Skip to main content
SpringerLink
Log in

Security Analysis and Enhancement of the Most Recent RFID Authentication Protocol for Telecare Medicine Information System

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Radio frequency identification (RFID) technology has been used in a wide variety of applications, more recently as a leading identification technology in healthcare environments. In the most recent years, this technology is adopted for telecare medicine information system (TMIS) for authentication, safety, security, data confidentiality and patient’s privacy protection over public networks. TMIS is the bridge between patients at home and doctors at healthcare organizations that permits to confirm the correctness of exchanged information between different actors of the system. Recently, several RFID authentication schemes have been presented and suggested for the TMIS in the literature. These schemes try to resolve the security and privacy problems over insecure healthcare networks environments by exploiting different cryptographic primitive’s solutions. In this paper, we analyze in depth the security of the most recent proposed protocol for TMIS in the literature and find out its main vulnerabilities. The proposed attacks are possible due to some weaknesses related to the misuse of the timestamp technique, the calculation of the reader request and tag response messages using the one-way hash function, which are not attentively scrutinized. Furthermore, we propose an efficient and robust improved mobile authentication protocol with high efficiency and security for TMIS. The performance analysis shows that our improved protocol could solve security weaknesses of the studied protocol and provide mobility, efficiency and is well-suited to adoption for TMIS.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Shoniregun, C. A., Dube, K., & Mtenzi, F. (2010). Electronic healthcare information security. Berlin: Springer.

    Book  Google Scholar 

  2. Niu, B., Zhu, X., Chi, H., & Li, H. (2014). Privacy and authentication protocol for mobile RFID systems. Wireless Personal Communications, 77(3), 1713–1731.

    Article  Google Scholar 

  3. Hembroff, G., & Cai, Y. (2008). Secure authentication and authorization design for rural-based healthcare institutions. Security and Communication Networks, 5(1), 407–415.

    Article  Google Scholar 

  4. Peris-Lopez, P., Orfila, A., Mitrokotsa, A., & Van der Lubbe, J. C. A. (2011). A comprehensive RFID solution to enhance inpatient medication safety. International Journal of Medical Informatics, 80(1), 13–24.

    Article  Google Scholar 

  5. Yen, Y.-C., Lo, N.-W., & Wu, T.-C. (2012). Two RFID-based solutions for secure inpatient medication administration. Journal of Medical Systems, 36(5), 2769–2778.

    Article  Google Scholar 

  6. Chou, J.-S. (2014). An efficient mutual authentication RFID scheme based on elliptic curve cryptography. The Journal of Supercomputing, 70(1), 75–94.

    Article  MathSciNet  Google Scholar 

  7. Khan, M. K., & Kumari, S. (2014). Cryptanalysis and improvement of an efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. Security and Communication Networks, 7(2), 399–408.

    Article  Google Scholar 

  8. Li, C.-T., Weng, C.-Y., & Lee, C.-C. (2015). A secure RFID tag authentication protocol with privacy preserving in telecare medicine information system. Journal of Medical Systems, 39(8), 1–8.

    Article  Google Scholar 

  9. Wang, S., Liu, S., & Chen, D. (2015). Security analysis and improvement on two RFID authentication protocols. Wireless Personal Communication, 82, 21–33. doi:10.1007/s11277-014-2189-x.

    Article  Google Scholar 

  10. Khor, J. H., Ismail, W., Younis, M. I., Sulaiman, M. K., & Rahman, Mohammad Ghulam. (2011). Security problems in an RFID system. Wireless Personal Communications, 59(1), 17–26.

    Article  Google Scholar 

  11. Wang, S., Liu, S., & Chen, D. (2014). Security analysis and improvement on two RFID authentication protocols. Wireless Personal Communications, 82(1), 21–33.

    Article  Google Scholar 

  12. Alavi, S. M., Baghery, K., Abdolmaleki, B., & Aref, M. R. (2015). Traceability analysis of recent RFID authentication protocols. Wireless Personal Communications, 83(3), 1663–1682.

  13. Sun, P. R., Wang, B. H., & Wu, F. (2008). A new method to guard inpatient medication safety by the implementation of RFID. Journal of Medical Systems, 32(4), 327–332.

    Article  Google Scholar 

  14. Lo, N.-W., Yeh, K.-H., et al. (2010). Anonymous coexistence proofs for RFID tags. Journal of Information Science and Engineering, 26(4), 1213–1230.

    Google Scholar 

  15. Huang, H.-H., & Ku, C.-Y. (2009). A RFID grouping proof protocol for medication safety of inpatient. Journal of Medical Systems, 33(6), 467–474.

    Article  Google Scholar 

  16. Chien, H.-Y., Yang, C.-C., Wu, T.-C., & Lee, C.-F. (2011). Two RFID-based solutions to enhance inpatient medication safety. Journal of Medical Systems, 35(3), 369–375.

    Article  Google Scholar 

  17. Safkhani, M., Bagheri, N., & Naderi, M. (2014). A note on the security of IS-RFID, an inpatient medication safety. International Journal of Medical Informatics, 83(1), 82–85.

    Article  Google Scholar 

  18. Chen, Y.-Y., Huang, D.-C., Tsai, M.-L., & Jan, J.-K. (2012). A design of tamper resistant prescription RFID access control system. Journal of Medical Systems, 36(5), 2795–2801.

    Article  Google Scholar 

  19. Safkhani, M., Bagheri, N., & Naderi, M. (2012). On the designing of a tamper resistant prescription RFID access control system. Journal of Medical Systems, 36(5), 3995–4004.

    Article  Google Scholar 

  20. Wu, Z.-Y., Chen, L., & Wu, J.-C. (2013). A reliable RFID mutual authentication scheme for healthcare environments. Journal of Medical Systems, 37(2), 1–9.

    Article  Google Scholar 

  21. Picazo-Sanchez, P., Bagheri, N., Peris-Lopez, P., & Tapiador, J. E. (2013). Two RFID standard-based security protocols for healthcare environments. Journal of Medical Systems, 37(5), 1–12.

    Article  Google Scholar 

  22. Bruen, A. A., & Forcinito, M. A. (2005). Classical ciphers and their cryptanalysis, cryptography, information theory, and error-correction: A handbook for the 21st century. London: Wiley.

    MATH  Google Scholar 

  23. Srivastava, K., Awasthi, A. K., Kaul, S. D., & Mittal, R. C. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems, 39(1), 1–5.

    Article  Google Scholar 

  24. Cho, J.-S., Yeo, S.-S., & Kim, S. K. (2011). Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Computer Communications, 34(3), 391–397.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Communication System Laboratory, Ecole Militaire Polytechnique, BP 17, 16111, Bordj El Bahri, Algiers, Algeria

    Mustapha Benssalah & Mustapha Djeddou

  2. LPTM, Cergy Pontoise University, 2, av. Adolphe Chauvin, BP 222, 95302, Cergy-Pontoise Cedex, France

    Karim Drouiche

Authors
  1. Mustapha Benssalah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mustapha Djeddou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Karim Drouiche
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mustapha Benssalah.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Benssalah, M., Djeddou, M. & Drouiche, K. Security Analysis and Enhancement of the Most Recent RFID Authentication Protocol for Telecare Medicine Information System. Wireless Pers Commun 96, 6221–6238 (2017). https://doi.org/10.1007/s11277-017-4474-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-017-4474-y

Keywords

Search

Navigation