ICASME: An Improved Cloud-Based Authentication Scheme for Medical Environment
- 250 Downloads
Unlike the traditional medical system, telecare medicine information system (TMIS) ensures that patients can get health-care services via the Internet at home. Authenticated key agreement protocol is very important for protecting the security in TMIS. Recently scholars have proposed a lot of authenticated key agreement protocols. In 2016, Chiou et al. demonstrated that Chen et al.’s authentication scheme fails to provide user’s anonymity and message authentication and then proposed an enhanced scheme (Chiou et al., J. Med. Syst. 40(4):1–15, 2006) to overcome these drawbacks. In this paper, we demonstrate that Chiou et al.’s scheme is defenseless against key compromise impersonation (KCI) attack and also fails to provide forward security. Moreover, we propose a novel authentication scheme namely ICASME to overcome the mentioned weaknesses in this paper. Security analyses show that ICASME achieves the forward security and KCI attack resistance. In addition, it is proved that the time taken to implement the ICASME is not intolerable compared to the original protocol.
KeywordsTelecare medicine information systems Authenticated key agreement protocol Forward security Key compromise impersonation
The authors express their deep appreciation to the helpful comments and suggestions of the anonymous reviewers, which have improved the presentation. This work was was funded by the National High Technology Research and Development Program (863 Program) (No. 2015AA016007 & No. 2015AA017203).
- 3.He, D., Zeadally, S., and Wu, L., Certificateless Public Auditing Scheme for Cloud-assisted Wireless Body Area Networks. IEEE Systems Journal. doi: 10.1109/JSYST.2015.2428620, 2015.
- 12.Tan, Z. W., An Efficient Biometric-based Authentication Scheme for Telecare Medicine Information Systems. Przeglad Elektrotechniczny 89(5):200–204, 2013.Google Scholar
- 19.He, D., Sherali, Z., Neeraj, K., Lee, J.: Anonymous Authentication for Wireless Body Area Networks with Provable Security. IEEE Systems Journal. doi: 10.1109/JSYST.2016.2544805, 2016.
- 20.Zhang, L., Zhu, S., and Tang, S., Privacy Protection for Telecare Medicine Information Systems using a Chaotic Map-based Three-factor Authenticated Key Agreement Scheme. IEEE Journal of Biomedical & Health Informatics. doi: 10.1109/JBHI.2016.2517146, 2016.
- 21.Colin, B., and Anish, M., Protocols for Authentication and Key Establishment. Springer (2003)Google Scholar
- 22.Menezes, A. J., Vanstone, S. A., and Oorschot, P.C.V., Handbook of Applied Cryptography. CRC Press, 1997.Google Scholar
- 23.Anderson, R., Two Remarks on Public-Key Cryptology. Proceedings of CCCS: Invited lecture, 1997.Google Scholar
- 24.Bellare, M., and Rogaway, P., Random Oracles are Practical: a Paradigm for Designing Efficient Protocols. In: Proceedings of the First ACM conference on Computer and communications security. 62–73, 1993.Google Scholar