ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments

Yükleniyor...
Küçük Resim

Tarih

2020

Dergi Başlığı

Dergi ISSN

Cilt Başlığı

Yayıncı

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 445 HOES LANE, PISCATAWAY, NJ 08855-4141

Erişim Hakkı

info:eu-repo/semantics/openAccess
Attribution-NonCommercial-NoDerivs 3.0 United States

Özet

A variety of three-factor smart-card based schemes, specifically designed for telecare medicine information systems (TMIS) are available for remote user authentication. Most of the existing schemes for TMIS are customarily proposed for the single server-based environments and in a single-server environment. Therefore, there is a need for patients to distinctly register and login with each server to employ distinct services, so it escalates the overhead of keeping the cards and memorizing the passwords for the users. Whereas, in a multi-server environment, users only need to register once to resort various services for exploiting the benefits of a multi-server environment. Recently, Barman et al. proposed an authentication scheme for ehealthcare by employing a fuzzy commitment and asserted that the scheme can endure many known attacks. Nevertheless, after careful analysis, this paper presents the shortcoming related to its design. Furthermore, it proves that the scheme of Barman et al. is prone to many attacks including: server impersonation, session-key leakage, user impersonation, secret temporary parameter leakage attacks as well as its lacks user anonymity. Moreover, their scheme has the scalability issue. In order to mitigate the aforementioned issues, this work proposes an amended three-factor symmetric-key based secure authentication and key agreement scheme for multi-server environments (ITSSAKA-MS). The security of ITSSAKA-MS is proved formally under automated tool AVISPA along with a security feature discussion. Although, the proposed scheme requisites additional communication and computation costs. In contrast, the informal and automated formal security analysis indicate that only proposed scheme withstands several known attacks as compared to recent benchmark schemes.

Açıklama

Anahtar Kelimeler

Authentication and key-agreement (AKA), AVISPA tool, e-healthcare, fuzzy commitment scheme, multi-server authentication, telecare medicine information system (TMIS)

Kaynak

IEEE Access

WoS Q Değeri

Q2

Scopus Q Değeri

Q1

Cilt

8

Sayı

Künye