Strong Authentication Scheme for Telecare Medicine Information Systems
- 351 Downloads
The telecare medicine information system enables or supports health-care delivery services. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. In this paper, we propose a generic construction of smart-card-based password authentication protocol and prove its security. The proposed framework is superior to previous schemes in three following aspects : (1) our scheme is a true two-factor authentication scheme. (2) our scheme can yield a forward secure two-factor authentication scheme with user anonymity when appropriately instantiated. (3) our scheme utilizes each user’s unique identity to accomplish the user authentication and does not need to store or verify others’s certificates. And yet, our scheme is still reasonably efficient and can yield such a concrete scheme that is even more efficient than previous schemes. Therefore the end result is more practical for the telecare medicine system.
KeywordsTelecare medicine information system Mutual authentication Key agreement Anonymity Mobile device
- 2.Hankerson, D., Menezes, A., Vanstone S. guide to elliptic curve cryptography. Springer-Verlag, New York, USA, 2004.Google Scholar
- 4.Juang, W.-S., Wu, J.-L., An efficient two-factor authenticated key exchange protocol based on elliptic curve cryptosystems. In Proc. of The 11th information management and implementation conference (IMI’05), pp. 299–306, 2005.Google Scholar
- 6.Schroeppel, R., Orman, H., OMalley, S., Spatscheck, O., Fast key exchange with elliptic curve systems. In Proc. of Advances in Cryptology, CRYPTO’95, pp. 43–56, 1995.Google Scholar
- 16.Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In Proceedings of advances in cryptology (CRYPTO 1999), 388–397, 1999.Google Scholar
- 18.Quisquater, J.-J., Side channel attacks—State-of-the-art. Technical report. Available at: http://www.ipa.go.jp/security/enc/CRYPTREC/fy15/doc/1047_Side_Channel_report.pdf.
- 19.Bresson, E., Chevassut, O., Pointcheval, D., Security proofs for an efficient password-based key exchange. In Proc. of ACM CCS’03, pp. 241–250, ACM Press, Oct. 2003.Google Scholar
- 20.Bresson, E., Chevassut, O., Pointcheval, D., New security results on encrypted key exchange. In Proc. of PKC 2004, LNCS 2947, pp. 145–158, Springer-Verlag, Mar. 2004.Google Scholar
- 22.Abdalla, M., and Pointcheval, D., Simple Password-Based Encrypted Key Exchange Protocols. In Proc. of CT-RSA’2005, LNCS 3376, pp. 191–208, Springer-Verlag.Google Scholar
- 23.Abdalla, M., Chevassut, O., and Pointcheval, D., One-time verifier-based encrypted key exchange. In Proc. of the 8th international workshop on theory and practice in public key (PKC ’05), LNCS 3386, pp. 47–64. Springer-Verlag, 2005.Google Scholar
- 24.Advanced Encryption Standard, http://www.csrc.nist.gov/archieve/aes/.
- 25.Wu, S.H., and Zhu, Y.F., Proof of Forward Security for Password-Based Authenticated Key Exchange. International Journal of Network Security, 7(3):335–341, Nov. 2008Google Scholar
- 26.Wong, D.S., Fuentes, H.H., Chan, A.H., The performance measurement of cryptographic primitives on palm devices. In Proc. of the 17th annual computer security applications conference (ACSAC 2001), pp. 92–101, 2001.Google Scholar
- 27.Argyroudis, P.G., Verma, R.,Tewari, H., OMahony, D., Performance analysis of cryptographic protocols on handheld devices. In Proc. of the 3rd IEEE international symposium on network computing and applications (NCA 2004), pp. 169–174, 2004.Google Scholar
- 28.Passing, M., Dressler, F., Experimental performance evaluation of cryptographic algorithms. In Proc. of the 3rd IEEE international conference on mobile adhoc and sensor systems (MASS), pp. 882–887, 2006.Google Scholar
- 29.Passing, M., Dressler, F., Practical evaluation of the performance impact of security mechanisms in sensor networks. In Proc. of the 31st IEEE conference on local computer networks, pp. 623–629, 2006.Google Scholar
- 30.Doomun, M.R., Soyjaudah, K.S.,Bundhoo, D., Energy consumption and computational analysis of Rijndael-AES. In Proc. of the third IEEE international conference in central asia on internet the next generation of mobile, wireless and optical communications Networks (ICI 2007), pp. 1–6, 2007.Google Scholar
- 37.Nam, J., Infringing and improving password security of a three-party key exchange protocol. Available at http://eprint.iacr.org/2008/065/.
- 38.Bellare, M., and Rogaway, P., Provably secure session key distribution — the three party case. In Proc. of 28th annual ACM symposium on theory of computing, pp. 57–66, ACM Press, 1996.Google Scholar
- 39.Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P., Universally composable password-based key exchange. In Proc. of EUROCRYPT 2005, LNCS 3494, pp. 404–421. Available at http://eprint.iacr.org/2005/196.pdf.