Abstract
The usage of different technologies and smart devices helps people to get medical services remotely for multiple benefits. Thus, critical and sensitive data is exchanged between a user and a doctor. When health data is transmitted over a common channel, it becomes essential to preserve various privacy and security properties in the system. Further, the number of users for remote services is increasing day-by-day exponentially, and thus, it is not adequate to deal with all users using the one server due to the verification overhead, server failure, and scalability issues. Thus, researchers proposed various authentication protocols for multi-server architecture, but most of them are vulnerable to different security attacks and require high computational resources during the implementation. To Tackle privacy and security issues using less computational resources, we propose a privacy-preserving mutual authentication and key agreement protocol for a multi-server healthcare system. We discuss the proposed scheme’s security analysis and performance results to understand its security strengths and the computational resource requirement, respectively. Further, we do the comparison of security and performance results with recent relevant authentication protocols.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Al Ameen, M., Liu, J., & Kwak, K. (2012). Security and privacy issues in wireless sensor networks for healthcare applications. Journal of medical systems, 36(1), 93–101.
Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer networks, 54(15), 2787–2805.
Chen, C.T., & Lee, C.C. (2015). A two-factor authentication scheme with anonymity for multi-server environments. Security and Communication Networks, 8(8), 1608–1625.
Dang, Q.H. (2015). Secure hash standard (No. Federal Inf. Process. Stds.(NIST FIPS)-180-4), pp. 1–36.
Ferrag, M.A., Maglaras, L.A., Janicke, H., Jiang, J., & Shu, L. (2017). Authentication protocols for internet of things: a comprehensive survey. Security and Communication Networks.
Hsiang, H.C., & Shih, W.K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118–1123.
Irshad, A., Sher, M., Nawaz, O., Chaudhry, S.A., Khan, I., & Kumari, S. (2017). A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme. Multimedia Tools and Applications, 76(15), 16463–16489.
Islam, S.R., Kwak, D., Kabir, M.H., Hossain, M., & Kwak, K.S. (2015). The internet of things for health care: a comprehensive survey. IEEE Access, 3, 678–708.
Ji, Y., Zhang, J., Ma, J., Yang, C., & Yao, X. (2018). BMPLS: blockchain-based multi-level privacy-preserving location sharing scheme for telecare medical information systems. Journal of medical systems, 42(8), 147.
Juang, W.S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Annual International Cryptology Conference (pp. 388–397). Springer, Berlin.
Lee, C.C., Lou, D.C., Li, C.T., & Hsu, C.W. (2014). An extended chaotic-maps-based protocol with key agreement for multiserver environments. Nonlinear Dynamics, 76(1), 853–866.
Li, C.T., Lee, C.C., Weng, C.Y., & Fan, C.I. (2013). An Extended Multi-Server-Based User Authentication and Key Agreement Scheme with User Anonymity. KSII Transactions on Internet & Information Systems, 7(1), 119–131.
Li, M., Lou, W., & Ren, K. (2010). Data security and privacy in wireless body area networks. IEEE Wireless communications, 17(1), 51–58.
Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.
Liao, Y.P., & Wang, S.S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24–29.
Limbasiya, T., & Doshi, N. (2017). An analytical study of biometric based remote user authentication schemes using smart cards. Computers & Electrical Engineering, 59, 305–321.
Limbasiya, T., & Sahay, S.K. (2019). Secure and Energy-Efficient Key-Agreement Protocol for Multi-server Architecture. In International Conference On Secure Knowledge Management In Artificial Intelligence Era (pp. 82–97). Springer, Singapore.
Limbasiya, T., & Das, D. (2020). SearchCom: Vehicular Cloud-based Secure and Energy-Efficient Communication and Searching System for Smart Transportation. In Proceedings of the 21st International Conference on Distributed Computing and Networking (pp. 1–10).
Lu, Y., Li, L., Yang, X., & Yang, Y. (2015). Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS One, 10(5), e0126323–e0126323.
Lwamo, N.M., Zhu, L., Xu, C., Sharif, K., Liu, X., & Zhang, C. (2019). SUAA: A secure user authentication scheme with anonymity for the single and multi-server environments. Information Sciences, 477, 369–385.
Madhusudhan, R., & Mittal, R.C. (2012). Dynamic ID-based remote user password authentication schemes using smart cards: A review. Journal of Network and Computer Applications, 35(4), 1235–1248.
Masdari, M., & Ahmadzadeh, S. (2017). A survey and taxonomy of the authentication schemes in Telecare Medicine Information Systems. Journal of Network and Computer Applications, 87, 1–19.
Messerges, T.S., Dabbish, E.A., & Sloan, R.H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE transactions on computers, 51(5), 541–552.
Mishra, D., Das, A.K., & Mukhopadhyay, S. (2014). A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41(18), 8129–8143.
Mishra, D., & Dhal, S. (2018). Privacy Preserving Password-Based Multi-server Authenticated Key Agreement Protocol Using Smart Card. Wireless Personal Communications, 99(1), 1–21.
Odelu, V., Das, A.K., & Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966.
Qiao, H., Dong, X., & Shen, Y. (2019). Authenticated Key Agreement Scheme with Strong Anonymity for Multi-Server Environment in TMIS. Journal of medical systems, 43(11), 321.
Sood, S.K., Sarje, A.K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.
Tsaur, W.J., Li, J.H., & Lee, W.B. (2012). An efficient and secure multi-server authentication scheme with key agreement. Journal of Systems and Software, 85(4), 876–882.
Xue, K., Hong, P., & Ma, C. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195–206.
Yang, Y., Wu, L., Yin, G., Li, L., & Zhao, H. (2017). A survey on security and privacy issues in Internet-of-Things. IEEE Internet of Things Journal, 4(5), 1250–1258.
Zanella, A., Bui, N., Castellani, A., Vangelista, L., & Zorzi, M. (2014). Internet of things for smart cities. IEEE Internet of Things journal, 1(1), 22–32.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Limbasiya, T., Sahay, S.K. & Sridharan, B. Privacy-Preserving Mutual Authentication and Key Agreement Scheme for Multi-Server Healthcare System. Inf Syst Front 23, 835–848 (2021). https://doi.org/10.1007/s10796-021-10115-x
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-021-10115-x