Abstract
To ensure patients’ privacy, such as telephone number, medical record number, health information, etc., authentication schemes for telecare medicine information systems (TMIS) have been studied widely. Recently, Wei et al. proposed an efficient authentication scheme for TMIS. They claimed their scheme could resist various attacks. However, in this paper, we will show their scheme is vulnerable to an off-line password guessing attack when user’s smart card is lost. To improve the security, we propose a new authentication scheme for TMIS. The analysis shows our scheme could overcome the weaknesses in Wei et al.’s scheme and has better performance than their scheme.
Similar content being viewed by others
References
Lamport, L., Password Authentication with Insecure Communication. Comm. ACM 24(11):770–772, 1981.
Juang, W.-S., Wu, J.-L., An efficient two-factor authenticated key exchange protocol based on elliptic curve cryptosystems. In Proc. of The 11th information management and implementation conference (IMI’05), pp. 299–306, 2005.
Mangipudi, K., Katti, R., A secure identification and key agreement protocol with user anonymity (SIKA). Comput. Secur, 25(6):420–425, 2006.
Lee, N.-Y., Wu, C.-N., Wang, C.-C., Authenticated multiple key exchange protocols based on elliptic curves and bilinear pairings. Comput. Electr. Eng. 34(1):12–20, 2008.
Yang, J.-H., Chang, C.-C., An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Comput. Secur. 28:138–143, 2009.
Wang, R.-C., Juang, W.-S., Lei, C.-L., Provably secure and efficient identification and key agreement protocol with user anonymity. J. Comput. Syst. Sci. doi: 10.1016/j.jcss.2010.07.004, 2010.
He, D., Chen, J., Hu, J., An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inform. Fusion. doi: 10.1016/j.infus.2011.01.001, 2011.
He, D., Chen, J., Chen, Y., A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur. Comm. Network. doi: 10.1002/sec.506, 2011.
He, D., An efficient remote user authentication and key exchange protocol for mobile client–server environment from pairings, Ad Hoc Networks. doi: 10.1016/j.adhoc.2012.01.002, 2012.
He, D., Chen, Y., Chen, J., Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol, Nonlinear Dynam. doi: 10.1007/s11071-012-0335-0, 2012.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. doi: 10.1007/s10916-010-9614-9, 2010.
He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. doi: 10.1007/s10916-011-9658-5, 2011.
Wei, J., Hu, X., Liu, W., An Improved Authentication Scheme for Telecare Medicine Information Systems, J. Med. Syst. doi: 10.1007/s10916-012-9835-1, 2012.
Kocher, P., Jaffe, J., Jun, B., Differential power analysis. Proc. Adv. Cryptology (CRYPTO 99), pp. 388–397, 1999.
Messerges T., Dabbish E., Sloan R., Examining smart-card security under the threat of power analysis attacks, IEEE Trans. Comput. 51(5):541–552, 2002.
PKCS, Public key cryptography standards, PKCS #1 v2.1, RSA Cryptography Standard, Draft 2, 2001. Available at http://www.rsasecurity.com/rsalabs/pkcs/
Boneh, D., Twenty years of attacks on the RSA cryptosystem. Not. AMS, 46(2):203–213, 1999.
Wikipedia, RSA (algorithm). Available at http://en.wikipedia.org/wiki/RSA_(algorithm)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhu, Z. An Efficient Authentication Scheme for Telecare Medicine Information Systems. J Med Syst 36, 3833–3838 (2012). https://doi.org/10.1007/s10916-012-9856-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-012-9856-9