Improvement of a Uniqueness-and-Anonymity-Preserving User Authentication Scheme for Connected Health Care
Patient’s privacy-preserving, security and mutual authentication between patient and the medical server are the important mechanism in connected health care applications, such as telecare medical information systems and personally controlled health records systems. In 2013, Wen showed that Das et al.’s scheme is vulnerable to the replay attack, user impersonation attacks and off-line guessing attacks, and then proposed an improved scheme using biometrics, password and smart card to overcome these weaknesses. However, we show that Wen’s scheme is still vulnerable to off-line password guessing attacks, does not provide user’s anonymity and perfect forward secrecy. Further, we propose an improved scheme to fix these weaknesses, and use the applied pi calculus based formal verification tool ProVerif to prove the security and authentication.
KeywordsConnected health care Authentication Anonymity Biometrics Smart card
This research was supported by the Major State Basic Research Development (973) Program of China (No. 2013CB834205), the National Natural Science Foundation of China (No. 61070153, 61103209), and Natural Science Foundation of Zhejiang Province (No. LZ12F02005, LY12F02006).
- 9.Awashti, A. K., Comment on a dynamic ID-based remote user authentication scheme. Trans. Cryptol. 1:15–16, 2014.Google Scholar
- 28.Abadi, M., Blanchet, B., and Lundh, H. C., Models and Proofs of Protocol Security: A Progress Report. 21st International Conference on Computer Aided Verification, Grenoble, France, pp. 35–49, 2009.Google Scholar
- 29.Abadi, M., and Fournet, C., Mobile Values, New Names, and Secure Communication. Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM New York, pp. 104–115, 2001.Google Scholar