Skip to main content
SpringerLink
Log in

A robust authentication scheme for telecare medical information systems

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

With the speedy progress in technology, the Internet has become a non-separable part of human life. It is obvious to use the Internet in all fields and medical field is no exception. The concept of establishing telecare medicine information systems(TMIS) for patients is gaining more popularity recently. To ensure the privacy of patients and to allow authorized access to remote medical servers, many authentication schemes have been proposed. Li et al., in 2016, proposed a secure dynamic identity and chaotic maps based user authentication and key agreement scheme. They claimed that the scheme is resistant to most of the known attacks. However, from thorough cryptanalysis, we have proved that their scheme is vulnerable to user impersonation attack, password guessing attack and server impersonation attack. We have also illustrated that their scheme does not provide user anonymity, convenient smart card revocation and security to session key. To overcome the aforementioned security weaknesses, we have proposed an enhanced authentication scheme using chaotic maps, which has been discussed in this paper along with its cryptanalysis. Cryptanalysis of the proposed scheme proves that the scheme is more robust and suitable for implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Amin R, Biswas G (2015) An improved rsa based user authentication and session key agreement protocol usable in tmis. J Med Syst 39(8):79

    Article  Google Scholar 

  2. Anderson JG (2007) Social, ethical and legal barriers to e-health. Int J Med Inf 76(5):480–483

    Google Scholar 

  3. Bai T, Lin J, Li G, Wang H, Ran P, Li Z, Li D, Pang Y, Wu W, Jeon G (2018) A lightweight method of data encryption in bans using electrocardiogram signal, Future Generation Computer Systems

  4. Bhatt C, Dey N, Ashour AS (2017) Internet of things and big data technologies for next generation healthcare

  5. Breaux T, Antón A (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Trans Softw Eng 34(1):5–20

    Article  Google Scholar 

  6. Burrows M, Abadi M, Needham RM (1989) A logic of authentication. In: Proceedings of the royal society of London a: mathematical, physical and engineering sciences, vol 426, pp 233–271 The Royal Society

  7. Cao T, Zhai J (2013) Improved dynamic id-based authentication scheme for telecare medical information systems. J Med Syst 37(2):9912

    Article  Google Scholar 

  8. Chaturvedi A, Mishra D, Mukhopadhyay S (2013) Improved biometric-based three-factor remote user authentication scheme with key agreement using smart card. In: International conference on information systems security, pp 63–77 Springer

  9. Chen HM, Lo JW, Yeh CK (2012) An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J Med Syst 36(6):3907–3915

    Article  Google Scholar 

  10. Chen TL, Chung YF, Lin FY (2012) A study on agent-based secure scheme for electronic medical record system. J Med Syst 36(3):1345–1357

    Article  Google Scholar 

  11. Das AK (2015) A secure and robust password-based remote user authentication scheme using smart cards for the integrated epr information system. J Med Syst 39(3):25

    Article  Google Scholar 

  12. Debiao H, Jianhua C, Rui Z (2012) A more secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1989–1995

    Article  Google Scholar 

  13. Devaney RL, Siegel PB, Mallinckrodt AJ, McKay S (1993) A first course in chaotic dynamical systems: theory and experiment. Comput Phys 7(4):416–417

    Article  Google Scholar 

  14. Hannan TJ (1996) Electronic medical records. Health Inf an Overview, vol 133

  15. He D, Bu J, Chan S, Chen C, Yin M (2011) Privacy-preserving universal authentication protocol for wireless communications. IEEE Trans Wirel Commun 10(2):431–436

    Article  Google Scholar 

  16. Jiang Q, Ma J, Ma Z, Li G (2013) A privacy enhanced authentication scheme for telecare medical information systems. J Med Syst 37(1):9897

    Article  Google Scholar 

  17. Jiang Q, Wei F, Fu S, Ma J, Li G, Alelaiwi A (2016) Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dynamics 83(4):2085–2101

    Article  MathSciNet  MATH  Google Scholar 

  18. Kocarev L, Lian S (2011) Chaos-based cryptography: theory, algorithms and applications (Vol. 354). Springer Science & Business Media.

  19. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in cryptology—CRYPTO’99, pp 789–789 Springer

  20. Lee TF (2013) An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J Med Syst 37 (6):9985

    Article  Google Scholar 

  21. Lee TF, Chang IP, Lin TH, Wang CC (2013) A secure and efficient password-based user authentication scheme using smart cards for the integrated epr information system. J Med Syst 37(3):9941

    Article  Google Scholar 

  22. Li CT, Lee CC, Weng CY, Chen SJ (2016) A secure dynamic identity and chaotic maps based user authentication and key agreement scheme for e-healthcare systems. J Med Syst 40(11):233

    Article  Google Scholar 

  23. Lovis C, Baud RH, Scherrer J-R (1998) Internet integrated in the daily medical practice within an electronic patient record. Comput Biol Med 28(5):567–579

    Article  Google Scholar 

  24. Lu Y, Li L, Peng H, Xie D, Yang Y (2015) Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 39(6):65

    Article  Google Scholar 

  25. Madhusudhan R, Mittal R (2012) Dynamic id-based remote user password authentication schemes using smart cards: a review. J Netw Comput Appl 35 (4):1235–1248

    Article  Google Scholar 

  26. Masuda N, Aihara K (2002) Cryptosystems with discretized chaotic maps. IEEE Trans Circ Syst I Fundam Theory Appl 49(1):28–40

    Article  MathSciNet  MATH  Google Scholar 

  27. Meingast M, Roosta T, Sastry S (2006) Security and privacy issues with health care information technology. In: 28th annual international conference of the IEEE Engineering in Medicine and Biology Society, 2006. EMBS’06, IEEE, pp 5453–5458

  28. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  MATH  Google Scholar 

  29. Mir O, van der Weide T, Lee CC (2015) A secure user anonymity and authentication scheme using avispa for telecare medical information systems. J Med Syst 39(9):89

    Article  Google Scholar 

  30. Mishra D (2015) On the security flaws in id-based password authentication schemes for telecare medical information systems. J Med Syst 39(1):154

    Article  Google Scholar 

  31. Mishra D, Mukhopadhyay S, Kumari S, Khan MK, Chaturvedi A (2014) Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J Med Syst 38(5):41

    Article  Google Scholar 

  32. Mishra D, Srinivas J, Mukhopadhyay S (2014) A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J Med Syst 38(10):120

    Article  Google Scholar 

  33. Moon J, Choi Y, Kim J, Won D (2016) An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 40(3):70

    Article  Google Scholar 

  34. Nikooghadam M, Zakerolhosseini A (2012) Secure communication of medical information using mobile agents. J Med Syst 36(6):3839–3850

    Article  Google Scholar 

  35. Rind DM, Safran C (1993) Real and imagined barriers to an electronic medical record. In: Proceedings of the annual symposium on computer application in medical care, p 74 American medical informatics association

  36. Safran C, Goldberg H (2000) Electronic patient records and the impact of the internet. Int J Med Inform 60(2):77–83

    Article  Google Scholar 

  37. Shen J, Gui Z, Ji S, Shen J, Tan H, Tang Y (2018) Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. J Netw Comput Appl 106:117–123

    Article  Google Scholar 

  38. Steward M (2005) Electronic medical records: privacy, confidentiality, liability. J Leg Med 26(4):491–506

    Article  Google Scholar 

  39. Tang PC, Ash JS, Bates DW, Overhage JM, Sands DZ (2006) Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption. J Am Med Inform Assoc 13(2):121–126

    Article  Google Scholar 

  40. Tsai CS, Lee CC, Hwang MS (2006) Password authentication schemes: Current status and key issues. IJ Netw Secur 3(2):101–115

    Google Scholar 

  41. Uslu AM, Stausberg J (2008) Value of the electronic patient record: an analysis of the literature. J Biomed Inf 41(4):675–682

    Article  Google Scholar 

  42. van Ginneken AM (2002) The computerized patient record: balancing effort and benefit. Int J Med Inf 65(2):97–119

    Article  Google Scholar 

  43. Wang J, Han K, Alexandridis A, Zilic Z, Pang Y, Lin J (2018) An asic implementation of security scheme for body area networks. In: 2018 IEEE International Symposium on Circuits and Systems (ISCAS), IEEE, pp 1–5

  44. Wang J, Han K, Alexandridis A, Zilic Z, Pang Y, Wu W, Din S, Jeon G (2018) A novel security scheme for body area networks compatible with smart vehicles. Comput Netw 143:74–81

    Article  Google Scholar 

  45. Wazid M, Das AK, Kumar N, Conti M, Vasilakos AV (2018) A novel authentication and key agreement scheme for implantable medical devices deployment. IEEE J Biomed Health Inf 4:22

    Google Scholar 

  46. Wei J, Hu X, Liu W (2012) An improved authentication scheme for telecare medicine information systems. J Med Syst 36(6):3597–3604

    Article  Google Scholar 

  47. Wen F (2014) A more secure anonymous user authentication scheme for the integrated epr information system. J Med Syst 38(5):42

    Article  Google Scholar 

  48. Wen F, Guo D (2014) An improved anonymous authentication scheme for telecare medical information systems. J Med Syst 38(5):26

    Article  Google Scholar 

  49. William S (1999) Cryptography and network security: principles and practice. Prentice-Hall, Inc, 23-50

  50. Wu F, Xu L (2013) Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J Med Syst 37(4):9958

    Article  Google Scholar 

  51. Wu ZY, Chung Y, Lai F, Chen TS (2012) A password-based user authentication scheme for the integrated epr information system. J Med Syst 36(2):631–638

    Article  Google Scholar 

  52. Wu ZY, Lee YC, Lai F, Lee HC, Chung Y (2012) A secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1529–1535

    Article  Google Scholar 

  53. Xie Q, Zhang J, Dong N (2013) Robust anonymous authentication scheme for telecare medical information systems. J Med Syst 37(2):9911

    Article  Google Scholar 

  54. Zhang L (2008) Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons & Fractals 37(3):669–674

    Article  MathSciNet  MATH  Google Scholar 

  55. Zhu Z (2012) An efficient authentication scheme for telecare medicine information systems. J Med Syst 36(6):3833–3838

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematical and Computational Sciences, National Institute of Technology Karnataka, Surathkal, Karnataka, India

    R. Madhusudhan & Chaitanya S. Nayak

Authors
  1. R. Madhusudhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chaitanya S. Nayak
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to R. Madhusudhan.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Madhusudhan, R., Nayak, C.S. A robust authentication scheme for telecare medical information systems. Multimed Tools Appl 78, 15255–15273 (2019). https://doi.org/10.1007/s11042-018-6884-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-018-6884-6

Keywords

Search

Navigation