An improved user authentication scheme for electronic medical record systems

Abstract

Electronic Medical Record (EMR) systems is a part of e-healthcare system, which is developing rapidly. In this, it is possible to deliver medical services among multiple participants over a network without physical presence. Since sensitive data is transmitted over public channels, it is very much required to maintain the secrecy of that data. This is achieved by mutual authentication between the participants. For this, various schemes for authentication with smart cards have been proposed. Han et al. proposed one such biometrics-based scheme for the same purpose using hash functions along with symmetric key encryption and elliptic curve cryptography. From cryptanalysis of their scheme, we have pointed out weaknesses viz. no user anonymity, user and server impersonation, man-in-the-middle attack. These security issues have been presented in this article. To overcome these attacks, a scheme has been proposed in this article. Since it does not use symmetric key encryption, the proposed scheme reduces the computational complexity as can be seen in the comparison provided. The security analysis of the proposed scheme, along with BAN (Burrows-Abadi-Needham) logic has been explained in detail. Comparison of the proposed scheme with related schemes with respect to computation cost, execution time and performance is demonstrated. This proves that the proposed scheme performs well in terms of security as well as computational efficiency. © 2020, Springer Science+Business Media, LLC, part of Springer Nature.