Skip to main content
SpringerLink
Log in

Simple Group Password-based Authenticated Key Agreements for the Integrated EPR Information System

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients’ medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users’ overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users’ public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Chen, T. L., Chung, Y. F., and Lin, F. Y. S., A study on agent-based secure scheme for electronic medical record system. J. Med. Syst., 2012. doi:10.1007/s10916-010-9595-8.

  2. Wu, Z., Chung, Y., Lai, F., and Chen, T., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.

    Article  Google Scholar 

  3. Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.

    Article  Google Scholar 

  4. Van Der Haak, M., Wolff, A. C., Brandner, R., Drings, P., Wannenmacher, M., and Wetter, T., Data security and protection in cross-institutional electronic patient records. Int. J. Med. Inform. 70(2–3):14, 2003.

    Google Scholar 

  5. Tsai, F. S., Security issues in e-healthcare. J. Med. Biol. Eng. 30(4):209–214, 2010.

    Article  Google Scholar 

  6. He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2012. doi:10.1007/s10916-011-9658-5.

  7. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2010. doi:10.1007/s10916-010-9614-9.

  8. Tzeng, W.-G., Tzeng, Z.-J., Round-efficient conference key agreement protocols with provable security. Proc. of Advances in Cryptology –ASIACRYPT 2000. LNCS 1976, 614–627, 2000.

  9. Tzeng, W.-G., A secure fault-tolerant conference-key agreement protocol. IEEE Trans. Comput. 51(4):373–379, 2002.

    Article  MathSciNet  Google Scholar 

  10. Boyd, C., Nieto, J. M. G., Round-optimal contributory conference key agreement. Public Key Cryptography - PKC 2003. LNCS 2567, 161–174, 2003.

  11. Lee, T.-F., Hwang, T., Improvement of the round-optimal conference key agreement protocol of Boyd and Nieto. 16th Information Security Conference. 98–102, 2006.

  12. Lee, T.-F., Wen, H.-A., Hwang, T., A weil pairing-based round-efficient and fault-tolerant group key agreement protocol for sensor networks. IEEE Press - Sensor Network Operations. 571–579, 2006.

  13. Jeong, I., and Lee, D., Key agreement for key hypergraph. Comput. Secur. 26:452–458, 2007.

    Article  Google Scholar 

  14. Lee, T.-F., Wen, H.-A., Jin, Y.-C., Chen, C.-S., Password-based group key agreement with server’s public key for Hypergraphs. 2008 Symposium on Applications of Information, Management and Communication Technology, 2008.

  15. Lee, S.M., Hwang, J.-Y., Lee, D.-H., Efficient password-based group key exchange. TrustBus 2004: Trust and Privacy in Digital Business, 1st International Conference. LNCS 3184, 191–199, 2004.

  16. Abdalla, M., Bresson, E. l., Chevassut, O., Pointcheval, D., Password-based group key exchange in a constant number of rounds. Public Key Cryptography - PKC 2006. LNCS 3958, 427–442, 2006.

  17. Dutta, R., and Barua, R., Password-based encrypted group key agreement. Int. J. Netw. Secur. 3(1):30–41, 2006.

    Google Scholar 

  18. Abdalla, M., Pointcheval, D., Simple password-based authenticated key protocols. Topics in Cryptology - CT-RSA 2005. LNCS 3376, 191–208, 2005.

    Google Scholar 

  19. Merkle, R. C., A fast software one-way hash function. J. Cryptol. 3(1):43–58, 1990.

    Article  MathSciNet  MATH  Google Scholar 

  20. Kim, H.-J., Lee, S.-M., Lee, D.-H., Constant-round authenticated group key exchange for dynamic groups. Advances in Cryptology – ASIACRYPT 2004. LNCS 3329, 245–259, 2004.

  21. Bresson, E., Chevassut, O., Pointcheval, D., Provably authenticated group Diffie-Hellman key exchange – the dynamic case. Advances in Cryptology– ASIACRYPT 2001. LNCS 2248, 290–309, 2001.

  22. Bresson, E., Chevassut, O., Pointcheval, D., Group Diffie-Hellman key exchange secure against dictionary attacks. Advances in Cryptology– ASIACRYPT 2002. LNCS 2501, 497–514, 2002.

  23. Bresson, E., Chevassut, O., Pointcheval, D., Dynamic group Diffie-Hellman key exchange under standard assumptions. Advances in Cryptology – EUROCRYPT 2002. LNCS 2332, 321–336, 2002.

Download references

Acknowledgments

This effort was supported by National Science Council under the grants NSC100-2221-E-320-004.

Author information

Authors and Affiliations

  1. Department of Medical Informatics, Tzu Chi University, No. 701, Zhongyang Road, Sec. 3, Hualien, 97004, Taiwan, Republic of China

    Tian-Fu Lee

  2. Institute of Manufacturing Information and Systems, National Cheng Kung University, No. 1, Ta-Hsueh Road, Tainan, 70101, Taiwan, Republic of China

    I-Pin Chang & Ching-Cheng Wang

  3. Department of Digital Applications, Kang Ning University, No. 1, Ta-Hsueh Road, Tainan, 70101, Taiwan, Republic of China

    I-Pin Chang

Authors
  1. Tian-Fu Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. I-Pin Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ching-Cheng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tian-Fu Lee.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lee, TF., Chang, IP. & Wang, CC. Simple Group Password-based Authenticated Key Agreements for the Integrated EPR Information System. J Med Syst 37, 9916 (2013). https://doi.org/10.1007/s10916-012-9916-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-012-9916-1

Keywords

Search

Navigation