Skip to main content
SpringerLink
Log in

Security analysis and Improvement of a Privacy Authentication Scheme for Telecare Medical Information Systems

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.’s. However, we have showed that Jiang et al.’s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user’s smart card. Also, it can’t resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients’ past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.’s scheme and is practical for TMIS.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2

Similar content being viewed by others

References

  1. Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst., 2013. doi:1007/s10916-012-9912-5.

    Google Scholar 

  2. Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  Google Scholar 

  3. Das, M.L., Two-factor user authentication in wireless sensor networks. IEEE Trans. Wirel. Commun. 8(3):1086–1090, 2009.

    Article  Google Scholar 

  4. Das, M.L., Saxena, A., Gulati, V.P., A dynamic id-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.

    Article  Google Scholar 

  5. He, D., Chen, J., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  6. Hsieh, W.B., and Leu, J.S., Anonymous authentication protocol based on elliptic curve diffie–hellman for wireless access networks. Wirel. Commun. Mob. Comput., 2012. doi:10.1002/wcm.2252.

    Google Scholar 

  7. Jiang, Q., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst., 2013. doi:10.1007/s10916-012-9897-0.

    Google Scholar 

  8. Khan, M. K., Kim, S. K., Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2011.

    Article  Google Scholar 

  9. Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology(CRYPTO99). pp. 388–397. Springer, 1999.

  10. Lin, H.Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst., 2013. doi:10.1007/s10916-013-9929-4.

    Google Scholar 

  11. Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  MathSciNet  Google Scholar 

  12. Wang, Y., Liu, J., Xiao, F., Dan, J., A more efficient and secure dynamic id-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009.

    Article  Google Scholar 

  13. Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  Google Scholar 

  14. Wen, F., and Li, X., An improved dynamic id-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2):381–387, 2011.

    Article  Google Scholar 

  15. Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  Google Scholar 

  16. Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst., 2013. doi:10.1007/s10916-012-9911-6.

    Google Scholar 

  17. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.

    Article  Google Scholar 

Download references

Acknowledgments

The authors would like to thank the anonymous referees for their invaluable comments.

Conflict of Interests

The authors declare that they have no conflict of interest.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Xiamen Institute of Technology, Huaqiao University, Xiamen, 361021, China

    Fan Wu

  2. School of Information Science and Technology, Xiamen University, Xiamen, 361005, China

    Lili Xu

Authors
  1. Fan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lili Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fan Wu.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Wu, F., Xu, L. Security analysis and Improvement of a Privacy Authentication Scheme for Telecare Medical Information Systems. J Med Syst 37, 9958 (2013). https://doi.org/10.1007/s10916-013-9958-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-013-9958-z

Keywords

Search

Navigation