Journal of Medical Systems

, Volume 36, Issue 4, pp 2609–2619 | Cite as

Strong Authentication Scheme for Telecare Medicine Information Systems

  • Qiong PuEmail author
  • Jian Wang
  • Rongyong Zhao
Original Paper


The telecare medicine information system enables or supports health-care delivery services. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. In this paper, we propose a generic construction of smart-card-based password authentication protocol and prove its security. The proposed framework is superior to previous schemes in three following aspects : (1) our scheme is a true two-factor authentication scheme. (2) our scheme can yield a forward secure two-factor authentication scheme with user anonymity when appropriately instantiated. (3) our scheme utilizes each user’s unique identity to accomplish the user authentication and does not need to store or verify others’s certificates. And yet, our scheme is still reasonably efficient and can yield such a concrete scheme that is even more efficient than previous schemes. Therefore the end result is more practical for the telecare medicine system.


Telecare medicine information system Mutual authentication Key agreement Anonymity Mobile device 


  1. 1.
    Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee H.-C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2010. doi: 10.1007/s10916-010-9614-9.Google Scholar
  2. 2.
    Hankerson, D., Menezes, A., Vanstone S. guide to elliptic curve cryptography. Springer-Verlag, New York, USA, 2004.Google Scholar
  3. 3.
    Koblitz, N., Elliptic curve cryptosystem. Mathematics of Computation, 48:203–209, 1987.MathSciNetzbMATHCrossRefGoogle Scholar
  4. 4.
    Juang, W.-S., Wu, J.-L., An efficient two-factor authenticated key exchange protocol based on elliptic curve cryptosystems. In Proc. of The 11th information management and implementation conference (IMI’05), pp. 299–306, 2005.Google Scholar
  5. 5.
    Lee, N.-Y., Wu, C.-N., Wang, C.-C., Authenticated multiple key exchange protocols based on elliptic curves and bilinear pairings. Computers & Electrical Engineering, 34(1):12–20, 2008.zbMATHCrossRefGoogle Scholar
  6. 6.
    Schroeppel, R., Orman, H., OMalley, S., Spatscheck, O., Fast key exchange with elliptic curve systems. In Proc. of Advances in Cryptology, CRYPTO’95, pp. 43–56, 1995.Google Scholar
  7. 7.
    Yang, J.-H., Chang, C.-C., An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers and Security, 28:138–143, 2009.CrossRefGoogle Scholar
  8. 8.
    He, D., Chen, J., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2010. doi: 10.1007/s10916-011-9658-5.Google Scholar
  9. 9.
    He, D., Chen, J., Hu, J., An ID-based client authentication with key agreement protocol for mobile clientCserver environment on ECC with provable security. Informat. Fusion, 2011. doi: 10.1016/j.infus.2011.01.001.Google Scholar
  10. 10.
    Wang, R.-C., Juang, W.-S., Lei, C.-L., Provably secure and efficient identification and key agreement protocol with user anonymity. Journal of Computer and System Sciences, 2010. doi: 10.1016/j.jcss.2010.07.004.Google Scholar
  11. 11.
    Lee, W.-B., Chang, C.-C., User identification and key distribution maintaining anonymity for distributed computer network. Comput. Syst. Sci. Engrg., 15 (4):113–116, 2000.MathSciNetGoogle Scholar
  12. 12.
    Wu,T.-S., Hsu, C.-L., Efficient user identification protocol with key distribution preserving anonymity for distributed computer networks. Computers & Security, 23(2):120–125, 2004.CrossRefGoogle Scholar
  13. 13.
    Yang, Y., Wang, S., Bao, F., Wang, J., Deng, D.H., New efficient user identification and key distribution protocol providing enhanced security. Computers & Security, 23 (8):697–704, 2005.CrossRefGoogle Scholar
  14. 14.
    Mangipudi, K., Katti, R., A secure identification and key agreement protocol with user anonymity (SIKA). Computers & Security, 25(6):420–425, 2006.CrossRefGoogle Scholar
  15. 15.
    Yang, G., Wonga, D.S., Wang H., Deng X., Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74(7):1160–1172, 2008.MathSciNetzbMATHCrossRefGoogle Scholar
  16. 16.
    Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In Proceedings of advances in cryptology (CRYPTO 1999), 388–397, 1999.Google Scholar
  17. 17.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart card security under the threat of power analysis attacks. IEEE Trans. on Computers, 51(5):541–552, 2002.MathSciNetCrossRefGoogle Scholar
  18. 18.
    Quisquater, J.-J., Side channel attacks—State-of-the-art. Technical report. Available at:
  19. 19.
    Bresson, E., Chevassut, O., Pointcheval, D., Security proofs for an efficient password-based key exchange. In Proc. of ACM CCS’03, pp. 241–250, ACM Press, Oct. 2003.Google Scholar
  20. 20.
    Bresson, E., Chevassut, O., Pointcheval, D., New security results on encrypted key exchange. In Proc. of PKC 2004, LNCS 2947, pp. 145–158, Springer-Verlag, Mar. 2004.Google Scholar
  21. 21.
    Wu, S.H., Zhu, Y.F., Practical encrypted key agreement using passwords. Wuhun University Journal of Natural Sciences, 11(6):1625–1628, Nov. 2006MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Abdalla, M., and Pointcheval, D., Simple Password-Based Encrypted Key Exchange Protocols. In Proc. of CT-RSA’2005, LNCS 3376, pp. 191–208, Springer-Verlag.Google Scholar
  23. 23.
    Abdalla, M., Chevassut, O., and Pointcheval, D., One-time verifier-based encrypted key exchange. In Proc. of the 8th international workshop on theory and practice in public key (PKC ’05), LNCS 3386, pp. 47–64. Springer-Verlag, 2005.Google Scholar
  24. 24.
    Advanced Encryption Standard,
  25. 25.
    Wu, S.H., and Zhu, Y.F., Proof of Forward Security for Password-Based Authenticated Key Exchange. International Journal of Network Security, 7(3):335–341, Nov. 2008Google Scholar
  26. 26.
    Wong, D.S., Fuentes, H.H., Chan, A.H., The performance measurement of cryptographic primitives on palm devices. In Proc. of the 17th annual computer security applications conference (ACSAC 2001), pp. 92–101, 2001.Google Scholar
  27. 27.
    Argyroudis, P.G., Verma, R.,Tewari, H., OMahony, D., Performance analysis of cryptographic protocols on handheld devices. In Proc. of the 3rd IEEE international symposium on network computing and applications (NCA 2004), pp. 169–174, 2004.Google Scholar
  28. 28.
    Passing, M., Dressler, F., Experimental performance evaluation of cryptographic algorithms. In Proc. of the 3rd IEEE international conference on mobile adhoc and sensor systems (MASS), pp. 882–887, 2006.Google Scholar
  29. 29.
    Passing, M., Dressler, F., Practical evaluation of the performance impact of security mechanisms in sensor networks. In Proc. of the 31st IEEE conference on local computer networks, pp. 623–629, 2006.Google Scholar
  30. 30.
    Doomun, M.R., Soyjaudah, K.S.,Bundhoo, D., Energy consumption and computational analysis of Rijndael-AES. In Proc. of the third IEEE international conference in central asia on internet the next generation of mobile, wireless and optical communications Networks (ICI 2007), pp. 1–6, 2007.Google Scholar
  31. 31.
    Potlapally, N.R., Ravi, S., Raghunathan, A., Jha, N.K., A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing, 5(2):128–143, 2006.CrossRefGoogle Scholar
  32. 32.
    Choo, K.-K. R., Boyd, C., and Hitchcock, Y., The importance of proofs of security for key establishment protocols: formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, & Yeh-Sun Protocols. Computer Communications, 29:2788–2797, 2006.CrossRefGoogle Scholar
  33. 33.
    Chung, H.-R., Ku. W.-C., Three weaknesses in a simple three-party key exchange protocol. Information Science, 178:220–229, 2008.MathSciNetzbMATHCrossRefGoogle Scholar
  34. 34.
    Guo, H., Li, Z., Mu, Y., Zhang, X., Cryptanalysis of simple three-party key exchange protocol. Computers and Security, 27:16–21, 2008.CrossRefGoogle Scholar
  35. 35.
    Phan, R. C. -W., Yau, W.-C.,Goi, B.-M., Cryptanalysis of simple three-party key exchange protocol (S-3PAKE). Information Science, 178: 2849–2856, 2008.MathSciNetzbMATHCrossRefGoogle Scholar
  36. 36.
    Kim, H.-S., Choi, J.-Y., Enhanced password-based simple three-party key exchange protocol. Computers and Electrical Engineering, 35:107–114, 2009.zbMATHCrossRefGoogle Scholar
  37. 37.
    Nam, J., Infringing and improving password security of a three-party key exchange protocol. Available at
  38. 38.
    Bellare, M., and Rogaway, P., Provably secure session key distribution — the three party case. In Proc. of 28th annual ACM symposium on theory of computing, pp. 57–66, ACM Press, 1996.Google Scholar
  39. 39.
    Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P., Universally composable password-based key exchange. In Proc. of EUROCRYPT 2005, LNCS 3494, pp. 404–421. Available at

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  1. 1.CIMS Research CenterTongji UniversityShanghaiChina
  2. 2.State Key Laboratory of Information SecurityGraduate University of Chinese Academy of SciencesBeijingChina
  3. 3.Department of Electronics, Science InstituteInformation Engineering UniversityZhengzhouChina

Personalised recommendations