Skip to main content
SpringerLink
Log in

Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems

  • Patient Facing Systems
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Recently, many authentication protocols have been presented using smartcard for the telecare medicine information system (TMIS). In 2014, Xu et al. put forward a two-factor mutual authentication with key agreement protocol using elliptic curve cryptography (ECC). However, the authors have proved that the protocol is not appropriate for practical use as it has many problems (1) it fails to achieve strong authentication in login and authentication phases; (2) it fails to update the password correctly in the password change phase; (3) it fails to provide the revocation of lost/stolen smartcard; and (4) it fails to protect the strong replay attack. We then devised an anonymous and provably secure two-factor authentication protocol based on ECC. Our protocol is analyzed with the random oracle model and demonstrated to be formally secured against the hardness assumption of computational Diffie-Hellman problem. The performance evaluation demonstrated that our protocol outperforms from the perspective of security, functionality and computation costs over other existing designs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Kim, K.-W., and Lee, J.-D., On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 38(5):17, 2014.

    Article  Google Scholar 

  2. Wen, F., and Guo, D., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(6):26, 2014.

    Article  Google Scholar 

  3. Li, C.-T., Lee, C.-C., and Weng, C.-Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):77, 2014.

    Article  Google Scholar 

  4. Xie, Q., Liu, W., Wang, S., Han, L., Hu, B., and Wu, T., Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care. J. Med. Syst. 38(9): 91, 2014.

    Article  Google Scholar 

  5. Kaul, S. D., and Awasthi, A. K., RFID authentication protocol to enhance patient medication safety. J. Med. Syst. 37:9979, 2013.

    Article  Google Scholar 

  6. Wen, F., A robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9980, 2013.

    Article  Google Scholar 

  7. Yau, W.-C., and Phan, R.C.-W., Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37:9993, 2013.

    Article  Google Scholar 

  8. Siddiqui, Z., Abdullah, A. H., Khan, M. K., and Alghamdi, A. S., Smart environment as a service: three factor cloud based user authentication for telecare medical information system. J. Med. Syst. 38:9997, 2014.

    Article  Google Scholar 

  9. He, D., Chen, J., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  10. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  Google Scholar 

  11. Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., and Yen, D. C., Design and implementation of a telecare information platform. J. Med. Syst. 36(3):1629–1650, 2012.

    Article  Google Scholar 

  12. Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  Google Scholar 

  13. Youn, T.-Y., Kang, E., and Lee, C., Efficient three-party key exchange protocols with round efficiency. Telecommun. Syst. 52(2):1367–1376, 2013.

    Google Scholar 

  14. Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2010.

    Article  Google Scholar 

  15. Wu, Z.-Y., Chung, Y., Lai, F.,and Chen, T.-S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.

    Article  Google Scholar 

  16. Islam, S. H., and Biswas, G. P., Cryptanalysis and improvement of a password-based user authentication scheme for integrated EPR information system. J. King Saud University-Comput. Inf. Sci. Accepted (2014)

  17. Pu, Q., Wang, J., and Zhao, R., Strong authentication scheme for telecare medicine information systems. J. Med. Syst. 36(4):2609–2619, 2012.

    Article  Google Scholar 

  18. Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  Google Scholar 

  19. Jiang, Q., Ma, J., Ma, Z., and Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37:9897, 2013.

    Article  Google Scholar 

  20. Kumari, S., Khan, M. K., and Kumar, R., Cryptanalysis and improvement of ‘a privacy enhanced scheme for telecare medical information systems’. J. Med. Syst. 37:9952–9962, 2013.

    Article  Google Scholar 

  21. Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., and He, L., A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. J. Med. Syst. 38:9994, 2014.

    Article  Google Scholar 

  22. Ballare, M., and Rogaway, P., Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS’93), pp. 62–73 (1993)

  23. Khan, M. K., Kim, S.-K., and Alghathbar, K., Cryptanalysis and security enhancement of a ’more efficient & secure dynamic ID-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2011.

    Article  Google Scholar 

  24. Islam, S. H., and Biswas, G. P., A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.

    Article  Google Scholar 

  25. Islam, S. H., and Biswas, G. P., Design of improved password authentication and update scheme based on elliptic curve cryptography. Math. Comput. Model. 57(11–12):2703–2717 , 2013.

    Article  MATH  Google Scholar 

  26. Das, A. K., and Goswami, A., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(3):1–16, 2013.

    Article  Google Scholar 

  27. Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 3 (5):1–17, 2013.

    Article  Google Scholar 

  28. Fan, C.-I., Chan, Y.-C., and Zhang, Z.-K., Robust remote authentication scheme with smart cards. Comput. Secur. 24:619–628, 2005.

    Article  Google Scholar 

  29. Xu, J., Zhu, W. T., and Feng, D. G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.

    Article  Google Scholar 

  30. Wang, X., Guo, W., Zhang, W., Khan, M. K., and Alghathbar, K., Cryptanalysis and improvement on a parallel keyed hash function based on chaotic neural network. Telecommun. Syst. 52(2):515–524, 2013.

    Google Scholar 

  31. Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smartcard security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2012.

    Article  MathSciNet  Google Scholar 

  32. Joye, M., and Olivier, F., Side-channel analysis, encyclopedia of cryptography and security, pp. 571–576. Kluwer Academic Publishers (2005)

  33. Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Proceedings of Advances in Cryptology (Crypto’99), pp. 388–397. LNCS (1999)

  34. Das, A. K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.

    Article  Google Scholar 

  35. Shoup, V., Sequences of Games: A Tool for Taming Complexity in Security Proofs. Cryptology ePrint Archieve, Report 2004/332. Available at http://eprint.iacr.org/2004/332 (2004)

  36. Dolev, D., and Yao, A., On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198–208, 1983.

    Article  MathSciNet  MATH  Google Scholar 

  37. Islam, S. H., and Biswas, G. P., A pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks. Ann. Telecommun. 67:547–558, 2012.

    Article  Google Scholar 

  38. Islam, S. H., and Biswas, G. P., Provably secure and pairing-free certificateless digital signature scheme using elliptic curve cryptography. Int. J. Comput. Math. 90(11):2244–2258, 2013.

    Article  MATH  Google Scholar 

  39. Islam, S. H., and Biswas, G. P., Provably secure certificateless strong designated verifier signature scheme based on elliptic curve bilinear pairings. J. King Saud University-Comput. Inf. Sci. 25:51–61, 2013.

    Google Scholar 

  40. He, D., An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings. Ad Hoc Netw. 10:1009–1016, 2012.

    Article  Google Scholar 

Download references

Acknowledgments

The authors would like to acknowledge the many helpful suggestions of the anonymous reviewers and the Editor, which have improved the content and the presentation of this paper. This work was partly supported by the National Natural Science Foundation of China under Grants no. 61300220 and 61371098.

Conflicts of Interest

The authors declare that they have no conflict of interest.

Author information

Authors and Affiliations

  1. Department of Computer Science and Information Systems, Birla Institute of Technology and Science, Pilani, Rajasthan, 333031, India

    SK Hafizul Islam

  2. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

Authors
  1. SK Hafizul Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to SK Hafizul Islam.

Additional information

This article is part of the Topical Collection on Patient Facing Systems

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Islam, S.H., Khan, M.K. Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems. J Med Syst 38, 135 (2014). https://doi.org/10.1007/s10916-014-0135-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0135-9

Keywords

Search

Navigation