Skip to main content
SpringerLink
Log in

Robust Anonymous Authentication Scheme for Telecare Medical Information Systems

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Patient can obtain sorts of health-care delivery services via Telecare Medical Information Systems (TMIS). Authentication, security, patient’s privacy protection and data confidentiality are important for patient or doctor accessing to Electronic Medical Records (EMR). In 2012, Chen et al. showed that Khan et al.’s dynamic ID-based authentication scheme has some weaknesses and proposed an improved scheme, and they claimed that their scheme is more suitable for TMIS. However, we show that Chen et al.’s scheme also has some weaknesses. In particular, Chen et al.’s scheme does not provide user’s privacy protection and perfect forward secrecy, is vulnerable to off-line password guessing attack and impersonation attack once user’s smart card is compromised. Further, we propose a secure anonymity authentication scheme to overcome their weaknesses even an adversary can know all information stored in smart card.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.

    Article  Google Scholar 

  2. Yang, C. M., Lin, H. C., Chang, P., and Jian, W. S., Taiwan’s perspective on electronic medical records’ security and privacy protection: Lessons learned from HIPAA. Comput. Meth. Prog. Biol. 82(3):277–282, 2006.

    Article  Google Scholar 

  3. Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.

    Article  Google Scholar 

  4. Witteman, M., Advances in smartcard security. Inf. Secur. Bull. 7(2002):11–22, 2002.

    Google Scholar 

  5. Lee, N. Y., and Chen, J. C., Improvement of one-time password authentication scheme using smart card. IEICE Trans. Commun. E88-B(9):3765–3769, 2005.

    Article  Google Scholar 

  6. Hölbl, M., Welzer, T., and Brumen, B., Attacks and improvement of an efficient remote mutual authentication and key agreement scheme. Cryptologia 34(1):52–59, 2009.

    Article  Google Scholar 

  7. Yeh, K. H., Sub, C. H., Loa, N. W., Li, Y., and Hung, Y. X., Two robust remote user authentication protocols using smart cards. J. Syst. Softw. 83(12):2556–2565, 2010.

    Article  Google Scholar 

  8. Wang, X. M., Zhang, W. F., Zhang, J. S., and Khan, M. K., Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Comput. Stand. Interfac. 29(5):507–512, 2007.

    Article  Google Scholar 

  9. Chen, T. H., Hsiang, H. C., and Shih, W. K., Security enhancement on an improvement on two remote user authentication schemes using smart cards. Futur. Gener. Comput. Syst. 27(4):377–380, 2011.

    Article  MATH  Google Scholar 

  10. Xie, Q., Improvement of a security enhanced one-time two-factor authentication and key agreement scheme. Sci. Iran., 2012. doi:10.1016/j.scient.2012.02.029.

  11. Wu, Z. Y., Chung, Y., Lai, F., and Chen, T. S., Password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36:631–638, 2012.

    Article  Google Scholar 

  12. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for Telecare Medicine Information Systems. J. Med. Syst. 36:1529–1535, 2012.

    Article  Google Scholar 

  13. He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for Telecare Medicine Information Systems. J. Med. Syst. 36:1989–1995, 2012.

    Article  Google Scholar 

  14. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for Telecare Medicine Information Systems. J. Med. Syst., 2012. doi:10.1007/s10916-012-9835-1.

  15. Zhu, Z., and, J. Med. Syst., 2012. doi:10.1007/s10916-012-9856-9.

  16. Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004. 508.

    Article  Google Scholar 

  17. Pu, Q., Wang, J., and Zhao, R., Strong authentication scheme for Telecare Medicine Information Systems. J. Med. Syst., 2011. doi:10.1007/s10916-011-9735-9.

  18. Wang, R. C., Juang, W. S., and Lei, C. L., Provably secure and efficient identification and key agreement protocol with user anonymity. J. Comput. Syst. Sci. 77(4):790–798, 2011.

    Article  MathSciNet  MATH  Google Scholar 

  19. Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for Telecare Medical Information Systems. J. Med. Syst., 2012. doi:10.1007/s10916-012-9862-y.

  20. Khan, M. K., Kim, K. S., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.

    Article  Google Scholar 

  21. Chen, H., Xiao, Y., Hong, X., Hu, F., and Xie, J., A survey of anonymity in wireless communication systems. Secur. Comm. Netw. 2:427–444, 2009.

    Article  Google Scholar 

  22. Kocher, P., Jaffe, J., and Jun, J., Differential power analysis. Proceedings of Advances in Cryptology (CRYPTO 99). pp.388–397, 1999.

  23. Messerges, T., Dabbish, E., and Sloan, R., Examining smartcard security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  MathSciNet  Google Scholar 

  24. Abadi, M., Blanchet, B., and Lundh, H. C., Models and proofs of protocol security: A progress report. 21st International Conference on Computer Aided Verification, Grenoble, France, pp. 35–49, 2009.

  25. Abadi, M., and Fournet, C., Mobile values, new names, and secure communication. Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM New York, pp. 104–115, 2001.

  26. Li, C. T., Hwang, M. S., and Chu, Y. P., A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Comput. Commun. 31:2803–2814, 2008.

    Article  Google Scholar 

Download references

Acknowledgments

The authors would like to thank the anonymous referees for their constructive comments. This research was supported by the National Natural Science Foundation of China (No. 61070153), Natural Science Foundation of Zhejiang Province (No. LZ12F02005), and the Major State Basic Research Development (973) Program of China (No. 2013CB834205).

Author information

Authors and Affiliations

  1. School of Information Science and Engineering, Hangzhou Normal University, Hangzhou, 310036, China

    Qi Xie & Na Dong

  2. Hangzhou Zhaohui Community Health Service Center, Hangzhou, 310014, China

    Jun Zhang

Authors
  1. Qi Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Na Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qi Xie.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Xie, Q., Zhang, J. & Dong, N. Robust Anonymous Authentication Scheme for Telecare Medical Information Systems. J Med Syst 37, 9911 (2013). https://doi.org/10.1007/s10916-012-9911-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-012-9911-6

Keywords

Search

Navigation