Journal of Medical Systems

, 37:9952

Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’

Original Paper

DOI: 10.1007/s10916-013-9952-5

Cite this article as:
Kumari, S., Khan, M.K. & Kumar, R. J Med Syst (2013) 37: 9952. doi:10.1007/s10916-013-9952-5


To ensure reliable telecare services some user authentication schemes for telecare medical information system (TMIS) have been presented in literature. These schemes are proposed with intent to regulate only authorized access to medical services so that medical information can be protected from misuse. Very recently Jiang et al. proposed a user authentication scheme for TMIS which they claimed to provide enhanced privacy. They made use of symmetric encryption/decryption with cipher block chaining mode (CBC) to achieve the claimed user privacy. Their scheme provides features like user anonymity and user un-traceability unlike its preceding schemes on which it is built. Unluckily, authors overlook some important aspects in designing their scheme due to which it falls short to resist user impersonation attack, guessing attacks and denial of service attack. Besides, its password change phase is not secure; air message confidentiality is at risk and also has some other drawbacks. Therefore, we propose an improved scheme free from problems observed in Jiang et al.’s scheme and more suitable for TMIS.


Telecare medical information system User authentication Temporary identity Medical services Impersonation attack Security 

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Saru Kumari
    • 1
  • Muhammad Khurram Khan
    • 2
  • Rahul Kumar
    • 3
  1. 1.Department of MathematicsAgra CollegeAgraIndia
  2. 2.Center of Excellence in Information AssuranceKing Saud UniversityRiyadhKingdom of Saudi Arabia
  3. 3.Department of MathematicsD. B. S. CollegeKanpurIndia

Personalised recommendations