An Enhanced Three-Factor Authentication Scheme With Dynamic Verification for Medical Multimedia Information Systems

Abstract

Read online

The medical multimedia information system (MMIS), which integrates all available multimedia sources (such as videos of endoscopes, CT scans) to support diagnosis, inspection, surgery, and reporting, has greatly facilitated users (including patients and healthcare providers). What's more, MMIS enables patients to obtain diagnostic information at home and eliminates geographical restrictions between patients and hospitals. However, a large amount of sensitive medical multimedia information in MMIS, such as surgical video, may be leaked during the transmission on the public channel. Therefore, authentication and key agreement (AKA) protocols are urgently needed to provide protection for MMIS. Specifically, authentication can prevent illegal users from accessing the MMIS, while key agreement can derive session keys to protect the sensitive data in transit from eavesdropping and interception. Recently, Zhang et al. presented a dynamic three-factor AKA scheme for privacy protection in the healthcare system which provides user untraceability by dynamic identity. However, we find that Zhang et al.'s scheme cannot withstand offline password guessing attacks and denial of service attacks. Besides, their scheme does not provide password and biometric change phase. To address these shortcomings, an enhanced scheme using Rabin cryptosystem and fuzzy verifier is proposed for MMIS. The analysis of both security and performance demonstrates that the enhanced AKA scheme is better than previous schemes proposed for MMIS.

Keywords

• Authentication
• multimedia
• healthcare
• privacy protection
• Rabin cryptosystem
• dynamic verification