Abstract
Patient can obtain sorts of health-care delivery services via Telecare Medical Information Systems (TMIS). Authentication, security, patient’s privacy protection and data confidentiality are important for patient or doctor accessing to Electronic Medical Records (EMR). In 2012, Chen et al. showed that Khan et al.’s dynamic ID-based authentication scheme has some weaknesses and proposed an improved scheme, and they claimed that their scheme is more suitable for TMIS. However, we show that Chen et al.’s scheme also has some weaknesses. In particular, Chen et al.’s scheme does not provide user’s privacy protection and perfect forward secrecy, is vulnerable to off-line password guessing attack and impersonation attack once user’s smart card is compromised. Further, we propose a secure anonymity authentication scheme to overcome their weaknesses even an adversary can know all information stored in smart card.
Similar content being viewed by others
References
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.
Yang, C. M., Lin, H. C., Chang, P., and Jian, W. S., Taiwan’s perspective on electronic medical records’ security and privacy protection: Lessons learned from HIPAA. Comput. Meth. Prog. Biol. 82(3):277–282, 2006.
Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.
Witteman, M., Advances in smartcard security. Inf. Secur. Bull. 7(2002):11–22, 2002.
Lee, N. Y., and Chen, J. C., Improvement of one-time password authentication scheme using smart card. IEICE Trans. Commun. E88-B(9):3765–3769, 2005.
Hölbl, M., Welzer, T., and Brumen, B., Attacks and improvement of an efficient remote mutual authentication and key agreement scheme. Cryptologia 34(1):52–59, 2009.
Yeh, K. H., Sub, C. H., Loa, N. W., Li, Y., and Hung, Y. X., Two robust remote user authentication protocols using smart cards. J. Syst. Softw. 83(12):2556–2565, 2010.
Wang, X. M., Zhang, W. F., Zhang, J. S., and Khan, M. K., Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Comput. Stand. Interfac. 29(5):507–512, 2007.
Chen, T. H., Hsiang, H. C., and Shih, W. K., Security enhancement on an improvement on two remote user authentication schemes using smart cards. Futur. Gener. Comput. Syst. 27(4):377–380, 2011.
Xie, Q., Improvement of a security enhanced one-time two-factor authentication and key agreement scheme. Sci. Iran., 2012. doi:10.1016/j.scient.2012.02.029.
Wu, Z. Y., Chung, Y., Lai, F., and Chen, T. S., Password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36:631–638, 2012.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for Telecare Medicine Information Systems. J. Med. Syst. 36:1529–1535, 2012.
He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for Telecare Medicine Information Systems. J. Med. Syst. 36:1989–1995, 2012.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for Telecare Medicine Information Systems. J. Med. Syst., 2012. doi:10.1007/s10916-012-9835-1.
Zhu, Z., and, J. Med. Syst., 2012. doi:10.1007/s10916-012-9856-9.
Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004. 508.
Pu, Q., Wang, J., and Zhao, R., Strong authentication scheme for Telecare Medicine Information Systems. J. Med. Syst., 2011. doi:10.1007/s10916-011-9735-9.
Wang, R. C., Juang, W. S., and Lei, C. L., Provably secure and efficient identification and key agreement protocol with user anonymity. J. Comput. Syst. Sci. 77(4):790–798, 2011.
Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for Telecare Medical Information Systems. J. Med. Syst., 2012. doi:10.1007/s10916-012-9862-y.
Khan, M. K., Kim, K. S., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.
Chen, H., Xiao, Y., Hong, X., Hu, F., and Xie, J., A survey of anonymity in wireless communication systems. Secur. Comm. Netw. 2:427–444, 2009.
Kocher, P., Jaffe, J., and Jun, J., Differential power analysis. Proceedings of Advances in Cryptology (CRYPTO 99). pp.388–397, 1999.
Messerges, T., Dabbish, E., and Sloan, R., Examining smartcard security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Abadi, M., Blanchet, B., and Lundh, H. C., Models and proofs of protocol security: A progress report. 21st International Conference on Computer Aided Verification, Grenoble, France, pp. 35–49, 2009.
Abadi, M., and Fournet, C., Mobile values, new names, and secure communication. Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM New York, pp. 104–115, 2001.
Li, C. T., Hwang, M. S., and Chu, Y. P., A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Comput. Commun. 31:2803–2814, 2008.
Acknowledgments
The authors would like to thank the anonymous referees for their constructive comments. This research was supported by the National Natural Science Foundation of China (No. 61070153), Natural Science Foundation of Zhejiang Province (No. LZ12F02005), and the Major State Basic Research Development (973) Program of China (No. 2013CB834205).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Xie, Q., Zhang, J. & Dong, N. Robust Anonymous Authentication Scheme for Telecare Medical Information Systems. J Med Syst 37, 9911 (2013). https://doi.org/10.1007/s10916-012-9911-6
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-012-9911-6