A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC.

BACKGROUND AND OBJECTIVES

Telecare Medicine Information System (TMIS) enables physicians to efficiently and conveniently make certain diagnoses and medical treatment for patients over the insecure public Internet. To ensure patients securely access to medicinal services, many authentication schemes have been proposed. Although numerous cryptographic authentication schemes for TMIS have been proposed with the aim to ensure data security, user privacy and authentication, various forms of attacks make these schemes impractical.

METHODS

To design a truly secure and practical authentication scheme for TMIS, a new biometrics-based authentication key exchange protocol for multi-server TMIS without sharing the system private key with distributed servers is presented in this work.

RESULTS

Our proposed protocol has perfect security features including mutual authentication, user anonymity, perfect forward secrecy and resisting various well-known attacks, and these security feathers are confirmed by the BAN logic and heuristic cryptanalysis, respectively.

CONCLUSIONS

A secure biometrics-based authentication key exchange protocol for multi-server TMIS is presented in this work, which has perfect security properties including perfect forward secrecy, supporting user anonymity, etc., and can withstand various attacks such as impersonation attack, off-line password guessing attack, etc.. Considering security is the most important factor for an authentication scheme, so our scheme is more suitable for multi-server TMIS.