ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments

A variety of three-factor smart-card based schemes, specifically designed for telecare medicine information systems (TMIS) are available for remote user authentication. Most of the existing schemes for TMIS are customarily proposed for the single server-based environments and in a single-server envi...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2020, Vol.8, p.107993-108003
Main Authors: Ali, Zeeshan, Hussain, Sajid, Rehman, Rana Haseeb Ur, Munshi, Asmaa, Liaqat, Misbah, Kumar, Neeraj, Chaudhry, Shehzad Ashraf
Format: Article
Language:English
Subjects:
Access control
Authentication
Authentication and key-agreement (AKA)
Automation
AVISPA tool
Computer science
Cost analysis
e-healthcare
fuzzy commitment scheme
Information systems
Leakage
Medical services
multi-server authentication
Password
Registers
Security
Servers
Service introduction
Smart cards
Telecare
telecare medicine information system (TMIS)
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A variety of three-factor smart-card based schemes, specifically designed for telecare medicine information systems (TMIS) are available for remote user authentication. Most of the existing schemes for TMIS are customarily proposed for the single server-based environments and in a single-server environment. Therefore, there is a need for patients to distinctly register and login with each server to employ distinct services, so it escalates the overhead of keeping the cards and memorizing the passwords for the users. Whereas, in a multi-server environment, users only need to register once to resort various services for exploiting the benefits of a multi-server environment. Recently, Barman et al. proposed an authentication scheme for e-healthcare by employing a fuzzy commitment and asserted that the scheme can endure many known attacks. Nevertheless, after careful analysis, this paper presents the shortcoming related to its design. Furthermore, it proves that the scheme of Barman et al. is prone to many attacks including: server impersonation, session-key leakage, user impersonation, secret temporary parameter leakage attacks as well as its lacks user anonymity. Moreover, their scheme has the scalability issue. In order to mitigate the aforementioned issues, this work proposes an amended three-factor symmetric-key based secure authentication and key agreement scheme for multi-server environments (ITSSAKA-MS). The security of ITSSAKA-MS is proved formally under automated tool AVISPA along with a security feature discussion. Although, the proposed scheme requisites additional communication and computation costs. In contrast, the informal and automated formal security analysis indicate that only proposed scheme withstands several known attacks as compared to recent benchmark schemes.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2020.3000716