Analysis of Al-Saggaf et al’s Three-factor User Authentication Scheme for TMIS (Al-Saggaf 등의 TMIS를 위한 three-factor 사용자 인증 스킴에 대한 분석)

Mi-Og Park (박미옥)

doi:10.9708/jksci.2021.26.09.089

Analysis of Al-Saggaf et al’s Three-factor User Authentication Scheme for TMIS

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2021, 26(9), pp.89-96
DOI : 10.9708/jksci.2021.26.09.089
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : August 10, 2021
Accepted : August 31, 2021
Published : September 30, 2021

Mi-Og Park ¹

¹성결대학교

Accredited

ABSTRACT

In this paper, we analyzed that the user authentication scheme for TMIS(Telecare Medicine Information System) proposed by Al-Saggaf et al. In 2019, Al-Saggaf et al. proposed authentication scheme using biometric information, Al-Saggaf et al. claimed that their authentication scheme provides high security against various attacks along with very low computational cost. However in this paper after analyzing Al-Saggaf et al’s authentication scheme, the Al-Saggaf et al’s one are missing random number s from the DB to calculate the identity of the user from the server, and there is a design error in the authentication scheme due to the lack of delivery method. Al-Saggaf et al also claimed that their authentication scheme were safe against a variety of attacks, but were vulnerable to password guessing attack using login request messages and smart cards, session key exposure and insider attack. An attacker could also use a password to decrypt the stored user's biometric information by encrypting the DB with a password. Exposure of biometric information is a very serious breach of the user's privacy, which could allow an attacker to succeed in the user impersonation. Furthermore, Al-Saggaf et al’s authentication schemes are vulnerable to identity guessing attack, which, unlike what they claimed, do not provide significant user anonymity in TMIS.

KEYWORDS

User authentication, TMIS, Smart-card, Password guessing attack, Biometrics

Citation status

* References for papers published after 2023 are currently being built.

[confproc] A. A. Al-Saggaf / 2019 / Renewable and Anonymous Biometrics-Based Remote User Authentication Scheme Using Smart Cards for Telecare Medicine Information System / 2019Advances in Science and Engineering Technology International Conferences (ASET) : 1~6

[journal] A. K. Das / 2013 / A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care / Journal of Medical Systems 37(3)

[journal] D. Mishra / 2014 / Security enhancement of a biometrics based authentication scheme for telecare medicine information systems with nonce / Journal of Medical Systems 38(5)

[journal] 박미옥 / 2019 / Design Flaws and Cryptanalysis of Cui et al’s User Authentication Scheme / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 24(10) : 41~48

[journal] 신광철 / 2012 / Structural vulnerability analysis and improvement of a biometrics-based remote user authentication scheme of Li and Hwang's / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 17(7) : 107~115

[journal] Q. Xie / 2014 / Anonymous three party password-authenticated key exchange scheme for telecare medical information systems / PLoS One 9(7) : e102747~

[journal] 안영화 / 2016 / A Strong Biometric-based Remote User Authentication Scheme for Telecare Medicine Information Systems with Session Key Agreement / The International Journal of Internet, Broadcasting and Communication / 한국인터넷방송통신학회 8(3) : 41~49

[journal] 김기원 / 2020 / Cryptanalysis and Improvement of RSA-based Authentication Scheme for Telecare Medical Information Systems / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 25(2) : 93~103

[journal] Ya-Fen Chang / 2013 / A Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care / Journal of Medical Systems / Springer Science and Business Media LLC 37(2)

[journal] A. K. Awasthi / 2013 / A biometric authentication scheme for telecare medicine information systems with nonce / Journal of Medical Systems 37(5)

[journal] Z. Tan / 2014 / A user anonymity preserving three-factor authentication scheme for telecare medicine information systems / Journal of Medical Systems 38(3)

[journal] A. K. Awasthi / 2014 / An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function / Journal of Medical Systems 38(6)

[journal] Hamed Arshad / 2014 / Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems / Journal of Medical Systems / Springer Science and Business Media LLC 38(12)

[journal] Y. Lu / 2015 / An Enhanced Biometric-Based Authentication Scheme for Telecare Medicine Information Systems Using Elliptic Curve Cryptosystem / Journal of Medical Systems 39(3)

[journal] L. Xu / 2015 / Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care / Journal of Medical Systems 39(10)

[journal] L. Zhang / 2017 / Privacy Protection for Telecare Medicine Information Systems using a Chaotic Map-Based Three Factor Authenticated Key Agreement Scheme / IEEE Journal of Biomedical and Health Informatics 21(2) : 465~475

[journal] Q. Xie / 2014 / Improvement of a Uniqueness-and-Anonymity-Preser ving User Authentication Scheme for Connected Health Care / Journal of Medical Systems

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Analysis of Al-Saggaf et al’s Three-factor User Authentication Scheme for TMIS

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Analysis of Al-Saggaf et al’s Three-factor User Authentication Scheme for TMIS

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (17) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.