Abstract
With the speedy progress in technology, the Internet has become a non-separable part of human life. It is obvious to use the Internet in all fields and medical field is no exception. The concept of establishing telecare medicine information systems(TMIS) for patients is gaining more popularity recently. To ensure the privacy of patients and to allow authorized access to remote medical servers, many authentication schemes have been proposed. Li et al., in 2016, proposed a secure dynamic identity and chaotic maps based user authentication and key agreement scheme. They claimed that the scheme is resistant to most of the known attacks. However, from thorough cryptanalysis, we have proved that their scheme is vulnerable to user impersonation attack, password guessing attack and server impersonation attack. We have also illustrated that their scheme does not provide user anonymity, convenient smart card revocation and security to session key. To overcome the aforementioned security weaknesses, we have proposed an enhanced authentication scheme using chaotic maps, which has been discussed in this paper along with its cryptanalysis. Cryptanalysis of the proposed scheme proves that the scheme is more robust and suitable for implementation.
Similar content being viewed by others
References
Amin R, Biswas G (2015) An improved rsa based user authentication and session key agreement protocol usable in tmis. J Med Syst 39(8):79
Anderson JG (2007) Social, ethical and legal barriers to e-health. Int J Med Inf 76(5):480–483
Bai T, Lin J, Li G, Wang H, Ran P, Li Z, Li D, Pang Y, Wu W, Jeon G (2018) A lightweight method of data encryption in bans using electrocardiogram signal, Future Generation Computer Systems
Bhatt C, Dey N, Ashour AS (2017) Internet of things and big data technologies for next generation healthcare
Breaux T, Antón A (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Trans Softw Eng 34(1):5–20
Burrows M, Abadi M, Needham RM (1989) A logic of authentication. In: Proceedings of the royal society of London a: mathematical, physical and engineering sciences, vol 426, pp 233–271 The Royal Society
Cao T, Zhai J (2013) Improved dynamic id-based authentication scheme for telecare medical information systems. J Med Syst 37(2):9912
Chaturvedi A, Mishra D, Mukhopadhyay S (2013) Improved biometric-based three-factor remote user authentication scheme with key agreement using smart card. In: International conference on information systems security, pp 63–77 Springer
Chen HM, Lo JW, Yeh CK (2012) An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J Med Syst 36(6):3907–3915
Chen TL, Chung YF, Lin FY (2012) A study on agent-based secure scheme for electronic medical record system. J Med Syst 36(3):1345–1357
Das AK (2015) A secure and robust password-based remote user authentication scheme using smart cards for the integrated epr information system. J Med Syst 39(3):25
Debiao H, Jianhua C, Rui Z (2012) A more secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1989–1995
Devaney RL, Siegel PB, Mallinckrodt AJ, McKay S (1993) A first course in chaotic dynamical systems: theory and experiment. Comput Phys 7(4):416–417
Hannan TJ (1996) Electronic medical records. Health Inf an Overview, vol 133
He D, Bu J, Chan S, Chen C, Yin M (2011) Privacy-preserving universal authentication protocol for wireless communications. IEEE Trans Wirel Commun 10(2):431–436
Jiang Q, Ma J, Ma Z, Li G (2013) A privacy enhanced authentication scheme for telecare medical information systems. J Med Syst 37(1):9897
Jiang Q, Wei F, Fu S, Ma J, Li G, Alelaiwi A (2016) Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dynamics 83(4):2085–2101
Kocarev L, Lian S (2011) Chaos-based cryptography: theory, algorithms and applications (Vol. 354). Springer Science & Business Media.
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in cryptology—CRYPTO’99, pp 789–789 Springer
Lee TF (2013) An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J Med Syst 37 (6):9985
Lee TF, Chang IP, Lin TH, Wang CC (2013) A secure and efficient password-based user authentication scheme using smart cards for the integrated epr information system. J Med Syst 37(3):9941
Li CT, Lee CC, Weng CY, Chen SJ (2016) A secure dynamic identity and chaotic maps based user authentication and key agreement scheme for e-healthcare systems. J Med Syst 40(11):233
Lovis C, Baud RH, Scherrer J-R (1998) Internet integrated in the daily medical practice within an electronic patient record. Comput Biol Med 28(5):567–579
Lu Y, Li L, Peng H, Xie D, Yang Y (2015) Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 39(6):65
Madhusudhan R, Mittal R (2012) Dynamic id-based remote user password authentication schemes using smart cards: a review. J Netw Comput Appl 35 (4):1235–1248
Masuda N, Aihara K (2002) Cryptosystems with discretized chaotic maps. IEEE Trans Circ Syst I Fundam Theory Appl 49(1):28–40
Meingast M, Roosta T, Sastry S (2006) Security and privacy issues with health care information technology. In: 28th annual international conference of the IEEE Engineering in Medicine and Biology Society, 2006. EMBS’06, IEEE, pp 5453–5458
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Mir O, van der Weide T, Lee CC (2015) A secure user anonymity and authentication scheme using avispa for telecare medical information systems. J Med Syst 39(9):89
Mishra D (2015) On the security flaws in id-based password authentication schemes for telecare medical information systems. J Med Syst 39(1):154
Mishra D, Mukhopadhyay S, Kumari S, Khan MK, Chaturvedi A (2014) Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J Med Syst 38(5):41
Mishra D, Srinivas J, Mukhopadhyay S (2014) A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J Med Syst 38(10):120
Moon J, Choi Y, Kim J, Won D (2016) An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 40(3):70
Nikooghadam M, Zakerolhosseini A (2012) Secure communication of medical information using mobile agents. J Med Syst 36(6):3839–3850
Rind DM, Safran C (1993) Real and imagined barriers to an electronic medical record. In: Proceedings of the annual symposium on computer application in medical care, p 74 American medical informatics association
Safran C, Goldberg H (2000) Electronic patient records and the impact of the internet. Int J Med Inform 60(2):77–83
Shen J, Gui Z, Ji S, Shen J, Tan H, Tang Y (2018) Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. J Netw Comput Appl 106:117–123
Steward M (2005) Electronic medical records: privacy, confidentiality, liability. J Leg Med 26(4):491–506
Tang PC, Ash JS, Bates DW, Overhage JM, Sands DZ (2006) Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption. J Am Med Inform Assoc 13(2):121–126
Tsai CS, Lee CC, Hwang MS (2006) Password authentication schemes: Current status and key issues. IJ Netw Secur 3(2):101–115
Uslu AM, Stausberg J (2008) Value of the electronic patient record: an analysis of the literature. J Biomed Inf 41(4):675–682
van Ginneken AM (2002) The computerized patient record: balancing effort and benefit. Int J Med Inf 65(2):97–119
Wang J, Han K, Alexandridis A, Zilic Z, Pang Y, Lin J (2018) An asic implementation of security scheme for body area networks. In: 2018 IEEE International Symposium on Circuits and Systems (ISCAS), IEEE, pp 1–5
Wang J, Han K, Alexandridis A, Zilic Z, Pang Y, Wu W, Din S, Jeon G (2018) A novel security scheme for body area networks compatible with smart vehicles. Comput Netw 143:74–81
Wazid M, Das AK, Kumar N, Conti M, Vasilakos AV (2018) A novel authentication and key agreement scheme for implantable medical devices deployment. IEEE J Biomed Health Inf 4:22
Wei J, Hu X, Liu W (2012) An improved authentication scheme for telecare medicine information systems. J Med Syst 36(6):3597–3604
Wen F (2014) A more secure anonymous user authentication scheme for the integrated epr information system. J Med Syst 38(5):42
Wen F, Guo D (2014) An improved anonymous authentication scheme for telecare medical information systems. J Med Syst 38(5):26
William S (1999) Cryptography and network security: principles and practice. Prentice-Hall, Inc, 23-50
Wu F, Xu L (2013) Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J Med Syst 37(4):9958
Wu ZY, Chung Y, Lai F, Chen TS (2012) A password-based user authentication scheme for the integrated epr information system. J Med Syst 36(2):631–638
Wu ZY, Lee YC, Lai F, Lee HC, Chung Y (2012) A secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1529–1535
Xie Q, Zhang J, Dong N (2013) Robust anonymous authentication scheme for telecare medical information systems. J Med Syst 37(2):9911
Zhang L (2008) Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons & Fractals 37(3):669–674
Zhu Z (2012) An efficient authentication scheme for telecare medicine information systems. J Med Syst 36(6):3833–3838
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Madhusudhan, R., Nayak, C.S. A robust authentication scheme for telecare medical information systems. Multimed Tools Appl 78, 15255–15273 (2019). https://doi.org/10.1007/s11042-018-6884-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-018-6884-6