Privacy Protection for Telecare Medicine Information Systems with Multiple Servers Using a Biometric-based Authenticated Key Agreement Scheme

Telecare medical information systems (TMIS) allow patients remotely login medical service providers to acquire their medical information and track their health status through unsecured public networks. Hence, the privacy of patients is vulnerable to various types of security threats and attacks, such as the leakage of medical records or login footprints and the forgery attacks. Many anonymous three-factor authentication and key agreement (AKA) schemes have been proposed for TMIS with single server, but none of them is suited for TMIS with multiple servers. In this paper, we propose a biometric-based three-factor AKA scheme to protect user anonymity and untraceability in TMIS with multiple servers. We will construct a security model of a three-factor AKA scheme with user anonymity in TMIS with multiple servers, and give a formal security proof of the proposed scheme. The security of the proposed scheme is based on the elliptic curve decisional Diffie-Hellman problem assumption and hash function assumption. We will show that the proposed scheme is efficient enough for low-power mobile devices.