The rapid development of electronic healthcare (e-Health) has brought great convenience to people's life. In order to guarantee the security of users, a large number of identity authentication protocols have been put forward. Recently, Jiang et al. proposed a privacy preserving three-factor authentication protocol for e-Health clouds. However, we find that their protocol cannot resist the replay attack, the denial of service attack and the known session-specific temporary information attack. Then we propose a secure three-factor-based authentication with key agreement protocol. The analyses show our protocol overcomes the weaknesses of Jiang et al.'s protocol. Moreover, our protocol can resist replay attack, man-in-the-middle attack and provide the user anonymity, the user untraceability, the perfect forward secrecy, etc. In addition, we prove the security of the protocol by the well-known Burrows-Abadi-Needham (BAN) logic. By comparing with the related protocols, we find that our protocol has better security and performance. Therefore, we believe our protocol is more suitable for e-Health clouds.
展开▼