A secure heterogeneous mobile authentication and key agreement scheme for e-healthcare cloud systems

Heterogeneous mobile authentication is a crucial technique to securely retrieve the resource of e-healthcare cloud servers which are commonly implemented in a public key Infrastructure (PKI). Conventionally, a mobile data user can utilize a self-chosen password along with a portable device to request the access privilege of clouds. However, to validate the membership of users, a cloud server usually has to make use of a password table, which not only increases the burden of management, but also raises the possibility of information leakage. In this paper, we propose a secure heterogeneous mobile authentication and key agreement scheme for e-healthcare cloud systems. In our system structure, an e-healthcare cloud server of traditional PKIs does not have to store a password table. A legitimate data user only possesses a security token hardware and keeps an offline updatable password without using any private key. Our scheme is classified into the category of dynamic ID authentication techniques, since a data user is able to preserve his/her anonymity during authentication processes. We formally prove that the proposed mechanism fulfills the essential authenticated key exchange (AKE) security and owns lower computational costs. To further ensure the practical application security, an automatic security validation tool called AVISPA is also adopted to analyze possible attacks and pitfalls of our designed protocol.