Abstract
Radio frequency identification (RFID) technology has been used in a wide variety of applications, more recently as a leading identification technology in healthcare environments. In the most recent years, this technology is adopted for telecare medicine information system (TMIS) for authentication, safety, security, data confidentiality and patient’s privacy protection over public networks. TMIS is the bridge between patients at home and doctors at healthcare organizations that permits to confirm the correctness of exchanged information between different actors of the system. Recently, several RFID authentication schemes have been presented and suggested for the TMIS in the literature. These schemes try to resolve the security and privacy problems over insecure healthcare networks environments by exploiting different cryptographic primitive’s solutions. In this paper, we analyze in depth the security of the most recent proposed protocol for TMIS in the literature and find out its main vulnerabilities. The proposed attacks are possible due to some weaknesses related to the misuse of the timestamp technique, the calculation of the reader request and tag response messages using the one-way hash function, which are not attentively scrutinized. Furthermore, we propose an efficient and robust improved mobile authentication protocol with high efficiency and security for TMIS. The performance analysis shows that our improved protocol could solve security weaknesses of the studied protocol and provide mobility, efficiency and is well-suited to adoption for TMIS.
Similar content being viewed by others
References
Shoniregun, C. A., Dube, K., & Mtenzi, F. (2010). Electronic healthcare information security. Berlin: Springer.
Niu, B., Zhu, X., Chi, H., & Li, H. (2014). Privacy and authentication protocol for mobile RFID systems. Wireless Personal Communications, 77(3), 1713–1731.
Hembroff, G., & Cai, Y. (2008). Secure authentication and authorization design for rural-based healthcare institutions. Security and Communication Networks, 5(1), 407–415.
Peris-Lopez, P., Orfila, A., Mitrokotsa, A., & Van der Lubbe, J. C. A. (2011). A comprehensive RFID solution to enhance inpatient medication safety. International Journal of Medical Informatics, 80(1), 13–24.
Yen, Y.-C., Lo, N.-W., & Wu, T.-C. (2012). Two RFID-based solutions for secure inpatient medication administration. Journal of Medical Systems, 36(5), 2769–2778.
Chou, J.-S. (2014). An efficient mutual authentication RFID scheme based on elliptic curve cryptography. The Journal of Supercomputing, 70(1), 75–94.
Khan, M. K., & Kumari, S. (2014). Cryptanalysis and improvement of an efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. Security and Communication Networks, 7(2), 399–408.
Li, C.-T., Weng, C.-Y., & Lee, C.-C. (2015). A secure RFID tag authentication protocol with privacy preserving in telecare medicine information system. Journal of Medical Systems, 39(8), 1–8.
Wang, S., Liu, S., & Chen, D. (2015). Security analysis and improvement on two RFID authentication protocols. Wireless Personal Communication, 82, 21–33. doi:10.1007/s11277-014-2189-x.
Khor, J. H., Ismail, W., Younis, M. I., Sulaiman, M. K., & Rahman, Mohammad Ghulam. (2011). Security problems in an RFID system. Wireless Personal Communications, 59(1), 17–26.
Wang, S., Liu, S., & Chen, D. (2014). Security analysis and improvement on two RFID authentication protocols. Wireless Personal Communications, 82(1), 21–33.
Alavi, S. M., Baghery, K., Abdolmaleki, B., & Aref, M. R. (2015). Traceability analysis of recent RFID authentication protocols. Wireless Personal Communications, 83(3), 1663–1682.
Sun, P. R., Wang, B. H., & Wu, F. (2008). A new method to guard inpatient medication safety by the implementation of RFID. Journal of Medical Systems, 32(4), 327–332.
Lo, N.-W., Yeh, K.-H., et al. (2010). Anonymous coexistence proofs for RFID tags. Journal of Information Science and Engineering, 26(4), 1213–1230.
Huang, H.-H., & Ku, C.-Y. (2009). A RFID grouping proof protocol for medication safety of inpatient. Journal of Medical Systems, 33(6), 467–474.
Chien, H.-Y., Yang, C.-C., Wu, T.-C., & Lee, C.-F. (2011). Two RFID-based solutions to enhance inpatient medication safety. Journal of Medical Systems, 35(3), 369–375.
Safkhani, M., Bagheri, N., & Naderi, M. (2014). A note on the security of IS-RFID, an inpatient medication safety. International Journal of Medical Informatics, 83(1), 82–85.
Chen, Y.-Y., Huang, D.-C., Tsai, M.-L., & Jan, J.-K. (2012). A design of tamper resistant prescription RFID access control system. Journal of Medical Systems, 36(5), 2795–2801.
Safkhani, M., Bagheri, N., & Naderi, M. (2012). On the designing of a tamper resistant prescription RFID access control system. Journal of Medical Systems, 36(5), 3995–4004.
Wu, Z.-Y., Chen, L., & Wu, J.-C. (2013). A reliable RFID mutual authentication scheme for healthcare environments. Journal of Medical Systems, 37(2), 1–9.
Picazo-Sanchez, P., Bagheri, N., Peris-Lopez, P., & Tapiador, J. E. (2013). Two RFID standard-based security protocols for healthcare environments. Journal of Medical Systems, 37(5), 1–12.
Bruen, A. A., & Forcinito, M. A. (2005). Classical ciphers and their cryptanalysis, cryptography, information theory, and error-correction: A handbook for the 21st century. London: Wiley.
Srivastava, K., Awasthi, A. K., Kaul, S. D., & Mittal, R. C. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems, 39(1), 1–5.
Cho, J.-S., Yeo, S.-S., & Kim, S. K. (2011). Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Computer Communications, 34(3), 391–397.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Benssalah, M., Djeddou, M. & Drouiche, K. Security Analysis and Enhancement of the Most Recent RFID Authentication Protocol for Telecare Medicine Information System. Wireless Pers Commun 96, 6221–6238 (2017). https://doi.org/10.1007/s11277-017-4474-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-017-4474-y