Abstract
Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.’s. However, we have showed that Jiang et al.’s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user’s smart card. Also, it can’t resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients’ past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.’s scheme and is practical for TMIS.
Similar content being viewed by others
References
Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst., 2013. doi:1007/s10916-012-9912-5.
Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.
Das, M.L., Two-factor user authentication in wireless sensor networks. IEEE Trans. Wirel. Commun. 8(3):1086–1090, 2009.
Das, M.L., Saxena, A., Gulati, V.P., A dynamic id-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.
He, D., Chen, J., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.
Hsieh, W.B., and Leu, J.S., Anonymous authentication protocol based on elliptic curve diffie–hellman for wireless access networks. Wirel. Commun. Mob. Comput., 2012. doi:10.1002/wcm.2252.
Jiang, Q., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst., 2013. doi:10.1007/s10916-012-9897-0.
Khan, M. K., Kim, S. K., Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2011.
Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology(CRYPTO99). pp. 388–397. Springer, 1999.
Lin, H.Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst., 2013. doi:10.1007/s10916-013-9929-4.
Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Wang, Y., Liu, J., Xiao, F., Dan, J., A more efficient and secure dynamic id-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009.
Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.
Wen, F., and Li, X., An improved dynamic id-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2):381–387, 2011.
Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.
Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst., 2013. doi:10.1007/s10916-012-9911-6.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.
Acknowledgments
The authors would like to thank the anonymous referees for their invaluable comments.
Conflict of Interests
The authors declare that they have no conflict of interest.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wu, F., Xu, L. Security analysis and Improvement of a Privacy Authentication Scheme for Telecare Medical Information Systems. J Med Syst 37, 9958 (2013). https://doi.org/10.1007/s10916-013-9958-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-013-9958-z