\rangle $ are dispatched to $ R_{\text{S}} $ to choose a new secret key $ S_{k}^{'} $.

Step 2 Upon receiving the message transmission $ M_{\text{sg1}} $, $ R_{S} $ verifies whether $ ( {{\text{TS}}^{'} - {\text{TS}}_{1} } ) \le \Delta_{\text{TS}} $ is valid or not. If the message transmission is unsuccessful, then $ R_{\text{S}} $ aborts the service request. Otherwise, $ R_{\text{S}} $ determines $ K = T_{r} ( {P_{1} } ) \mod p $ to obtain $ ( {Q\parallel R} ) $ by the decryption process $ P_{2} $ with $ K $. In addition, it obtains $ ( {U_{\text{id}} \parallel H\parallel C_{\text{NT}} } ) $ by the process of decryption with $ m_{\text{sk}} $. Then, $ R_{\text{S}} $ verifies whether $ ( {U_{\text{id}} ,C_{\text{NT}} } ) $ is stored in the revocation table or not to examine $ Q = ?h( {I_{\text{d}} \parallel U_{\text{id}} \parallel H\parallel {\text{TS}}_{1} } ) $. If the verification is unsuccessful, then $ R_{\text{S}} $ simply rejects the service authentication request. If the authentication is successful, then $ R_{\text{S}} $ determines $ R^{*} = E_{\text{S}} ( {I_{\text{d}} \parallel U_{\text{id}} \parallel H^{*} \parallel C_{\text{NT}} } ) $, $ Q_{1} = ( {Q \oplus R^{*} } ) $ and $ Q_{2} = h( {K\parallel H^{*} \parallel R^{*} \parallel TS_{1} } ) $. Finally, $ M_{\text{sg2}} = \left\{ {Q_{1} ,Q_{2} } \right\} $ is transmitted to $ S_{\text{C}} $.

Step 3 After receiving $ M_{\text{sg2}} $, $ S_{\text{C}} $ computes $ R^{*} = ( {Q \oplus Q_{1} } ) $ to verify whether $ Q_{2} = ?h( {K\parallel H^{*} \parallel R^{*} \parallel {\text{TS}}_{1} } ) $ is valid to compute $ {\text{Update}}_{\text{key}} = {\text{Key}}_{1} \oplus H^{\prime}( {S_{k} } ) \oplus H^{\prime}( {S_{k}^{'} } ) $, where $ S_{k} $ is the old secret key. If the validation is successful, then $ S_{\text{C}} $ replaces $ {\text{Key}}_{1} $ with $ {\text{Update}}_{\text{key}} $ and $ ( {R \oplus H} ) $ with $ ( {R^{*} \oplus H^{*} } ) $.

Smartcard revocation phase In this phase, a legitimate user wishes to revoke his/her $ S_{\text{C}} $ to obtain a new $ S_{\text{C}} $. The execution steps are as follows:

Step1: $ U_{\text{sr}} $ enters his/her user identity $ U_{\text{id}} $ and secret password $ P_{\text{wd}} $ to choose a random integer $ t_{\text{New}} $ to compute $ H_{\text{New}} = h( {P_{\text{wd}} \parallel t_{\text{New}} } ) $ that is finally dispatched the communication parameters $ \left\langle {U_{\text{id}} ,H_{\text{New}} ,{\text{SC}}_{\text{Revocation}} } \right\rangle $ to $ R_{\text{S}} $ over a public access network.

Step 2 $ R_{\text{S}} $ tries to determine $ \left\langle {U_{\text{id}} ,C_{\text{NT}} } \right\rangle $ from the revocation table to compute $ C_{\text{NT}}^{\text{New}} = C_{\text{NT}} + 1 $ and $ R^{\text{new}} = E_{\text{S}} ( {U_{\text{id}} \parallel H_{\text{New}} \parallel C_{\text{NT}}^{\text{New}} } ) $ using a master secret-key $ m_{\text{sk}} $. Finally, the computation parameters $ \left\langle {U_{\text{id}} ,C_{\text{NT}}^{\text{New}} } \right\rangle $ is stored in its revocation table.

Step 3 $ R_{\text{S}} $ records $ \left\langle {R^{\text{new}} ,h( { . } ),E_{k} ( { . } ) ,x,T_{r} ( x )} \right\rangle $ into $ S_{\text{C}} $ that issues $ S_{\text{C}} $ to $ U_{\text{sr}} $ over a public access network.

Step 4 Upon receiving $ S_{\text{C}} $, $ U_{\text{sr}} $ inserts $ t_{\text{New}} $ to perform the smartcard revocation phase.

Security analysis

This section demonstrates the security analysis of the proposed S-USI mechanism using AKE session-key security and BAN logic. That not only complies with key properties such as mutual authentication and session key agreement but also resilient to the potential attacks such as redirection, replay, forgery, and privileged-insider.

Providing AKE session-key security

The proposed S-USI mechanism reveals that it could provide better session-key security to adopt the models namely real-or-random (RoR) and sequence of the game (SoG) [70, 71]. A Difference Lemma [72] is employed for the game sequence that is as follows:

Lemma 1

(Difference Lemma) Assume that $ X $, $ Y $ and $ F $ be the sequence of events that defines the distribution probability. It is supposed that $ X \wedge \neg F \Leftrightarrow B \wedge \neg F $. It can be expressed as:

$$ \left| {Pr\left[ X \right] - Pr\left[ Y \right]} \right| \le Pr\left[ F \right] $$

Therefore, the above theorem shows that the proposed S-USI mechanism has the AKE session-key security if the extended Chebyshev chaotic-map based $ {\text{DDHP}} $ adheres.

Theorem 1

The distribution probability $ D_{\text{P}} $ demonstrates that $ A_{\text{dv}} $ may wish to terminate the AKE session key security of proposed S-USI to satisfy:

$ {\text{AD}}_{\text{P}}^{\text{AKE}} \le 2 \cdot {\text{AD}}^{\text{DDHP}} + \frac{2}{N} + \frac{1}{{2^{{( {l - 1} )}} }} $, where $ {\text{AD}}^{\text{DDHP}} $ represents the advantage factor that the extended Chebyshev chaotic-map based $ {\text{DDHP}} $ wishes to solve the defined size of $ P_{\text{wd}} $ list and secure parameter $ l $.

Proof

$ {\text{GM}}_{i}^{\text{AKE}} $ is a game probability to define the concurrent events $ E_{i} $ that represents the adversary to win the game. $ {\text{GM}}_{0}^{\text{AKE}} $ signifies the starting of the game to denote a real-time attack opposed to the proposed S-USI mechanism and $ {\text{GM}}_{1}^{\text{AKE}} $ indicates the end of the game to gain or break the AKE Session-Key Security of the proposed S-USI mechanism.

$ Game GM_{0}^{AKE} $ This game represents the real-time attack that is defined as:

$$ {\text{AD}}_{\text{P}}^{\text{AKE}} ( A ) = \left| {2 \cdot { \Pr }\left[ {E_{0} } \right] - 1} \right| $$

(1)

$ Game GM_{1}^{AKE} $ This game corresponds to the parallel-guessing attack. Assume that each $ P_{2} = E_{k} ( {Q\parallel R} ) $ is completely dissimilar where $ Q = h( {I_{\text{d}} \parallel U_{\text{id}} \parallel H\parallel {\text{TS}}_{1} } ) $, $ H = h( {P_{\text{wd}} \parallel t} ) $ and $ K = T_{m} ( {T_{r} ( x ) } ) \mod p $ to select the random integers $ t $ and $ m $ provided by $ U_{\text{sr}} $ and the current timestamp $ {\text{TS}}_{1} $. Therefore, $ A_{\text{dv}} $ has no $ U_{\text{sr}} $ information to guess the $ P_{\text{wd}} $. This analysis proves that the resilient to the password-guessing attack is evaluated by the given probability that defines the message transmission $ P_{2} = E_{k} ( {Q\parallel R} ) $ to indicate whether the password-guessing is correct. Thus, it is said to be:

$$ \left| {{ \Pr }\left[ {E_{0} } \right] - { \Pr }\left[ {E_{1} } \right]} \right| \le \frac{1}{N} $$

(2)

$ Game GM_{2}^{AKE} $ This game considers the transformation of $ {\text{GM}}_{1}^{\text{AKE}} $ into $ {\text{GM}}_{2}^{\text{AKE}} $ to choose a random integer in place of computing a hash function. Subsequently, $ {\text{GM}}_{1}^{\text{AKE}} $ and $ {\text{GM}}_{2}^{\text{AKE}} $ are excepted to be indistinguishable excluding the collision hash function $ {\text{GM}}_{2}^{\text{AKE}} $. According to birthday-paradox [70] and Lemma 1, it has:

$$ \left| {Pr\left[ {E_{1} } \right] - Pr\left[ {E_{2} } \right]} \right| \le \frac{1}{{2^{l} }} $$

(3)

$ Game GM_{3}^{AKE} $ This game considers $ {\text{GM}}_{2}^{\text{AKE}} $ to transform using triple samples $ X,Y,Z $ that defines a random distribution $ T_{m} ( x ) \mod p, T_{n} ( x ) \mod p, T_{z} ( x ) \mod p $ rather than the extended Chebyshev chaotic-map based $ {\text{DDHP}} $. $ {\text{GM}}_{2}^{\text{AKE}} $ is thus similar to $ {\text{GM}}_{3}^{\text{AKE}} $ to define:

$$ { \Pr }\left[ {E_{2} } \right] = { \Pr }\left[ {E_{3} } \right] $$

(4)

Assume that a challenger $ {\text{CH}}_{\text{DDHP}} $ tries to disrupt the indistinguishability of extended Chebyshev chaotic-map based $ {\text{DDHP}} $ and $ A_{\text{dv}}^{\text{AKE}} $ be denoted to break up the property of session-key security. $ {\text{CH}}_{\text{DDHP}} $ yields the real-key $ \lambda $ to $ A_{\text{dv}}^{\text{AKE}} $ if the unbiased coin returns a bit $ \left\langle {c = 1} \right\rangle $. Otherwise, $ \left\langle {c = 0} \right\rangle $ is returned to execute a random-string i.e. for $ A_{\text{dv}}^{\text{AKE}} $. Subsequently, $ A_{\text{dv}}^{\text{AKE}} $ returns the output function to guess a bit $ \left\langle {c^{\prime}} \right\rangle $ to win a game if $ \left\langle {c^{\prime} = = c} \right\rangle $. $ A_{\text{dv}}^{\text{DDHP}} $ executes the output exactly as defined in the proceeding experiment excluding $ \left\langle {X,Y,Z} \right\rangle $, which is defined to be an input variable. If $ A_{\text{dv}}^{\text{AKE}} $ executes the output function $ \left\langle c \right\rangle $, then $ A_{\text{dv}}^{\text{AKE}} $ returns the output $ \left\langle 1 \right\rangle $. Otherwise, it returns the output $ \left\langle 0 \right\rangle $. If $ \left\langle {X,Y,Z} \right\rangle $ is considered to be a real extended Chebyshev chaotic-map based $ {\text{DDHP}} $, then $ {\text{A}}_{\text{dv}}^{\text{DDHP}} $ executes $ A_{\text{dv}}^{\text{AKE}} $ in $ {\text{GM}}_{3}^{\text{AKE}} $. Thus, it equals $ { \Pr }\left[ {{\text{Event that }}A_{\text{dv}}^{\text{DDHP}} {\text{executes}}\left\langle { 1} \right\rangle } \right] $ with $ { \Pr }\left[ {E_{3} } \right] $. If $ \left\langle {X,Y,Z} \right\rangle $ is defined to be a random triple variable, then $ A_{\text{dv}}^{\text{DDHP}} $ executes an output function $ A_{\text{dv}}^{\text{AKE}} $ to equate $ { \Pr }\left[ {{\text{Event that }}A_{\text{dv}}^{\text{DDHP}} {\text{executes }}\left\langle 1 \right\rangle } \right] $ with $ { \Pr }\left[ {E_{4} } \right] $. Thus, it is defined as:

$$ \left| {{ \Pr }\left[ {E_{3} } \right] - { \Pr }\left[ {E_{4} } \right]} \right| \le {\text{AD}}^{\text{DDHP}} ( {A_{\text{dv}}^{\text{DDHP}} } ) $$

(5)

Eventually, it claims that no information message about unbiased coin bit $ \left\langle c \right\rangle $ is disclosed to infer the secret session-key including random and independent variables of the proposed S-USI scheme. It is defined as:

$$ { \Pr }\left[ {E_{4} } \right] = \frac{1}{2} $$

(6)

Using Lemma 1, the above Eqs. (1) to (6) can be combined to yield:

$$ {\text{AD}}_{\text{P}}^{\text{AKE}} ( {{\text{A}}_{\text{dv}}^{\text{AKE}} } ) \le 2 \cdot {\text{AD}}^{\text{DDHP}} + \frac{2}{N} + \frac{1}{{2^{{( {l - 1} )}} }} $$

Hence, the proof is resolved.

Providing a property of session-key agreement The proposed S-USI scheme adheres with the property of proper session-key agreement.

Proof

By the above Theorem 1, the security of session-key agreement is completely based on extended Chebyshev chaotic-map based $ {\text{DDHP}} $ to avoid the security weaknesses provided in Bergamo et al. [49]. Thus, it can be neither $ U_{\text{sr}} $ nor $ R_{\text{S}} $ to determine a session-key $ S_{k} $ to satisfy the property of the session-key agreement.

Resilient to replay attack The proposed S-USI scheme provides a secret-key update phase to resist the replay attack.

Proof In the S-USI scheme, a secret-key update phase uses $ S_{\text{C}} $ to transmit the message transmission $ M_{\text{sg1}} = \left\langle {P_{1} ,P_{2} ,{\text{TS}}_{1} } \right\rangle $ i.e. to $ R_{\text{S}} $, where $ {\text{TS}}_{1} $ is the current timestamp, $ P_{1} = T_{m} ( x ) \mod p $, $ K = T_{m} ( {T_{r} ( x ) } ) \mod p $ and $ Q = h( {I_{\text{d}} \parallel U_{\text{id}} \parallel H\parallel {\text{TS}}_{1} } ) $. From the verification of timestamp $ {\text{TS}}_{1} $ and $ Q = ?h( {I_{\text{d}} \parallel U_{\text{id}} \parallel H\parallel {\text{TS}}_{ 1} } ) $, the key freshness of message transmission can be obtained. Thus, the proposed S-USI mechanism can restrict the replay attack.

Resilient to denial-of-service attack The proposed S-USI scheme provides a secret-key update phase to resist the denial-of-service (DoS) attack.

Proof

Since $ S_{\text{C}} $ verifies the updated data $ R^{*} $ by validating on $ Q_{2} = h( {K\parallel H^{*} \parallel R^{*} \parallel {\text{TS}}_{1} } ) $ to substitute $ R $ with $ R^{*} $ where $ {\text{TS}}_{1} $ is the current timestamp generated by $ S_{\text{C}} $ to produce $ H^{*} = h( {P_{\text{wd}}^{*} \parallel t} ) $. It is claimed that none of the $ A_{\text{dv}} $ can modify the response message $ M_{\text{sg1}} = \left\langle {P_{1} ,P_{2} ,{\text{TS}}_{1} } \right\rangle $. Hence, the proposed S-USI mechanism can prevent the denial-of-service attack.

Resilient to privileged-insider attack The proposed S-USI scheme provides a secret-key update phase to resist the privileged-insider attack.

Proof

In S-USI, each legitimate user has $ ( {x,T_{r} ( x )} ) $ in $ S_{\text{C}} $ that is based on extended Chebyshev chaotic-map based $ {\text{DDHP}} $ that strengthen the session-key agreement. Therefore, $ A_{\text{dv}} $ could not derive a secret key $ s_{\text{k}} $ and a session-key $ S_{k} $ which is mutually communicated between another $ U_{\text{sr}} $ and $ R_{\text{S}} $ during authenticated and key agreement and secret-key update phase. The analysis proves that none of the $ A_{\text{dv}} $ can receive $ ( {Q\parallel R} ) $ and $ ( {U_{\text{id}} \parallel H\parallel C_{\text{NT}} } ) $ during the authentication and key agreement phase; $ ( {H^{*} \parallel Q\parallel R} ) $ and $ ( {U_{\text{id}} \parallel H\parallel C_{\text{NT}} } ) $ during the secret-key update phase. It is claimed that $ U_{\text{sr}} $ has much difficult to forge a valid request message to impersonate as a legitimate user. Therefore, the proposed S-USI mechanism is resilient to privileged-insider attack.

Client anonymity and identity protection For any devices $ M_{\text{d}} /M_{\text{s}} $, the proposed S-USI substitutes $ I_{\text{d}} $ instead of client identities $ U_{\text{id}} /S_{\text{id}} $. As it applies a pseudonym identity for the client devices, $ A_{\text{dv}} $ may not compute a real identity of any communication devices until the unary identity verification is successfully passed.

Moreover, the pseudonym identities generate a valid session key for both server and clients $ M_{\text{d}} /M_{\text{s}} $, neither the client nor server may compute the real identities to establish a secure session of each other. This strategy is applied to restrict the information leakage between the client devices and server to $ A_{\text{dv}} $. Thus, the proposed S-USI can adhere to the properties of client anonymity and identity protection.

Traceability The existing authentication protocols [16, 19, 20] cannot offer a reliable feature of traceability as the pseudo-identities are known to the communication network. However, the proposed S-USI can compute the real identities of client/server to protect the pseudonym identities when $ M_{\text{d}} /M_{\text{s}} $ derives the anonymity function using $ {\text{key}} = {\text{PRF}}_{{S_{k} }} ( {H( {I_{\text{d}} } )} ) \oplus H^{\prime}( {S_{{k_{0} }} } ) $. Hence, the proposed S-USI mechanism offers the feature of traceability to verify the genuineness of application service.

Mutual authenticity Using system authentication, the proposed S-USI claims that it can offer a property mutual authentication between the client devices $ M_{\text{d}} /M_{\text{s}} $. To confirm the legitimacy, $ {\text{Key}}_{\text{verif}} = {\text{Key}}_{1} \oplus H^{\prime}( {S_{k} } ) $ is utilized. Besides, the key derivatives namely $ {\text{Key}}_{{{\text{SS}}_{k}^{'} }} ( {M_{{{\text{id}}^{\text{S}} }} , U_{\text{id}} ,S_{\text{id}} ,g^{{S_{k} }} } ) $ and $ {\text{Key}}_{{{\text{PE}}_{k}^{'} }} ( {{\text{Key}}_{\text{verif}} ,U_{\text{id}} ,S_{\text{id}} , g^{{S_{k} }} } ) $ are executed to achieve a process of key validation. Thus, the proposed S-USI offers a feature of mutual authentication to gain legitimacy access.

Secret session key agreement To offer data protection between the devices and servers, the proposed S-USI determines $ Q_{2} = h( {\lambda \parallel U_{\text{id}} \parallel Q_{1} \parallel {\text{TS}}_{2} } ) $ over a public network. It uses a valid secret key to be shared between the devices remotely. As a result, the proposed S-USI embeds a tightly coupled hashing $ {\text{key}} = {\text{PRF}}_{{S_{k} }} ( {H( {I_{\text{d}} } )} ) \oplus H^{\prime}( {S_{{k_{0} }} } ) $ to protect the end-to-end connectivity. Hence, the proposed S-USI achieves secret session key agreement with firmness between the devices $ M_{\text{d}} /M_{\text{s}} $.

Secret key update/change In the phase of secret-key update/change, the users may change his/her secret key by the execution of $ {\text{Update}}_{\text{key}} = {\text{Key}}_{1} \oplus H^{\prime}( {S_{k} } ) \oplus H^{\prime}( {S_{k}^{'} } ) $. It will later affect the parameters, such as $ {\text{PE}}_{k} ,{\text{PE}}_{k}^{'} , I_{\text{d}} ,{\text{Key}},p,g,q $ to verify and validate the data transmission of the users. Thus, the proposed S-USI mechanism claims that the secret key update/change to the users is safe.

Resilient to forgery and insider attack The proposed S-USI protects the device identities, whereby $ A_{\text{dv}} $ cannot tamper the device identities or credentials to check the data integrity. Moreover, the proposed S-USI derives the expression $ {\text{key}} = {\text{PRF}}_{{S_{k} }} ( {H( {I_{\text{d}} } )} ) \oplus H^{\prime}( {S_{{k_{0} }} } ) $ to verify the secret key of the communication devices. It is noted that $ I_{\text{d}} $ is incorporated to protect the device access. Thus, the proposed S-USI claims that the device identities can be embedded tightly to protect the system privileges from the threats including data forgery and insider.

Resilient to Eavesdropping attack $ A_{\text{dv}} $ cannot infer deduce the device confidential as it may not be able to overhear/eavesdrop the device communication over a public channel. Since $ I_{\text{d}} $ often changes for the devices $ M_{\text{d}} /M_{\text{s}} $, the device secret key $ {\text{key}} = {\text{PRF}}_{{S_{k} }} ( {H( {I_{\text{d}} } )} ) \oplus H^{\prime}( {S_{{k_{0} }} } ) $ changes dynamically over some time during the login request.

Thus, the proposed S-USI asserts that $ A_{\text{dv}} $ cannot collect any previous details to interfere/eavesdrop on the public networks. Besides, $ A_{\text{dv}} $ cannot obtain neither $ {\text{key}} = {\text{PRF}}_{{S_{k} }} ( {H( {I_{\text{d}} } )} ) \oplus H^{\prime}( {S_{{k_{0} }} } ) $ nor $ {\text{Update}}_{\text{key}} = {\text{Key}}_{1} \oplus H^{\prime}( {S_{k} } ) \oplus H^{\prime}( {S_{k}^{'} } ) $ to achieve transmission efficiency and data confidentiality. Hence, the proposed S-USI can resist the eavesdropping attack.

Resilient to Masquerade attack $ A_{\text{dv}} $ cannot infer or derive the legal credential of the device as the device identities are strongly integrated using unary identity $ I_{\text{d}} $. Moreover, the communication devices verify the network access using $ {\text{Key}}_{\text{verif}} = {\text{Key}}_{1} \oplus H^{\prime}( {S_{k} } ) $ to derive the logic system executions including key computation, verification, and communication to establish the services between the devices via the proposed S-USI over a public network. Thus, the proposed S-USI can protect the network from a masquerade attack.

Resilient to offline password guessing attack Suppose $ A_{\text{dv}} $ infers the user identities $ U_{\text{id}} $ from the previous session $ M_{\text{sg1}}^{\text{Old}} $ and $ M_{\text{sg2}}^{\text{Old}} $. Then, he/she may try to collect or guess a user password and identity such as $ U_{\text{id}}^{*} $ and $ P_{\text{wd}}^{*} $ respectively through the computation of $ H = h( {P_{\text{wd}} \parallel t} ) $ and $ H^{*} = h( {P_{\text{wd}}^{*} \parallel t} ) $ to generate a random integer $ m $ to recalculate $ P_{1} = T_{m} ( x ) \mod p $, $ K = T_{m} ( {T_{r} ( x ) } ) {\text{mod p}} $, $ Q = h( {I_{\text{d}} \parallel U_{\text{id}} \parallel H\parallel {\text{TS}}_{1} } ) $, $ R = ( {R \oplus H} ) \oplus H $ and $ P_{2} = E_{k} ( {H^{*} \parallel Q\parallel R} ) $, where $ {\text{TS}}_{1} $ is the current timestamp. However, the parameters known as $ \left\langle {P_{1} ,K,Q,R,P_{2} } \right\rangle $ cannot be guessed without the proper occurrence of timestamp $ {\text{TS}}_{1} $. Therefore, the proposed S-USI mechanism can be resilient to an offline password guessing attack. This is also to note that after the successful inference of $ P_{\text{wd}}^{*} $, $ A_{\text{dv}} $ may try to perform a computation of $ H^{*} = h( {P_{\text{wd}}^{*} \parallel t} ) $ to examine $ Q = ?h( {I_{\text{d}} \parallel U_{\text{id}} \parallel H\parallel {\text{TS}}_{1} } ) $. If the verification is unsuccessful, then $ R_{\text{S}} $ simply rejects the service authentication request. If the authentication is successful, then $ R_{\text{S}} $ determines $ R^{*} = E_{\text{S}} ( {I_{\text{d}} \parallel U_{\text{id}} \parallel H^{*} \parallel C_{\text{NT}} } ) $, $ Q_{1} = ( {Q \oplus R^{*} } ) $ and $ Q_{2} = h( {K\parallel H^{*} \parallel R^{*} \parallel {\text{TS}}_{1} } ) $ to provide authentic service access to an adversary.

Resilient to user impersonation attack To act as a legal user, $ A_{\text{dv}} $ performs a valid computation that provides an input $ P_{wd} $ to compute $ H = h( {P_{\text{wd}} \parallel t} ) $ and $ R = ( {R \oplus H} ) \oplus H $. The above computation is used to generate a random integer $ m $ that computes $ P_{1} = T_{m} ( x ) \mod p $, $ K = T_{m} ( {T_{r} ( x ) } ) {\text{mod }}p $, $ Q = h( {I_{\text{d}} \parallel U_{\text{id}} \parallel H\parallel {\text{TS}}_{1} } ) $ and $ P_{2} = E_{k} ( {Q\parallel R} ) $, where $ {\text{TS}}_{1} $ is the current timestamp. However, $ A_{\text{dv}} $ cannot perform a valid computation for the given expression $ \left\{ {P_{1} , Q,P_{2} } \right\} $ to pretend as a legal user. Thus, the proposed S-USI scheme claims that it can be resilient to user impersonation attack. This is also to note that $ A_{\text{dv}} $ may infer a proper timestamp $ {\text{TS}}_{i} $ and random integer $ x $ to compute: $ R^{*} = E_{\text{S}} ( {I_{\text{d}} \parallel U_{\text{id}} \parallel H^{*} \parallel C_{\text{NT}} } ) $, $ Q_{1} = ( {Q \oplus R^{*} } ) $ and $ Q_{2} = h( {K\parallel H^{*} \parallel R^{*} \parallel {\text{TS}}_{ 1} } ) $. Finally, a legal message transmission for $ U_{\text{sr}} $ can be determined to generate a secure session-key $ \lambda = T_{m} ( {Q_{1} } ) \mod p $ to verify whether $ Q_{2} = ? $ $ ( {\lambda \parallel U_{\text{id}} \parallel Q_{1} \parallel {\text{TS}}_{2} } ) $ is valid or not to process the service request to a remote server $ R_{\text{S}} $.

Resilient to server-spoofing attack To act as a remote server $ R_{\text{S}} $ and forge a valid user authentic request $ M_{\text{sg2}} $, $ A_{\text{dv}} $ may infer a random integer $ p_{k} $ as a private secret-key and a master secret-key $ m_{\text{sk}} $ to perform a computation of $ {\text{key}} = {\text{PRF}}_{{S_{k} }} ( {H( {I_{\text{d}} } )} ) \oplus H^{\prime}( {S_{{k_{0} }} } ) $, $ R = E_{\text{S}} ( {I_{\text{d}} \parallel H} ) $ and $ D = H \oplus ( {x\parallel T_{r} ( x )} ) $ using $ m_{\text{sk}} $ where $ S_{{k_{0} }} $ is a session key newly generated to validate the users’ identity. Thus, the proposed S-USI scheme can be free from a server-spoofing attack.

Free password selection A critical element of system login is password or user secret-key that can only be selected or updated through the authentication property of the proposed S-USI scheme by any $ U_{\text{ser}} $. In S-USI scheme, each $ U_{\text{ser}} $ can opt for his/her password or secret-key without any limitation. However, a long-term secret key could be employed without the use of an input element when any $ U_{\text{ser}} $ tries to access the system login as referred to [71].

Construction of session-key In the execution of the system authentication phase, the proposed S-USI scheme provides access to the communication parties such as $ U_{\text{ser}} $ and $ R_{\text{S}} $ through the establishment of a secret session key. However, there would not be any secret-session key constructed for both the parties during the system authentication phase [5]. Thus, without the incorporation of session key encryption, no secure communication can be established to guarantee secure communication sessions.

Strong forward secrecy Even if $ A_{\text{dv}} $ infers the confidential information of communication parties such as $ U_{\text{ser}} $ and $ R_{\text{S}} $, he/she could not compute $ {\text{key}} = {\text{PRF}}_{{S_{k} }} ( {H( {I_{\text{d}} } )} ) \oplus H^{\prime}( {S_{{k_{0} }} } ) $ without the knowledge of the previous timestamp $ {\text{TS}}_{1} $ and $ {\text{TS}}_{2} $. According to extended Chebyshev chaotic-map based $ {\text{DDHP}} $, it is very hard to calculate a valid secret session-key. Table 3 shows the comparison of proposed S-USI and other related schemes with AKA security properties.

Table 3 Comparison of AKE security properties with proposed S-USI and other existing schemes

Full size table

From Table 3, it is observed that various AKA security properties are cross-examined with the proposed S-USI and existing authentication scheme. Nikooghadam et al. [52] achieve the properties of session-key agreement and secret-key update and withstand the replay attack; Chaudhry et al. [53] offer the properties of session-key agreement and secret-key update; Arshad et al. [50] provide session-key agreement, secret-key update, privileged-insider, Traceability, and User Impersonation; Lu et al. [7] make available for a replay attack, privileged-insider attack, Traceability, Secret Key Update/Change, and Offline Password Guessing; Amin and Biswas [54] allow for a replay attack, Secret Key Update/Change, Offline Password Guessing Attack and Strong Forward Secrecy; and Chandrakar et al. [55] cause to achieve replay attack, privileged-insider attack, traceability, secret key update/change, offline password guessing attack, user impersonation attack, and strong forward secrecy. However, the proposed S-USI scheme can fulfill the important security properties of the AKA protocol in comparison with other authentication schemes [7, 50, 52,53,54,55].

Analysis using BAN logic

This subsection discusses a logical analysis of the proposed S-USI scheme that uses a logical tool to examine the security efficiency of cryptography protocol. Burrows et al. [76] and Buttyan et al. [77] presents a formal method to validate the mutual authentication and session-key agreement of the proposed scheme. Assume that $ X $ and $ Y $ define the principal range to determine the essential quality of a communication channel $ C $ and message transmission i.e. $ A $ and $ B $. Table 4 shows the important notation used in the BAN logic tool.

Table 4 Important notation used in BAN logic

Full size table

The proposed S-USI scheme is logically described as follows:

$$ {\text{Step}}1:\;R_{\text{S}} \triangleleft \left\langle {\left\{ {\begin{array}{*{20}c} {T_{\text{a}} ( x ) \mod p} \\ \to \\ {{\text{DDHP}}\;\left\langle {\text{Public}} \right\rangle } \\ \end{array} U_{\text{ser}} ,} \right.C_{{R_{\text{S}} ,U_{\text{ser}} }} ( { H( {I_{\text{d}} \parallel U_{\text{id}} \parallel H\parallel {\text{TS}}_{1} } ), R} ),{\text{TS}}_{1} } \right\rangle $$

$$ {\text{Step}}2:\;U_{\text{ser}} \triangleleft \left\langle {\left\{ {\begin{array}{*{20}c} {T_{b} ( x ) \mod p} \\ \to \\ {{\text{DDHP}}\;\left\langle {\text{Public}} \right\rangle } \\ \end{array} R_{\text{S}} ,} \right.( { H( {I_{\text{d}} \parallel U_{\text{id}} \parallel h( {P_{\text{wd}} \parallel t} )\parallel {\text{TS}}_{1} } ), {\text{TS}}_{2} } )_{\lambda } ,{\text{TS}}_{2} } \right\rangle $$

Rule of inference using BAN logic

A different set of inference rules using BAN logic is listed in below to derive the security robustness of the proposed S-USI scheme.

〈Interpretation Rule〉

$ I_{R1} : \frac{P \triangleleft C( X ), P \in r( C )}{{P \equiv ( {P \triangleleft X|C} ),P \triangleleft X}} $, if $ \left\langle P \right\rangle $ obtains to read $ \left\langle X \right\rangle $ through a wireless communication channel $ \left\langle C \right\rangle $, then $ \left\langle P \right\rangle $ ascertains that $ \left\langle X \right\rangle $ has reached onto $ \left\langle C \right\rangle $ to claim that $ \left\langle P \right\rangle $ perceives $ \left\langle X \right\rangle $.

$ I_{R2} : \frac{{P \triangleleft ( {X,Y} )}}{{( {P \triangleleft X} ) ( {P \triangleleft Y} )}} $, if $ \left\langle P \right\rangle $ persuades a hybrid message transmission $ \left\langle {X,Y} \right\rangle $, then $ \left\langle P \right\rangle $ assures to separate the transmission $ \left\langle X \right\rangle $ and $ \left\langle Y \right\rangle $.

$ I_{R3} : \frac{{P \equiv \left\langle {w( C ) = \left\{ {P,Q} \right\}} \right\rangle }}{{P \equiv ( {P \triangleleft X|C} ) \to Q|\sim X}} $, if $ \left\langle P \right\rangle $ ascertains that $ \left\langle C \right\rangle $ may only be known to $ \left\langle P \right\rangle $ and $ \left\langle Q \right\rangle $, then $ \left\langle P \right\rangle $ assures that if $ \left\langle P \right\rangle $ obtains $ \left\langle X \right\rangle $ over a communication channel $ \left\langle X \right\rangle $, then $ \left\langle Q \right\rangle $ is said to know $ \left\langle X \right\rangle $.

$ I_{R4} : \frac{{P \equiv \left\langle {Q|\sim ( {X,Y} )} \right\rangle }}{{P \equiv ( {Q|\sim X} ),P \equiv ( {Q|\sim Y} )}} $, if $ \left\langle P \right\rangle $ ascertains that $ \left\langle Q \right\rangle $ is known to have a hybrid message $ \left\langle {X,Y} \right\rangle $, then $ \left\langle P \right\rangle $ assures that $ \left\langle Q \right\rangle $ indicate a separation of $ \left\langle X \right\rangle $ and $ \left\langle Y \right\rangle $.

$ I_{R5} :\frac{{\left\langle {P \equiv \frac{a}{{{\text{DDHP}}\;\left\langle {\text{Secret}} \right\rangle }}} \right\rangle P,\left\langle {P \equiv \frac{{T_{b} ( x ) \mod p}}{{{\text{DDHP}}\;\left\langle {\text{Public}} \right\rangle }} } \right\rangle Q}}{{\left\langle {P \equiv \overset {T_{ab} ( x ) \mod p} \longleftrightarrow Q} \right\rangle }} $, if $ \left\langle P \right\rangle $ ascertains that $ \left\langle a \right\rangle $ is said to be an extended Chebyshev chaotic-map based decisional Diffie Hellman $ \left\langle {\text{Secret}} \right\rangle $ and $ T_{a} ( x ) \mod p $ is the extended Chebyshev chaotic-map based decisional Diffie Hellman $ \left\langle {\text{Component}} \right\rangle $ from $ \left\langle {\text{Secret}} \right\rangle $, then $ T_{ab} ( x ) \mod p $ is a symmetric key encryption technique to share between the communication parties i.e. $ P $ and $ Q $.

〈A Rule of Key Freshness〉

$ I_{R6} : \frac{P| \equiv \# X}{{P| \equiv \# \left\langle {X,Y} \right\rangle }} $, if $ P $ ascertains that a part of message transmission $ \left\langle X \right\rangle $ is fresh, then it is assumed that the complete data message $ \left\langle {X,Y} \right\rangle $ to provide a rule of key freshness.

$ I_{R7} : \frac{{P \equiv ( {Q|\sim X} ) P \equiv \# ( X )}}{{P \equiv ( {Q|\sim X} )}} $, if $ P $ ascertains that $ Q $ obtains $ X $ and also believes $ X $ to gain a factor of key freshness, then $ P $ assures that $ Q $ has acquired the information of $ X $.

〈A Rule of Rationality〉

$ I_{R8} : $ $ \frac{{P \equiv ( {\emptyset_{1} - \emptyset_{2} } ) P \equiv \emptyset_{1} }}{{P \equiv \emptyset_{2} }} $, if $ P $ assures that $ \emptyset_{1} $ entails $ \emptyset_{2} $ and $ P $ assures that $ \emptyset_{1} $ is true, then $ P $ be certain of $ \emptyset_{2} $ is true.

Initial BAN Logic Assumption

The following assumptions are made to analyze and prove the mutual authentication property of the proposed S-USI scheme.

$ \left\langle A \right\rangle_{1} :A \in r\left\langle {C_{A,B} } \right\rangle $: $ A $ may read the messages through channel reader $ C_{A,B} $

$ \left\langle A \right\rangle_{2} :A \equiv ( {w\left\langle {C_{A,B} } \right\rangle = \left\langle {A,B} \right\rangle } ) = $: A ascertains that $ A $ and $ B $ may write the messages through channel writer $ C_{A,B} $

$ \left\langle A \right\rangle_{3} :A \equiv ( {B\parallel \sim \emptyset \to \emptyset } ) $: A ascertains that $ B $ can only perceive whether the transmission is trustworthy or not.

$ \left\langle A \right\rangle_{4} :A \equiv \ne \left\langle {N_{A} } \right\rangle $: A ascertains key freshness of $ \left\langle {N_{A} } \right\rangle $

$ \left\langle A \right\rangle_{5} :A \equiv \frac{a}{{{\text{DDHP}}\;\left\langle {\text{Secret}} \right\rangle }} \left\langle A \right\rangle $: A ascertains that a parameter $ \left\langle a \right\rangle $ is chosen the extended Chebyshev chaotic-map based decisional Diffie Hellman problem to prove its secrecy.

Security goals

The following goals are considered to validate the mutual authentication property of the proposed S-USI scheme.

$ {\text{Goal}}_{1} : $ $ U_{\text{ser}} \equiv U_{\text{ser}} \overset {T_{ab} ( x ) \mod p} \longleftrightarrow R_{\text{S}} : $ $ U_{\text{ser}} $ ascertains that $ \lambda = T_{ab} ( x ) \mod p $ is a symmetric key encryption technique to share between the communication parties i.e. $ U_{\text{ser}} $ and $ R_{\text{S}} $.

$ {\text{Goal}}_{2} : $ $ R_{\text{S}} \equiv U_{\text{ser}} \overset {T_{ab} ( x ) \mod p} \longleftrightarrow R_{\text{S}} : $ $ R_{\text{S}} $ ascertains that $ \lambda = T_{ab} ( x ) \mod p $ is a symmetric key encryption technique to share between the communication parties i.e. $ U_{\text{ser}} $ and $ R_{\text{S}} $.

$ {\text{Goal}}_{3} : $ $ U_{\text{ser}} \equiv R_{\text{S}} \equiv U_{\text{ser}} \overset {T_{ab} ( x ) \mod p} \longleftrightarrow R_{\text{S}} : $ $ U_{\text{ser}} $ ascertains that $ R_{\text{S}} $ is agreed with $ \lambda = T_{ab} ( x ) \mod p $ as a symmetric key encryption technique to share between the communication parties i.e. $ U_{\text{ser}} $ and $ R_{\text{S}} $.

$ {\text{Goal}}_{4} : $ $ R_{\text{S}} \equiv U_{\text{ser}} \equiv U_{\text{ser}} \overset {T_{ab} ( x ) {\text{mod }}p} \longleftrightarrow R_{\text{S}} : $ Remote server $ R_{\text{S}} $ ascertains that $ R_{\text{S}} $ is agreed with $ \lambda = T_{ab} ( x ) \mod p $ as a symmetric key encryption technique to share between the communication parties i.e. $ U_{\text{ser}} $ and $ R_{\text{S}} $.

To accomplish $ \left\langle {\text{Goal}} \right\rangle_{1} $, the below analysis is made:

$$ U_{{{\text{ser}}}} \equiv \xrightarrow[{{\text{DDHP}}\;\left\langle {{\text{Secret}}} \right\rangle }]{a}U_{{{\text{ser}}}} $$

(5)

$$ {\text{and}}\;U_{{{\text{ser}}}} \equiv \xrightarrow[{{\text{DDHP}}\;\left\langle {{\text{Secret}}} \right\rangle }]{{T_{a} \left( x \right)~{\text{mod}}~p}}U_{{{\text{ser}}}} . $$

(6)

The Eqs. (5) and (6) should adhere owing to Interpretation Rule $ I_{R3} $ and BAN Logic Assumption $ \left\langle A \right\rangle_{5} $. To strengthen security efficiency, the Eq. (6) has:

$$ U_{{{\text{ser}}}} \equiv \left( {R_{{\text{S}}} \parallel \sim \xrightarrow[{{\text{DDHP}}\;\left\langle {{\text{public}}} \right\rangle }]{{T_{b} \left( x \right)~{\text{mod}}~p}}R_{{\text{S}}} ,\left( {~H\left( {I_{{\text{d}}} \parallel U_{{{\text{id}}}} \parallel h\left( {P_{{{\text{wd}}}} \parallel t} \right)\parallel {\text{TS}}_{1} } \right),~{\text{TS}}_{2} } \right)_{\lambda } ,{\text{TS}}_{2} \to \xrightarrow[{{\text{DDHP}}\;\left\langle {{\text{public}}} \right\rangle }]{{T_{b} \left( x \right)~{\text{mod~}}p}}R_{{\text{S}}} } \right) $$

(7)

$$ {\text{and}}\;U_{{{\text{ser}}}} \equiv \left( {R_{{\text{S}}} \parallel \sim \xrightarrow[{{\text{DDHP}}\;\left\langle {{\text{publicpublic}}} \right\rangle }]{{T_{b} \left( x \right)~{\text{mod}}~p}}R_{{\text{S}}} } \right)~ $$

(8)

The Eqs. (7) and (8) should adhere owing to BAN Logic Assumption $ \left\langle A \right\rangle_{3} $ and Rule of Rationality $ I_{R8} $. To extend the robustness of the proposed S-USI scheme, the Eq. (8) has:

$$ U_{{{\text{ser}}}} \equiv \# \left( {\xrightarrow[{{\text{DDHP}}\;\left\langle {{\text{public}}} \right\rangle }]{{T_{b} \left( x \right)~{\text{mod~}}p}}R_{{\text{S}}} } \right) $$

(9)

The Eq. (9) holds because of A Rule of Key Freshness $ \left\langle {I_{R6} , I_{R7} } \right\rangle $ and BAN Logic Assumption $ \left\langle A \right\rangle_{4} $. It has:

$$ U_{\text{ser}} \in r( {C_{{R_{\text{S}} ,U_{\text{ser}} }} } ) $$

(10)

$$ U_{\text{ser}} \equiv ( {w\left\langle {r( {C_{{R_{\text{S}} ,U_{\text{ser}} }} } )} \right\rangle = \left\{ {U_{\text{ser}} ,R_{\text{S}} } \right\}} ) $$

(11)

$$ {\text{and}}\;U_{{{\text{ser}}}} \equiv \triangleleft C_{{R_{S} ,U_{{{\text{ser}}}} }} \left( {\xrightarrow[{{\text{DDHP}}\;\left\langle {{\text{public}}} \right\rangle }]{{T_{b} \left( x \right)~{\text{mod}}~p}}R_{{\text{S}}} } \right) $$

(12)

The Eqs. (10), (11) and (12) hold owing to Interpretation Rule $ I_{R1} $, $ I_{R2} $ and $ I_{R3} $ and BAN Logic Assumption $ \left\langle A \right\rangle_{1} $ and $ \left\langle A \right\rangle_{2} $. Using Interpretation Rule $ I_{R5} $, the proposed S-USI scheme realizes:

$$ {\text{Goal}}_{1} :U_{{{\text{ser}}}} \equiv \left( {U_{{{\text{ser}}}} \underset{{{\text{DDHP}}\;\left\langle {{\text{public}}} \right\rangle }}{\overset{{T_{{ab}} \left( x \right)~{\text{mod}}~p}}{\longleftrightarrow}}R_{{\text{S}}} } \right)~. $$

Correspondingly, the proposed S-USI scheme derives:

$ {\text{Goal}}_{2} :~R_{{\text{S}}} \equiv \left( {U_{{{\text{ser}}}} \underset{{{\text{DDHP}}\;\left\langle {{\text{public}}} \right\rangle }}{\overset{{T_{{ab}} \left( x \right)~{\text{mod}}~p}}{\longleftrightarrow}}R_{{\text{S}}} } \right) $ to satisfy its conditional derivation with $ \left\langle {\text{Goal}} \right\rangle_{1} $. To execute the security goal $ {\text{Goal}}_{3} $, it has:

$$ U_{{{\text{ser}}}} \equiv \left( {R_{{\text{S}}} \parallel \sim \left( {U_{{{\text{ser}}}} \underset{{{\text{DDHP}}\left\langle {{\text{public}}} \right\rangle }}{\overset{{T_{{ab}} \left( x \right)~mod~p}}{\longleftrightarrow}}R_{{\text{S}}} } \right)~ \to \left( {R_{{\text{S}}} \equiv \left( {U_{{{\text{ser}}}} \underset{{{\text{DDHP}}\;\left\langle {{\text{public}}} \right\rangle }}{\overset{{T_{{ab}} \left( x \right)~{\text{mod~}}p}}{\longleftrightarrow}}R_{{\text{S}}} } \right)~} \right)} \right), $$

(13)

$$ U_{{{\text{ser}}}} \equiv \left( {R_{{\text{S}}} \parallel \sim ~U_{{{\text{ser}}}} \underset{{{\text{DDHP}}\left\langle {{\text{public}}} \right\rangle }}{\overset{{T_{{ab}} \left( x \right)~{\text{mod}}~p}}{\longleftrightarrow}}R_{{\text{S}}} } \right). $$

(14)

The Eqs. (13) and (14) hold owing to the Rule of Rationality $ I_{R8} $ and BAN Logic Assumption $ \left\langle A \right\rangle_{3} $. To accomplish the security goal, the Eq. (14) has:

$$ U_{{{\text{ser}}}} \equiv \left( {R_{{\text{S}}} |\sim ~U_{{{\text{ser}}}} \underset{{{\text{DDHP}}\;\left\langle {{\text{public}}} \right\rangle }}{\overset{{T_{{ab}} \left( x \right)~{\text{mod}}~p}}{\longleftrightarrow}}R_{{\text{S}}} } \right), $$

(15)

$$ {\text{and}}~U_{{{\text{ser}}}} \equiv \# \left( {~U_{{{\text{ser}}}} \underset{{{\text{DDHP}}\left\langle {{\text{public}}} \right\rangle }}{\overset{{T_{{ab}} \left( x \right)~{\text{mod}}~p}}{\longleftrightarrow}}R_{{\text{S}}} } \right). $$

(16)

The Eqs. (15) and (16) hold owing to A Rule of Key Freshness $ \left\langle {I_{R6} , I_{R7} } \right\rangle $ and BAN Logic Assumption $ \left\langle A \right\rangle_{4} $. To achieve the Eq. (16), it has:

$$ U_{\text{ser}} \in r( {C_{{R_{\text{S}} ,U_{\text{ser}} }} } ), $$

(17)

$$ U_{\text{ser}} \equiv ( {\left\langle {r( {C_{{R_{\text{S}} ,U_{\text{ser}} }} } )} \right\rangle = \left\{ {U_{\text{ser}} ,R_{\text{S}} } \right\}} ), $$

(18)

$$ {\text{and}}\;U_{{{\text{ser}}}} \triangleleft C_{{R_{{\text{S}}} ,U_{{{\text{ser}}}} }} \left( {\xrightarrow[{{\text{DDHP}}\;\left\langle {{\text{public}}} \right\rangle }]{{T_{{ab}} \left( x \right)~{\text{mod}}~p}}R_{{\text{S}}} } \right). $$

(19)

The Eqs. (17), (18) and (19) hold owing to Interpretation Rule $ I_{R1} ,I_{R2} , I_{R5} $ and BAN Logic Assumption $ \left\langle A \right\rangle_{1} , \left\langle A \right\rangle_{2} $ and $ \left\langle A \right\rangle_{5} $. Therefore, the proposed S-USI scheme has:

$$ {\text{Goal}}_{3} :U_{{{\text{ser}}}} \equiv R_{{\text{S}}} \equiv U_{{{\text{ser}}}} \xrightarrow[{{\text{DDHP}}\left\langle {{\text{public}}} \right\rangle }]{{T_{{ab}} \left( x \right)~\bmod ~p}}R_{{\text{S}}} . $$

Similarly, the proposed S-USI scheme derives $ \left\langle {\text{Goal}} \right\rangle_{3} $ to satisfy its conditional derivation with $ \left\langle {\text{Goal}} \right\rangle_{3} $. To execute the security goal $ {\text{Goal}}_{4} $, it has:

$$ {\text{Goal}}_{4} :\;R_{{\text{S}}} \equiv U_{{{\text{ser}}}} \equiv U_{{{\text{ser}}}} \xrightarrow[{{\text{DDHP}}\left\langle {{\text{public}}} \right\rangle }]{{T_{{ab}} \left( x \right)~\bmod ~p}}R_{{\text{S}}} . $$

Eventually, the proposed S-USI scheme gains the $ {\text{Goal}}_{1} , {\text{Goal}}_{2} ,{\text{Goal}}_{3} $ and $ {\text{Goal}}_{4} $ to satisfy the property of mutual authentication between $ U_{\text{ser}} $ and $ R_{\text{S}} $.

Comparison of communication and storage cost

Assume that length of the identity of $ U_{\text{sr}} $ $ U_{\text{id}} $ and password $ P_{\text{wd}} $, random-integer and hash-function are set to $ 160 $ bits, whereas the elliptic-curve considers $ 320 $ bits and the symmetric key encryption/decryption carries a size of $ 512 $ bits [75]. In the S-USI scheme, three message rounds are considered such as $ M_{\text{sg1}} = \left\langle {P_{1} ,P_{2} ,{\text{TS}}_{1} } \right\rangle $, $ M_{\text{sg2}} = \left\langle {Q_{1} ,Q_{2} ,{\text{TS}}_{2} } \right\rangle $ and $ \left\langle {R,H} \right\rangle $ to transmit between $ U_{\text{ser}} $ and $ R_{\text{S}} $. Thus, the total communication cost of the proposed S-USI scheme is carefully computed: $ \left\langle {320 + 320 + 160 + 160} \right\rangle = 960 $ bits in comparison with other existing authentication schemes [64,65,66,67, 69, 75] such as $ 1728 $ bits, $ 1344 $ bits, $ 1312 $ bits, $ 1376 $ bits, $ 1984 $ bits, and $ 1120 $ bits, respectively. Moreover, as the smartcard is highly expensive, the storage capacity of the device is restricted to reduce the storage overheads. In the proposed S-USI scheme, the storage parameters are $ \left\langle {R^{\text{new}} ,h( { . } ),E_{k} ( { . } ) ,x,T_{r} ( x )} \right\rangle $, which has a total cost $ \left\langle {160 + 160 + 256 + 160 + 160} \right\rangle = 896 $ bits. However, the other existing authentication schemes [64,65,66,67, 69, 75] consume the storage cost sizes such as $ 1504 $ bits, $ 1696 $ bits, $ 1120 $ bits, $ 800 $ bits, $ 1472 $ bits, and $ 1440 $ bits correspondingly shown in Table 5.

Table 5 Comparison of proposed S-USI and other related schemes with communication, computation, and storage cost

Full size table

From Table 5, the performance analysis can also be observed in terms of the execution time of hash operation $ \left\langle {{\text{ET}}_{H} } \right\rangle , $ chaotic-map operation $ \left\langle {{\text{ET}}_{\text{CM}} } \right\rangle $, symmetric encryption/decryption $ \left\langle {{\text{ET}}_{\text{SED}} } \right\rangle $, squaring operation $ \left\langle {{\text{ET}}_{\text{SO}} } \right\rangle $, square-root solving operation $ \left\langle {{\text{ET}}_{\text{SRS}} } \right\rangle $, division/multiplication operation $ \left\langle {{\text{ET}}_{\text{DM}} } \right\rangle $ and modular-exponential computation $ \left\langle {{\text{ET}}_{\text{ME}} } \right\rangle $ in comparison with other existing schemes [64,65,66,67, 69, 75].

While comparing the computation costs of various system phases, it is observed that the proposed S-USI scheme consumes $ 3 {\text{ET}}_{H} + 2 {\text{ET}}_{\text{ME}} $ for registration and $ 8 {\text{ET}}_{H} + 1 {\text{ET}}_{\text{ME}} + 1{\text{ET}}_{\text{SED}} $ for login and authentication, whereas Nikooghadam et al. [64] have $ 2 {\text{ET}}_{H} + 1 {\text{ET}}_{\text{SED}} $ for registration and $ 6 {\text{ET}}_{H} + 6{\text{ET}}_{\text{SED}} $ for login and authentication; Chaudhry et al. [65] acquire $ 4 {\text{ET}}_{H} + 2 {\text{ET}}_{\text{SED}} + 1 {\text{ET}}_{\text{DM}} $ for registration and $ 14 {\text{ET}}_{H} + 6 {\text{ET}}_{\text{SED}} + 7 {\text{ET}}_{\text{DM}} $ for login and authentication; Arshad et al. [66] hold $ 3 {\text{ET}}_{H} $ for registration and $ 14 {\text{ET}}_{H} + 6 {\text{ET}}_{\text{DM}} $ for login and authentication; Lu et al. [67] possess $ 3 {\text{ET}}_{H} $ for registration and $ 11 {\text{ET}}_{H} + 4 {\text{ET}}_{\text{DM}} $ for login and authentication; Amin and Biswas [69] experience $ 3 {\text{ET}}_{H} + 1 {\text{ET}}_{\text{DM}} $ for registration and $ 9 {\text{ET}}_{H} + 5 {\text{ET}}_{\text{DM}} + 2 {\text{ET}}_{\text{SED}} $ for login and authentication; Chandrakar et al. [75] have $ 6 {\text{ET}}_{H} + 4 {\text{ET}}_{\text{DM}} $ for registration and $ 18 {\text{ET}}_{H} + 8 {\text{ET}}_{\text{DM}} $ for login and authentication. The above analysis proves that the proposed S-USI scheme uses less computation cost over the execution of registration, login, and authentication phases as compared to other existing schemes [64,65,66,67, 69, 75] except Nikooghadam et al. [64]. However, Nikooghadam et al. [64] could not withstand most of the vulnerable attacks shown in Table 2. Therefore, the other existing schemes [64,65,66,67, 69, 75] cannot be recommended for cloud-based TMIS as they could not be resistant to various susceptibilities.

Four cryptographic operations such as $ \left\langle {{\text{ET}}_{H} } \right\rangle , \left\langle {{\text{ET}}_{\text{SED}} } \right\rangle , \left\langle {{\text{ET}}_{\text{DM}} } \right\rangle $ and $ \left\langle {{\text{ET}}_{\text{ME}} } \right\rangle $ are considered to determine the execution time of authentication protocol. To effectively analyze the execution cost, the system login and authentication are deliberately chosen as the communication happens only between $ U_{\text{ser}} $ and $ R_{\text{S}} $ to-do any intercommunication. As referred to [26], the approximate execution time of the cryptographic operation was done in the configuration of Intel^® Core ™ i5-7200 CPU @ 2.7 GHz, 16.0 GB RAM, and OS: Win 10 64-bit along with Visual Studio 2008 software using MIRACL C/C++ library. Also, the algorithms such $ 1024 $-bit Rivest-Shamir-Adleman (RSA) algorithm, $ 320 $-bits elliptic-curve (EC) cryptosystem, $ 128 $-bit advanced-encryption standard (AES), and $ 160 $-bit secure-hash algorithm 1 (SHA-1) were employed to experiment the given assumption time that is as follows: $ {\text{ET}}_{\text{H}} \approx 0.0004\; {\text{ms}}, {\text{ET}}_{\text{SED}} \approx 0.1303\; {\text{ms}}, {\text{ET}}_{\text{DM}} \approx 1.8269 \;{\text{ms}} $ and $ {\text{ET}}_{\text{ME}} \approx 1.6003\; {\text{ms}} $ in the given order [8]. From Table 3, the estimated execution time of the proposed S-USI scheme and other related schemes such as Nikooghadam et al. [64], Chaudhry et al. [65], Arshad et al. [66], Lu et al. [67], Amin and Biswas [69], and Chandrakar et al. [75] were carefully examined to determine the execution time. The result of the proposed S-USI was $ 0.0689 $ ms, whereas the other related schemes were $ 0.0649 $ s, $ 0.5832 $ s, $ 0.3869 $ s, $ 0.2593 $ s, $ 0.3474 $ s, and $ 0.7689 $ s respectively. It is also shown that the proposed S-USI scheme is minimum in comparison with other related authentication except for Nikooghadam et al. However, Nikooghadam et al. [64] could not be much reliable for cloud-based TMIS as it was dissatisfying most of the security vulnerabilities such as denial-of-service, privileged-insider, user anonymity, identity protection, forgery, masquerade and user impersonation attack.

Discussions

In the past, several user authentication schemes have been proposed for the support of system efficiencies such as communication, computation, and storage. Specifically, in sensor technologies, the specific area of key agreement (KA) schemes [61,62,63,64,65,66,67,68] has often been chosen, though they are not suitable to provide better energy utilization and environment adaptability. In [69], the KA scheme is generally classified into traditional, physiological value, secret-key generation, and hybrid-key that tries to provide a secret session-key to authorize the data transmission between the real-time entities. The hybrid-key authentication scheme incorporates either traditional, physiological value or secret-key generation to employ symmetric or public-key cryptosystems to minimize the computation, communication, or storage cost. However, the above classification techniques are still addressing the challenges of security and privacy as the communication between the sensor network and the device is typically taking place over insecure public networks.

Generally speaking, key agreement using elliptic-curve cryptography becomes more appealing to achieve less computation overhead. However, it is still computationally expensive [57]. The traditional scheme literally suffers from unresponsive network change, whereby the performance efficiency would be deliberately degraded. Fortunately, the scheme with the pre-deployment key phase always improves communication efficiency as they use lightweight operations. In literature, various user authentication protocols have been designed for telecare medical information systems that address several challenges such as (1) most of the authentication schemes are completed relied on password and smartcard; (2) some authentication schemes could not resist identity and password-guessing attacks; (3) the majority of the schemes could not provide session key agreement and proper mutual authentication; (4) very few user authentication protocols have been verified formally using a random-oracle model, automated validation of internet security protocol and application (AVISPA), cryptographic protocol verifier known as ProVerif, and Burrows Abadi Needham (BAN) logic; (5) relatively more authentication schemes do not comply with forward secrecy; and (6) almost all the authentication scheme does not provide better performance efficiencies namely computation, communication, and storage. To resolve the above addressing issues, an authentication scheme known as single-user sign-in authentication (S-USI) mechanism is proposed i.e. specifically for cloud-based TMIS using extended Chebyshev chaotic-map based decisional Diffie Hellman problem $ ( {\text{DDHP}} ) $.

Conclusion

For cloud-based TMIS, a key element known as information security has played a significant role. To provide a corrective approach, a strategy of single-user sign-in authentication (S-USI) mechanism has been proposed using extended Chebyshev chaotic-map based decisional Diffie Hellman problem $ ( {\text{DDHP}} ) $. To meet the current demands of sensor intelligence networks, this mechanism practices on a strategy of unary-token to access the service that annuls the clock synchronization problem. As the proposed S-USI is based on $ {\text{DDHP}} $, the formal and informal security analysis proves that the malicious user or any adversary cannot logically deduce any confidential parameter to derive a session-key authorized between $ U_{\text{ser}} $ and $ R_{\text{S}} $. In addition, this proposed mechanism claims that no malicious user can forge a valid user authentication request or personate as a legitimate user as it is based on Chebyshev chaotic-map. The formal verification using AKE Session-Key Security and BAN logic demonstrates that the proposed S-USI mechanism can be resilient to various potential attacks such as replay, denial-of-service, privileged-inside, etc. Also, the comparative analysis shows that the proposed S-USI mechanism mitigates the computation, communication, and storage cost to improve the performance efficiency of pervasive services in the cloud. In the future, the proposed S-USI will be evaluated using NS-3 to analyze the quality metrics such as transmission delay, throughput rate, and routing overhead. Based on the experimental analysis, the proposed S-USI will be optimized further to meet the standard requirements of the computing paradigms. In addition, an energy consumption model will be built to make the proposed mechanism to be more dynamic in cloud-IoT environments.

Abbreviations

CoMT:: Cloud of Medical Things
S-USI:: Single-user sign-in
TMIS:: Telecare medical information systems
IoT:: Internet of Things
ICT:: Information and communication technology
AKA:: Authentication and key agreement
PHI:: Protected health information
WAP:: Wireless application protocol
XaaS:: Everything as a service
QoS:: Quality of service
IoMT:: Internet of Medical Things
IoUT:: Internet of Underwater Things
IoNT:: Internet of Nano Things
WMSN:: Wireless medical sensor networks
NIST:: National Institute of Standards and Technology
IaaS:: Infrastructure as a service
PaaS:: Platform as a service
SaaS:: Software as a service
WSN:: Wireless sensor networks
DoS:: Denial of service

References

Bibri SE, Krogstie J (2017) ICT of the new wave of computing for sustainable urban forms: their big data and context-aware augmented typologies and design concepts. Sustain Cities Soc 32:449–474
Google Scholar
Bibri SE, Krogstie J (2017) Smart sustainable cities of the future: an extensive interdisciplinary literature review. Sustain Cities Soc 31:183–212
Google Scholar
Mehmood Y, Ahmad F, Yaqoob I, Adnane A, Imran M, Guizani S (2017) Internet-of-things-based smart cities: recent advances and challenges. IEEE Commun Mag 55(9):16–24
Google Scholar
Salman O, Elhajj I, Kayssi A, Chehab A (2015) Edge computing enabling the Internet of Things. In: 2015 IEEE 2nd world forum on Internet of Things (WF-IoT). IEEE, pp 603–608
Deebak BD, Al-Turjman F, Aloqaily M, Alfandi O (2019) An authentic-based privacy preservation protocol for smart e-healthcare systems in IoT. IEEE Access 7:135632–135649
Google Scholar
Fadi AT, David DB (2020) Seamless authentication: for IoT-big data technologies in smart industrial application systems. IEEE Trans Ind Informat
David DB, Rajappa M, Karupuswamy T, Iyer SP (2015) A dynamic-identity based multimedia server client authentication scheme for tele-care multimedia medical information system. Wirel Pers Commun 85(1):241–261
Google Scholar
David DB (2017) Mutual authentication scheme for multimedia medical information systems. Multimedia Tools Appl 76(8):10741–10759
Google Scholar
Gope P, Das AK, Kumar N, Cheng Y (2019) Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks. IEEE Trans Ind Inf 15(9):4957–4968
Google Scholar
Mohammad Z, Abusukhon A, Qattam TA (2019) A survey of authenticated key agreement protocols for securing IoT. In: 2019 IEEE Jordan international joint conference on electrical engineering and information technology (JEEIT). IEEE, pp 425–430
Wazid M, Das AK, Hussain R, Succi G, Rodrigues JJ (2019) Authentication in cloud-driven IoT-based big data environment: survey and outlook. J Syst Arch 97:185–196
Google Scholar
Jia X, He D, Kumar N, Choo KKR (2019) Authenticated key agreement scheme for fog-driven IoT healthcare system. Wirel Netw 25(8):4737–4750
Google Scholar
Kumari S, Renuka K (2019) Design of a password authentication and key agreement scheme to access e-healthcare services. Wirel Pers Commun:1–19
Ostad-Sharif A, Abbasinezhad-Mood D, Nikooghadam M (2019) A robust and efficient ECC-based mutual authentication and session key generation scheme for healthcare applications. J Med Syst 43(1):10
Google Scholar
Deebak BD, Al-Turjman F, Aloqaily M, Alfandi O (2020) IoT-BSFCAN: a smart context-aware system in IoT-Cloud using mobile-fogging. Future Gen Comput Syst
Jain U, Hussain M, Kakarla J (2020) Simple, secure, and lightweight mechanism for mutual authentication of nodes in tiny wireless sensor networks. Int J Commun Syst 33(9):e4384
Google Scholar
Wu F, Li X, Xu L, Vijayakumar P, Kumar N (2020) A novel three-factor authentication protocol for wireless sensor networks with IoT notion. IEEE Syst J
Kumar D, Singh HK, Ahlawat C (2019) A secure three-factor authentication scheme for wireless sensor networks using ECC. J Discrete Math Sci Cryptogr:1–22
Chen Y, Ge Y, Wang Y, Zeng Z (2019) An improved three-factor user authentication and key agreement scheme for wireless medical sensor networks. IEEE Access 7:85440–85451
Google Scholar
Senyo PK, Addae E, Boateng R (2018) Cloud computing research: a review of research themes, frameworks, methods and future research directions. Int J Inf Manage 38(1):128–139
Google Scholar
Mell P, Grance T (2011) The NIST definition of cloud computing, special publication 800-145, Nat’l Inst. Standards and Technology
Senyo PK, Effah J, Addae E (2016) Preliminary insight into cloud computing adoption in a developing country. J Enterprise Inf Manag
Smara M, Aliouat M, Pathan ASK, Aliouat Z (2017) Acceptance test for fault detection in component-based cloud computing and systems. Future Gen Comput Syst 70:74–93
Google Scholar
Zhou S, Wu L, Jin C (2017) A privacy-based SLA violation detection model for the security of cloud computing. China Commun 14(9):155–165
Google Scholar
Chen CH, Lin JW, Kuo SY (2015) MapReduce scheduling for deadline-constrained jobs in heterogeneous cloud computing systems. IEEE Trans Cloud Comput 6(1):127–140
Google Scholar
Al-Turjman F, Ever YK, Ever E, Nguyen HX, David DB (2017) Seamless key agreement framework for mobile-sink in IoT based cloud-centric secured public safety sensor networks. IEEE Access 5:24617–24631
Google Scholar
Alam MM, Malik H, Khan MI, Pardy T, Kuusik A, Le Moullec Y (2018) A survey on the roles of communication technologies in IoT-based personalized healthcare applications. IEEE Access 6:36611–36631
Google Scholar
Baali H, Djelouat H, Amira A, Bensaali F (2017) Empowering technology enabled care using IoT and smart devices: a review. IEEE Sens J 18(5):1790–1809
Google Scholar
Chaudhari DA, Umamaheswari E (2018) Survey on data management for healthcare using internet of things. In: 2018 Fourth international conference on computing communication control and automation (ICCUBEA). IEEE, pp 1–7
Suguna M, Ramalakshmi MG, Cynthia J, Prakash D (2018) A survey on cloud and Internet of Things based healthcare diagnosis. In: 2018 4th international conference on computing communication and automation (ICCCA). IEEE, pp 1–4
Gandhi DA, Ghosal M (2018) Intelligent healthcare using IoT: a extensive survey. In: 2018 Second international conference on inventive communication and computational technologies (ICICCT). IEEE, pp 800–802
Khan I, Amaro AC, Oliveira L (2019) IoT-based systems for improving older adults’ wellbeing: a systematic review. In: 2019 14th Iberian conference on information systems and technologies (CISTI). IEEE, pp 1–6
Darshan KR, Anandakumar KR (2015). A comprehensive review on usage of Internet of Things (IoT) in healthcare system. In: 2015 International conference on emerging research in electronics, computer science and technology (ICERECT). IEEE, pp 132–136
Deebak BD, Al-Turjman F (2020) Smart mutual authentication protocol for cloud based medical healthcare systems using internet of medical things. IEEE J Select Areas Commun
Deebak BD (2020) Lightweight authentication and key management in mobile-sink for smart IoT-assisted systems. Sustain Cities Soc 63:102416
Google Scholar
Deebak BD, Al-Turjman F, Mostarda L (2020) Seamless secure anonymous authentication for cloud-based mobile edge computing. Comput Electr Eng 87:106782
Google Scholar
Ostad-Sharif A, Abbasinezhad-Mood D, Nikooghadam M (2019) An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC. Int J Commun Syst 32(5):e3913
Google Scholar
Guo X, Zhang J (2010) Secure group key agreement protocol based on chaotic hash. Inf Sci 180:4069–4074
MathSciNet MATH Google Scholar
Xiao D, Liao X, Deng S (2007) A novel key agreement protocol based on chaotic maps. Inf Sci 177:1136–1142
MathSciNet Google Scholar
Xue K, Hong P (2012) Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Numer Simul 17:2969–2977
MathSciNet MATH Google Scholar
Tan Z (2013) A chaotic maps-based authenticated key agreement protocol with strong anonymity. Nonlinear Dyn 72:311–320
MathSciNet MATH Google Scholar
Guo C, Chang C-C (2013) Chaotic maps-based password-authenticated key agreement using smart cards. Commun Nonlinear Sci Numer Simul 18:1433–1440
MathSciNet MATH Google Scholar
Hao X, Wang J, Yang Q, Yan X, Li P (2013) A chaotic map-based authentication scheme for telecare medicine information systems. J Med Syst 37
Jiang Q, Ma J, Lu X, Tian Y (2014) Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J Med Syst 38:12
Google Scholar
Lee T-F (2013) An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J Med Syst 37:9985
Google Scholar
Mishra D, Srinivas J, Mukhopadhyay S (2014) A secure and efficient chaotic mapbased authenticated key agreement scheme for telecare medicine information systems. J Med Syst 38:1–10
Google Scholar
Li C-T, Lee C-C, Weng C-Y (2014) A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J Med Syst 38:1–11
Google Scholar
Wang Z, Huo Z, Shi W (2015) A dynamic identity based authentication scheme using chaotic maps for telecare medicine information systems. J Med Syst 39:1–8
Google Scholar
Bergamo P, D’Arco P, De Santis A, Kocarev L (2005) Security of public-key cryptosystems based on chebyshev polynomials. IEEE Trans Circuits Syst I Regul Pap 52:1382–1393
MathSciNet MATH Google Scholar
Lee T-F (2015) Enhancing the security of password authenticated key agreement protocols based on chaotic maps. Inform Sci 290:63–71
MATH Google Scholar
Islam S, Obaidat MS, Amin R (2016) An anonymous and provably secure authentication scheme for mobile user. Int J Commun Syst 29:1529–1544
Google Scholar
Lin H-Y (2014) Chaotic map based mobile dynamic id authenticated key agreement scheme. Wirel Pers Commun 78:1487–1494
Google Scholar
Liu Y, Xue K (2016) An improved secure and efficient password and chaos-based two-party key agreement protocol. Nonlinear Dyn 84:549–557
MathSciNet MATH Google Scholar
Madhusudhan R, Nayak CS (2019) A robust authentication scheme for telecare medical information systems. Multimedia Tools Appl 78(11):15255–15273
Google Scholar
Biswas A, Roy A (2019) A study on Dynamic ID based user authentication system using smart card. AJCT 5(2)
Chen CL, Deng YY, Weng W, Chen CH, Chiu YJ, Wu CM (2020) A traceable and privacy-preserving authentication for UAV communication control system. Electronics 9(1):62
Google Scholar
Yao H, Wang C, Fu X, Liu C, Wu B, Li F (2019) A privacy-preserving RLWE-based remote biometric authentication scheme for single and multi-server environments. IEEE Access 7:109597–109611
Google Scholar
Sarkar BK (2017) Big data for secure healthcare system: a conceptual design. Complex Intell Syst 3(2):133–151
Google Scholar
Gomathi P, Baskar S, Shakeel PM Concurrent service access and management framework for user-centric future internet of things in smart cities
Mahmoud NM, Fouad H, Soliman AM (2020) Smart healthcare solutions using the internet of medical things for hand gesture recognition system. Complex Intell Syst:1–12
Zhou L, Li X, Yeh KH, Su C, Chiu W (2019) Lightweight IoT-based authentication scheme in cloud computing circumstance. Future Gen Comput Syst 91:244–251
Google Scholar
Pak K, Pak S, Ho C, Pak M, Hwang C (2019) Anonymity preserving and round effective three-party authentication key exchange protocol based on chaotic maps. PloS One 14(3):e0213976
Google Scholar
Zhang L (2008) Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos Solitons Fract 37(3):669–674
MathSciNet MATH Google Scholar
Nikooghadam M, Jahantigh R, Arshad H (2017) A lightweight authentication and key agreement protocol preserving user anonymity. Multimedia Tools Appl 76(11):13401–13423
Google Scholar
Chaudhry SA, Naqvi H, Shon T, Sher M, Farash MS (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medicine information systems. J Med Syst 39(6):1–11
Google Scholar
Arshad H, Teymoori V, Nikooghadam M, Abbassi H (2015) On the security of a two-factor authentication and key agreement scheme for telecare medicine information systems. J Med Syst 39(8):1–10
Google Scholar
Lu Y, Li L, Peng H, Yang Y (2015) An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J Med Syst 39(3):1–8
Google Scholar
Wu F, Xu L, Kumari S, Li X, Das AK, Khan MK, Karuppiah M, Baliyan R (2016) A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks. Secur Commun Netw 9:3527–3542
Google Scholar
Amin R, Biswas GP (2015) A secure three-factor user authentication and key agreement protocol for TMIS with user anonymity. J Med Syst 39(8):1–19
Google Scholar
Abdalla M, Fouque PA, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: Proc. of public key cryptography—PKC 2005, lecture notes in computer science 3386, pp 65–84
Abdalla M, Pointcheval D (2005) Simple password-based authenticated key protocols, topics in cryptology—CT-RSA. Lect Notes Comput Sci 3376:191–208
MATH Google Scholar
Lee CC, Hsu CW (2013) A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. Nonlinear Dyn 71:201–211
MathSciNet Google Scholar
Chandrakar P, Om H (2016) Cryptanalysis and extended three-factor remote user authentication scheme in multi-server environment. Arab J Sci Eng 42(2):765–786
Google Scholar
Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: Proc. of Advances in Cryptology—Eurocrypt 2000, lecture notes in computer science 1807, pp 139–155
Chandrakar P, Om H (2018) An extended ECC-based anonymity-preserving 3-factor remote authentication scheme usable in TMIS. Int J Commun Syst:e3540
Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8(1):18–36
MATH Google Scholar
Buttyan L, Hubaux JP (2007) Security and cooperation in wireless networks: thwarting malicious and selfish behavior in the age of ubiquitous computing. Cambridge University Press, Cambridge
Google Scholar

Download references

Author information

Authors and Affiliations

School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, 632014, India
B. D. Deebak
Artificial Intelligence Department, Research Center for AI and IoT, Near East University, Nicosia, Mersin 10, Turkey
Fadi Al-Turjman

Authors

B. D. Deebak
View author publications
You can also search for this author in PubMed Google Scholar
Fadi Al-Turjman
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to B. D. Deebak.

Ethics declarations

Conflict of interest

We declare that we do not have any commercial or associative interest that represents a conflict of interest in connection with the work submitted.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

Reprints and permissions

About this article

Cite this article

Deebak, B.D., Al-Turjman, F. Secure-user sign-in authentication for IoT-based eHealth systems. Complex Intell. Syst. 9, 2629–2649 (2023). https://doi.org/10.1007/s40747-020-00231-7

Download citation

Received: 04 August 2020
Accepted: 03 November 2020
Published: 03 January 2021
Issue Date: June 2023
DOI: https://doi.org/10.1007/s40747-020-00231-7

Secure-user sign-in authentication for IoT-based eHealth systems

Abstract

Similar content being viewed by others

RETRACTED ARTICLE: A Review and State of Art of Internet of Things (IoT)

Smart home security: challenges, issues and solutions at different IoT layers

CryptoHHO: a bio-inspired cryptosystem for data security in Fog–Cloud architecture

Introduction

Research background

Emerging computing paradigm

Related works

Important key notations

Mathematical assumption of Chebyshev Chaotic-Map

Attacker model

Proposed single user sign-in (S-USI) mechanism

Security analysis

Providing AKE session-key security

Lemma 1

Theorem 1

Proof

Proof

Proof

Proof

Analysis using BAN logic

Rule of inference using BAN logic

Initial BAN Logic Assumption

Security goals

Comparison of communication and storage cost

Discussions

Conclusion

Abbreviations

References

Author information

Authors and Affiliations

Corresponding author

Ethics declarations

Conflict of interest

Additional information

Publisher's Note

Rights and permissions

About this article

Cite this article

Share this article

Keywords

Search

Navigation