Advertisement

Journal of Medical Systems

, 38:91 | Cite as

Improvement of a Uniqueness-and-Anonymity-Preserving User Authentication Scheme for Connected Health Care

  • Qi Xie
  • Wenhao Liu
  • Shengbao Wang
  • Lidong Han
  • Bin Hu
  • Ting Wu
Mobile Systems
Part of the following topical collections:
  1. Mobile Systems

Abstract

Patient’s privacy-preserving, security and mutual authentication between patient and the medical server are the important mechanism in connected health care applications, such as telecare medical information systems and personally controlled health records systems. In 2013, Wen showed that Das et al.’s scheme is vulnerable to the replay attack, user impersonation attacks and off-line guessing attacks, and then proposed an improved scheme using biometrics, password and smart card to overcome these weaknesses. However, we show that Wen’s scheme is still vulnerable to off-line password guessing attacks, does not provide user’s anonymity and perfect forward secrecy. Further, we propose an improved scheme to fix these weaknesses, and use the applied pi calculus based formal verification tool ProVerif to prove the security and authentication.

Keywords

Connected health care Authentication Anonymity Biometrics Smart card 

Notes

Acknowledgments

This research was supported by the Major State Basic Research Development (973) Program of China (No. 2013CB834205), the National Natural Science Foundation of China (No. 61070153, 61103209), and Natural Science Foundation of Zhejiang Province (No. LZ12F02005, LY12F02006).

References

  1. 1.
    Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.CrossRefGoogle Scholar
  2. 2.
    Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.CrossRefGoogle Scholar
  3. 3.
    Wu, Z. Y., Chung, Y., Lai, F., and Chen, T. S., Password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36:631–638, 2012.CrossRefGoogle Scholar
  4. 4.
    Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36:1529–1535, 2012.CrossRefGoogle Scholar
  5. 5.
    He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36:1989–1995, 2012.CrossRefGoogle Scholar
  6. 6.
    Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.CrossRefGoogle Scholar
  7. 7.
    Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.CrossRefGoogle Scholar
  8. 8.
    Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004. 508.CrossRefGoogle Scholar
  9. 9.
    Awashti, A. K., Comment on a dynamic ID-based remote user authentication scheme. Trans. Cryptol. 1:15–16, 2014.Google Scholar
  10. 10.
    Ku, W. C., and Chang, S. T., Impersonation attack on a dynamic ID-based remote user authentication scheme using smart cards. IEICE Trans. Commun. E88-B:2165–2167, 2005.CrossRefGoogle Scholar
  11. 11.
    Wang, Y. Y., Kiu, J. Y., Xiao, F. X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32:583–585, 2009.CrossRefGoogle Scholar
  12. 12.
    Khan, M. K., Kim, S. K., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.CrossRefGoogle Scholar
  13. 13.
    Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.CrossRefGoogle Scholar
  14. 14.
    Xie, Q., Zhang, J., and Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–8, 2013.CrossRefGoogle Scholar
  15. 15.
    Wen, F., and Guo, D., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38:26, 2014.CrossRefGoogle Scholar
  16. 16.
    Wen, F., A more secure anonymous user authentication scheme for the integrated EPR information system. J. Med. Syst. 38:42, 2014.CrossRefGoogle Scholar
  17. 17.
    Awasthi, A. K., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):1–4, 2013.CrossRefGoogle Scholar
  18. 18.
    Awasthi, A. K., and Goswami, A., An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function. J. Med. Syst. 38:27, 2014.CrossRefGoogle Scholar
  19. 19.
    Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., and Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38:41, 2014.CrossRefGoogle Scholar
  20. 20.
    Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., and Khan, M. K., Cryptanalysis and improvement of Yan et al’.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38:24, 2014.CrossRefGoogle Scholar
  21. 21.
    Yan, X., Li, W., Li, P., Wang, J., Hao, X., and Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37:5, 2013.CrossRefzbMATHGoogle Scholar
  22. 22.
    Chang, Y. F., Yu, S. H., and Shiao, D. R., An uniqueness-and anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.CrossRefGoogle Scholar
  23. 23.
    Das, A. K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9948, 2013.CrossRefGoogle Scholar
  24. 24.
    Kim, K., and Lee, J., On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 38:17, 2014.CrossRefGoogle Scholar
  25. 25.
    Wen, F., A robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9980, 2013.CrossRefGoogle Scholar
  26. 26.
    Tsai, J., Lo, N., and Wu, T., Novel anonymous authentication scheme using smart cards. IEEE Trans. Ind. Electron. 9(4):2004–2013, 2013.CrossRefGoogle Scholar
  27. 27.
    Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38:16, 2014.CrossRefGoogle Scholar
  28. 28.
    Abadi, M., Blanchet, B., and Lundh, H. C., Models and Proofs of Protocol Security: A Progress Report. 21st International Conference on Computer Aided Verification, Grenoble, France, pp. 35–49, 2009.Google Scholar
  29. 29.
    Abadi, M., and Fournet, C., Mobile Values, New Names, and Secure Communication. Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM New York, pp. 104–115, 2001.Google Scholar
  30. 30.
    Li, C. T., Hwang, M. S., and Chu, Y. P., A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Comput. Commun. 31:2803–2814, 2008.CrossRefGoogle Scholar
  31. 31.
    Li, W., Wen, Q., Su, Q., and Jin, Z., An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network. Comput. Commun. 35:188–195, 2012.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Qi Xie
    • 1
  • Wenhao Liu
    • 1
  • Shengbao Wang
    • 1
  • Lidong Han
    • 1
  • Bin Hu
    • 1
  • Ting Wu
    • 2
  1. 1.Hangzhou Key Laboratory of Cryptography and Network SecurityHangzhou Normal UniversityHangzhouChina
  2. 2.School of Computer ScienceHangzhou Dianzi UniversityHangzhouChina

Personalised recommendations