Advertisement

On the Security of Three-factor Authentication Scheme for Telecare Medical Information Systems

  • Qi JiangEmail author
  • Bingyan Li
  • Jianfeng Ma
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 2)

Abstract.

Although a number of three-factor authentication schemes have been developed to ensure that sensitive medical information are only available to legal users in telecare medical information system, most of them are found to be flawed. Understanding security and privacy failures of authentication protocols is a prerequisite to both fixing existing protocols and designing future ones. In this paper, we analyze an enhanced three-factor authentication scheme of Lu et al., and reveal that it cannot achieve the claimed security and privacy goals. (1) It fails to provide anonymity and untraceability, and is susceptible to the following attacks targeting user privacy: identity revelation attack and tracking attack. (2) It is also susceptible to offline password guessing attack, user impersonation attack, and server impersonation attack.

Keywords

Smart Card Authentication Scheme Impersonation Attack Biometric Template Login Message 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., & Yen, D. C.: Design and Implementation of a Telecare Information Platform. J. Med. Syst. 36(3) (2012) 1629-1650Google Scholar
  2. 2.
    Li, H., Yang, Y., Luan, T., Liang, X., Zhou, L., Shen, X.: Enabling Fine-grained Multi-keyword Search Supporting Classified Sub-dictionaries over Encrypted Cloud Data. IEEE Transactions on Dependable and Secure Computing 13(3) (2016) 312-325Google Scholar
  3. 3.
    Jiang Q., Ma Z., Ma J., Li G.: Security Enhancement of a Robust User Authentication framework for Wireless Sensor Networks. China Communications 9(10) (2012) 103-111Google Scholar
  4. 4.
    Jiang Q., Ma J., Li G., Yang L.: Robust Two-factor Authentication and Key Agreement Preserving User Privacy. International Journal of Network Security 16(3)( 2014) 229-240Google Scholar
  5. 5.
    Jiang Q., Wei F., Fu S., Ma J., Li G., Alelaiwi A.: Robust Extended Chaotic Maps-based Three-factor Authentication Scheme Preserving Biometric Template Privacy. Nonlinear Dynamics 83(4) (2016) 2085-2101Google Scholar
  6. 6.
    Awasthi, A.K., Srivastava, K.: A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce. J. Med. Syst. 37(5) (2013) 1–4Google Scholar
  7. 7.
    Tan, Z.: A User Anonymity Preserving Three-factor Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 38(3) (2014) 1–9Google Scholar
  8. 8.
    Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M.K., Chaturvedi, A.: Security Enhancement of a Biometric based Authentication Scheme for Telecare Medicine Information Systems with Nonce. J. Med. Syst. 38(5): (2014) 1–11Google Scholar
  9. 9.
    Arshad, H., Nikooghadam, M.: Three-factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems. J. Med. Syst. 38(12) (2014) 1-12Google Scholar
  10. 10.
    Das, A.K.: A Secure User Anonymity-Preserving Three-Factor Remote User Authentication Scheme for the Telecare Medicine Information Systems. J. Med. Syst. 39(3) (2015) 1-20Google Scholar
  11. 11.
    Lu, Y., Li, L., Peng, H., Yang, Y.: An Enhanced Biometric-based Authentication Scheme for Telecare Medicine Information Systems Using Elliptic Curve Cryptosystem. J. Med. Syst. 39(3) (2015)Google Scholar
  12. 12.
    Wang D., He D., Wang P., Chu C.-H.: Anonymous Two-factor Authentication in Distributed Systems: Certain Goals are Beyond Attainment. IEEE Transactions on Dependable and Secure Computing 12(4) (2015)428-442.Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.School of Cyber EngineeringXidian UniversityXi’anChina

Personalised recommendations