On the Security of Three-factor Authentication Scheme for Telecare Medical Information Systems
Although a number of three-factor authentication schemes have been developed to ensure that sensitive medical information are only available to legal users in telecare medical information system, most of them are found to be flawed. Understanding security and privacy failures of authentication protocols is a prerequisite to both fixing existing protocols and designing future ones. In this paper, we analyze an enhanced three-factor authentication scheme of Lu et al., and reveal that it cannot achieve the claimed security and privacy goals. (1) It fails to provide anonymity and untraceability, and is susceptible to the following attacks targeting user privacy: identity revelation attack and tracking attack. (2) It is also susceptible to offline password guessing attack, user impersonation attack, and server impersonation attack.
KeywordsSmart Card Authentication Scheme Impersonation Attack Biometric Template Login Message
Unable to display preview. Download preview PDF.
- 1.Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., & Yen, D. C.: Design and Implementation of a Telecare Information Platform. J. Med. Syst. 36(3) (2012) 1629-1650Google Scholar
- 2.Li, H., Yang, Y., Luan, T., Liang, X., Zhou, L., Shen, X.: Enabling Fine-grained Multi-keyword Search Supporting Classified Sub-dictionaries over Encrypted Cloud Data. IEEE Transactions on Dependable and Secure Computing 13(3) (2016) 312-325Google Scholar
- 3.Jiang Q., Ma Z., Ma J., Li G.: Security Enhancement of a Robust User Authentication framework for Wireless Sensor Networks. China Communications 9(10) (2012) 103-111Google Scholar
- 4.Jiang Q., Ma J., Li G., Yang L.: Robust Two-factor Authentication and Key Agreement Preserving User Privacy. International Journal of Network Security 16(3)( 2014) 229-240Google Scholar
- 5.Jiang Q., Wei F., Fu S., Ma J., Li G., Alelaiwi A.: Robust Extended Chaotic Maps-based Three-factor Authentication Scheme Preserving Biometric Template Privacy. Nonlinear Dynamics 83(4) (2016) 2085-2101Google Scholar
- 6.Awasthi, A.K., Srivastava, K.: A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce. J. Med. Syst. 37(5) (2013) 1–4Google Scholar
- 7.Tan, Z.: A User Anonymity Preserving Three-factor Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 38(3) (2014) 1–9Google Scholar
- 8.Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M.K., Chaturvedi, A.: Security Enhancement of a Biometric based Authentication Scheme for Telecare Medicine Information Systems with Nonce. J. Med. Syst. 38(5): (2014) 1–11Google Scholar
- 9.Arshad, H., Nikooghadam, M.: Three-factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems. J. Med. Syst. 38(12) (2014) 1-12Google Scholar
- 10.Das, A.K.: A Secure User Anonymity-Preserving Three-Factor Remote User Authentication Scheme for the Telecare Medicine Information Systems. J. Med. Syst. 39(3) (2015) 1-20Google Scholar
- 11.Lu, Y., Li, L., Peng, H., Yang, Y.: An Enhanced Biometric-based Authentication Scheme for Telecare Medicine Information Systems Using Elliptic Curve Cryptosystem. J. Med. Syst. 39(3) (2015)Google Scholar
- 12.Wang D., He D., Wang P., Chu C.-H.: Anonymous Two-factor Authentication in Distributed Systems: Certain Goals are Beyond Attainment. IEEE Transactions on Dependable and Secure Computing 12(4) (2015)428-442.Google Scholar