Abstract
To ensure only authorized access to medical services, several authentication schemes for telecare medicine information systems (TMIS) have been proposed in the literature. Due to its better performance than traditional cryptography, Hao et al. proposed an authentication scheme for TMIS using chaotic map based cryptography. They claimed that their scheme could resist various attacks, including the smart card stolen attack. However, we identify that their scheme is vulnerable to the stolen smart card attack. The reason causing the stolen smart card attack is that the scheme is designed based on the assumption that the scheme itself achieves user untraceability. Then, we propose a robust authentication and key agreement scheme. Compared with the previous schemes, our scheme not only enjoys more security features, but also has better efficiency. Our analysis indicates that designing a two-factor authentication scheme based on the assumption that privacy protection is achieved in the scheme itself may pose potential security risks. The lesson learned is that, we should avoid this situation in the future design of two-factor authentication schemes.
Similar content being viewed by others
References
Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.
Jiang, Q., Ma, J., Ma, Z., and Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-012-9897-0.
Kumari, S., Khan, M. K., and Kumar, R., Cryptanalysis and improvement of ‘A privacy enhanced scheme for telecare medical information systems’. J. Med. Syst. 37(4):9952, 2013.
Lin, H. Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-013-9929-4.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012. doi:10.1007/s10916-010-9614-9.
He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012. doi:10.1007/s10916-011-9658-5.
Pu, Q., Wang, J., and Zhao, R., Strong authentication scheme for telecare medicine information systems. J. Med. Syst. 36(4):2609–2619, 2012. doi:10.1007/s10916-011-9735-9.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012. doi:10.1007/s10916-012-9835-1.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012. doi:10.1007/s10916-012-9856-9.
Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.07/s10916-012-9912-5.
Xie, Q., Zhang, J., and Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-012-9911-6.
Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3):9933, 2013.
Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):9969, 2013. doi:10.1007/s10916-013-9969-9.
Ma, C., Wang, D., and Zhao, S., Security flaws in two improved remote user authentication schemes using smart cards. Int. J. Commun. Syst. 2012. doi:10.1002/dac.2468.
Tseng, H., Jan, R., and Yang, W., A chaotic maps-based key agreement protocol that preserves user anonymity. IEEE Int. Conf. Commun. (ICC09), 2009; p. 1–6.
Wang, X., and Zhao, J., An improved key agreement protocol based on chaos. Commun. Nonlinear Sci. Numer. Simul. 15:4052–4057, 2010.
Niu, Y., and Wang, X., An anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 16(4):1986–1992, 2011.
Xue, K., and Hong, P., Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 2011. doi:10.1016/j.cnsns.2011.11.025.
Guo, C., and Chang, C., Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 2012. doi:10.1016/j.cnsns.2012.09.032.
Hao, X., Wang, J., Yang, Q., Yan, X., and Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):9919, 2013. doi:10.1007/s10916-012-9919-y.
Bergamo, P., Arco, P., Santis, A., and Kocarev, L., Security of public key cryptosystems based on Chebyshev polynomials. IEEE. Trans. Circ. Syst. I 52:1382–1393, 2005.
Zhang, L., Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos. Soliton. Fract. 37(3):669–674, 2008.
He, D., Wang, D., and Wu, S., Cryptanalysis and improvement of a password-based remote user authentication scheme without smart cards. Inf. Technol. Control 42(2):105–112, 2013.
Jiang, Q., Ma, J., Li, G., et al., An improved password-based remote user authentication Pprotocol without smart cards. Inf. Technol. Control 42(2):113–123, 2013.
Arkko, J., Nikander, P., and Näslund, M., Enhancing privacy with shared pseudo random sequences. Security Protocols. Springer Berlin, Heidelberg, pp. 187–196, 2007.
Acknowledgments
This work is supported by Supported by Program for Changjiang Scholars and Innovative Research Team in University (Program No. IRT1078), Major national S&T program (2011ZX03005-002), National Natural Science Foundation of China (Program No. U1135002, 61173135, 61202389), Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2012JQ8043), Fundamental Research Funds for the Central Universities. The authors would like to thank the anonymous reviewers and the editor for their constructive comments that have helped us to improve this paper.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jiang, Q., Ma, J., Lu, X. et al. Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems. J Med Syst 38, 12 (2014). https://doi.org/10.1007/s10916-014-0012-6
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-014-0012-6