Abstract
In telecare medicine information systems (TMIS), the design of three factors-based schemes using smart cards can be used for remote user authentication. Face on different services, the patient needs clearly to register and login to each server. However, most of the existing schemes in TMIS are usually based on a single server environment, which increases the cost of saving cards and memorizing the passwords for the users. Recently, Ali et al. proposed a three-factor authentication and key agreement (AKA) scheme for multi-server environments. They claimed that their scheme can resist many well-known security attacks. However, Yu et al. have conducted a security analysis on Ali et al.’s scheme. In this paper, we further point out Ali et al.’s AKA scheme exists other flaws which include perfect forward secrecy, temporary value disclosure attacks, and off-line guessing attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ali, Z., Hussain, S., Rehman, R.H.U., Munshi, A., Liaqat, M., Kumar, N., Chaudhry, S.A.: Itssaka-ms: an improved three-factor symmetric-key based secure aka scheme for multi-server environments. IEEE Access 8, 107993–108003 (2020)
Alzahrani, B.A., Irshad, A., Albeshri, A., Alsubhi, K.: A provably secure and lightweight patient-healthcare authentication protocol in wireless body area networks. Wireless Pers. Commun. 117(1), 47–69 (2021)
Arshad, H., Nikooghadam, M.: Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12), 136 (2014)
Barman, S., Shum, H.P., Chattopadhyay, S., Samanta, D.: A secure authentication protocol for multi-server-based e-healthcare using a fuzzy commitment scheme. IEEE Access 7, 12557–12574 (2019)
Challa, S., Das, A.K., Odelu, V., Kumar, N., Kumari, S., Khan, M.K., Vasilakos, A.V.: An efficient ecc-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Comput. Electr. Eng. 69, 534–554 (2018)
Chaudhry, S.A., Shon, T., Al-Turjman, F., Alsharif, M.H.: Correcting design flaws: an improved and cloud assisted key agreement scheme in cyber physical systems. Comput. Commun. 153, 527–537 (2020)
Chen, C.M., Wang, K.H., Fang, W., Wu, T.Y., Wang, E.K.: Reconsidering a lightweight anonymous authentication protocol. J. Chin. Inst. Eng. 42(1), 9–14 (2019)
Chen, C.M., Xiang, B., Wang, K.H., Yeh, K.H., Wu, T.Y.: A robust mutual authentication with a key agreement scheme for session initiation protocol. Appl. Sci. 8(10), 1789 (2018)
Chen, C.M., Xiang, B., Wang, K.H., Zhang, Y., Wu, T.Y.: An efficient and secure smart card based authentication scheme. J. Internet Technol. 20(4), 1113–1123 (2019)
Chen, C.M., Xu, L., Wang, K.H., Liu, S., Wu, T.Y.: Cryptanalysis and improvements on three-party-authenticated key agreement protocols based on chaotic maps. J. Internet Technol. 19(3), 679–687 (2018)
Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1), 1–5 (2010)
Li, C.T., Wu, T.Y., Chen, C.L., Lee, C.C., Chen, C.M.: An efficient user authentication and user anonymity scheme with provably security for iot-based medical care system. Sensors 17(7), 1482 (2017)
Liang, W., Xie, S., Zhang, D., Li, X., Li, K.: A mutual security authentication method for rfid-puf circuit based on deep learning. ACM Trans. Internet Technol. 1–20 (2020)
Liu, X., Ma, W., Cao, H.: Mbpa: a medibchain-based privacy-preserving mutual authentication in tmis for mobile medical cloud architecture. IEEE Access 7, 149282–149298 (2019)
Mansoor, K., Ghani, A., Chaudhry, S.A., Shamshirband, S., Ghayyur, S.A.K., Mosavi, A.: Securing iot-based rfid systems: a robust authentication protocol using symmetric cryptography. Sensors 19(21), 4752 (2019)
Pu, Q., Wang, J., Zhao, R.: Strong authentication scheme for telecare medicine information systems. J. Med. Syst. 36(4), 2609–2619 (2012)
Sammoud, A., Chalouf, M.A., Hamdi, O., Montavont, N., Bouallegue, A.: A secure three-factor authentication and biometrics-based key agreement scheme for tmis with user anonymity. In: 2020 International Wireless Communications and Mobile Computing (IWCMC), pp. 1916–1921 (2020)
Srivastava, K., Awasthi, A.K., Kaul, S.D., Mittal, R.: A hash based mutual rfid tag authentication protocol in telecare medicine information system. J. Med. Syst. 39(1), 153 (2015)
Wang, Y., Liu, Y., Ma, H., Ma, Q., Ding, Q.: The research of identity authentication based on multiple biometrics fusion in complex interactive environment. J. Netw. Intell. 4(4), 124–139 (2019)
Wu, T.Y., Lee, Y.Q., Chen, C.M., Tian, Y., Al-Nabhan, N.A.: An enhanced pairing-based authentication scheme for smart grid communications. J. Ambient Intell. Human. Comput. (2021). https://doi.org/10.1007/s12652-020-02740-2
Wu, T.Y., Lee, Z., Obaidat, M.S., Kumari, S., Kumar, S., Chen, C.M.: An authenticated key exchange protocol for multi-server architecture in 5g networks. IEEE Access 8, 28096–28108 (2020)
Wu, T.Y., Lee, Z., Yang, L., Luo, J.N., Tso, R.: Provably secure authentication key exchange scheme using fog nodes in vehicular ad hoc networks. J. Supercomput. (2021). https://doi.org/10.1007/s11227-020-03548-9
Wu, T.Y., Wang, T., Lee, Y.Q., Zheng, W., Kumari, S., Kumar, S.: Improved authenticated key agreement scheme for fog-driven iot healthcare system. Secur. Commun. Netw. 2021, 6658041 (2021)
Wu, T.Y., Yang, L., Lee, Z., Chen, C.M., Pan, J.S., Islam, S.: Improved ecc-based three-factor multiserver authentication scheme. Secur. Commun. Netw. 2021, 6627956 (2021)
Xiao, L., Xie, S., Han, D., Liang, W., Guo, J., Chou, W.K.: A lightweight authentication scheme for telecare medical information system. Connect. Sci. 1–17 (2021)
Xu, Z., Xu, C., Chen, H., Yang, F.: A lightweight anonymous mutual authentication and key agreement scheme for wban. Concurrency. Comput.: Pract. Experi. 31(14) (2019)
Yu, S., Park, Y.: Comments on “itssaka-ms: An improved three-factor symmetric-key based secure aka scheme for multi-server environments’’. IEEE Access 8, 193375–193379 (2020)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Meng, Q., Lee, Z., Wu, TY., Chen, CM., Lu, KH. (2022). Comments on a Secure AKA Scheme for Multi-server Environments. In: Zhang, JF., Chen, CM., Chu, SC., Kountchev, R. (eds) Advances in Intelligent Systems and Computing. Smart Innovation, Systems and Technologies, vol 268. Springer, Singapore. https://doi.org/10.1007/978-981-16-8048-9_37
Download citation
DOI: https://doi.org/10.1007/978-981-16-8048-9_37
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-8047-2
Online ISBN: 978-981-16-8048-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)