Improvement of an Anonymous and Lightweight Authentication Scheme for TMIS

Telecare Medicine Information Systems (TMIS) provides flexible and convenient healthcare for patients. However, the medical data transmitted between patients and doctors are exposed to unsecure public networks. To protect the patient’s personal information, many authentication schemes are designed. Recently, Kang et al. proposed a hash based authentication schemes for TMIS and claimed that it could resist various attacks. However, we find that their proposed scheme is unsecure to traceability attack and user impersonation attack. In order to enhance the security and preserve the efficiency of Kang et al.’s, we proposed a new anonymous and lightweight scheme. The analysis demonstrates that our proposed scheme is superior to Kang et al.’s and the related schemes in security.


Introduction
Advances in computer networks and communications boost the development of  However, since the healthcare data transmitted through the public channel usually contains the secret information of the patients, it is essential to use authentication mechanism in the TMIS scenario. Recently, many authentication schemes for TMIS [1]- [6] have been designed to protect patient's personal information. In 2017, Kang et al. proposed a user authentication scheme for TMIS [1], which has simple computing cost due to the only usage of hash function.
They claimed that the proposed scheme could resist various attacks. Unfortunately, we find that their scheme still suffers from traceability attack and user impersonation attack. To enhance the security and preserve the efficiency of Kang et al.'s scheme, we proposed a new anonymous and lightweight scheme.

Review of Kang et al.'s Scheme
This section presents Kang

Registration Phase
To access the facilities or services provided by the TMIS server, the user must register in the server first by the following steps.
Step Step 2. The smart card generates a random integer u N and the current timestamp 1 T , and then computes ( )

Authentication Phase
After receiving the login request message from the user, the TMIS server performs the following steps to achieve mutual authentication and establish a shared session key.
Step 1. The TMIS server retrieves the current timestamp ' 1 T and verifies the freshness of i U 's timestamp 1 T .
Step 2. The server then continues to compute L . If the two values equal, then the user is authenticated and the authentication process continues.
Step 3. The server generates a random integer a N and the current timestamp 2 T , and computes ( ) Step 4. On receiving the authentication message form the server, the user i U retrieves the current timestamp ' 2 T and verifies the freshness of server's time- Step 5. The user computes the key ( ) Step 7. When the server receives the response message, it retrieves the current timestamp ' 3 T and verifies the freshness of 3 T . Then it computes ( ) the server believes that they have established the session key SK.
Finally, the user and the TMIS server can use the shard session key to encrypt the information transmitted through the public channel without worrying about the privacy disclosure.

Password Change Phase
This phase is needed when a user desires to change his password. For this, the user has to perform the following steps. Step Step 3.

Cryptanalysis of Kang et al.'s Scheme
In this section, we describe our findings that the scheme of Kang et al. is vulnerable to traceability attack and user impersonation attack. Before that, an attacker model [7] [8] is defined as follows.

Attacker Model
1) The adversary has full control of the public channel, but not the secure channel. That means the adversary can obtain all the transmitted data in the login and authentication phase.
2) The adversary can alter, delete or replay the data that he captured form the public channel.
3) The adversary has the ability to read or extract the secret data from the smart card issued to the user.
4) The adversary can guess either the user's identity or the password, but not both at a time.
5) The adversary knows the authentication scheme since he can be an outsider user or a legal user.

Suffer from Traceability Attack
The main mechanism of the traceability attack is that the adversary can trace the

Suffer from User Impersonation Attack
The main mechanism of the user impersonation attack is that the adversary can impersonate the user (patient) to construct the login and response message sent to the TMIS server and establish a session key with it without being found malicious. We assume that the adversary obtains the user's login message { } Step Step 2. The adversary generates a random integer Step 3. On receiving the login request message, the TMIS server first checks  Step 5. When receives the authentication message from the server, the adver- Step 6. When the server receives the response message, the server verifies the freshness of 3 T and checks the validity of ( ) Finally, the adversary and the TMIS server establish a shared session key SK , with which the adversary can make requests for the private information such as medical records of the user (patient) without being detected.

The Proposed Scheme
In previous sections, we show that Kang

Registration Phase
When a user desires to use the facilities or services provided by the TMIS server, he must become the legal user first. For this, he needs to perform the following steps to register in the TMIS server. Step 2. When the server receives the registration message, he generates a random integer i N and computes ( )

Login Phase
A registered user i U can construct a login request message to login in the TMIS by the following steps. Step

Authentication Phase
After receiving the login request message from the user, the TMIS server per-Journal of Applied Mathematics and Physics forms the following steps to build up a shared session key with the user.
Step 1. The TMIS server retrieves the current timestamp ' 1 T and verifies the freshness of i U 's timestamp 1 T .
Step 2. The TMIS server then obtains ( ) ( ) If true, the user is authenticated and the authentication process continued. Otherwise, the server aborts the authentication process.
Step 3. The server generates two random integers ,  Step 4. On receiving the authentication message form the server, the user i U retrieves the current timestamp ' 2 T and verifies the freshness of server's time- Step 5. The user then continues to compute ' Step 6. The user generates the current timestamp 3 T and computes ( )

Password Change Phase
When a user desires to change his password, he can perform the following steps without any assistance from the TMIS server. Step

Security Analysis
Various authentication schemes have been demonstrated insecure [9] [10] [11] [12]. Thus, in this section we discuss the security features of the proposed

User Anonymity
Anonymity is a mechanism that there is no adversary having the capacity to compromise the user's (patient's) real identity. In the proposed scheme, the user's identity is masked in parameters ( ) With the protection of the one-way hash function, the adversary has no way to retrieve the user's identity.

Mutual Authentication
In the proposed scheme, the user (patient) and the TMIS server achieve mutual authentication with the assistance of ( )

Session Key Security
In the proposed scheme, only the user (patient) and TMIS server can compute the shared session key the values required to calculated the key is only known to the user and TMIS.
With knowing the parameters transmitted in the authentication process, the adversary cannot construct the key.

Traceability Attack
In different sessions of the proposed scheme, the parameters in the user's (pa-

Replay Attack
When the adversary eavesdrops the whole transmitted message between the user (patient) and the TMIS server and replay it later, it will be immediately detected as the timestamp is outdate in the parameters ( )

Impersonation Attack
When the adversary desires to impersonate the user (patient), he needs to construct the login request message first. However, the adversary is no way to know the user's identity i ID and i C , which are required to construct the parameter ( )

Conclusion
In this paper, we analyze Kang et al.'s scheme which was designed for TMIS using hash function and claimed to resist various attacks. However, we still find that the scheme is susceptible to traceability attack and user impersonation attack. In order to erase the secure drawbacks we found, we present a new anonymous and lightweight scheme and prove that our proposed scheme has better performance in terms of communication cost and security.