Skip to main content
SpringerLink
Log in

On the Security of A Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Telecare medical information systems (TMISs) are increasingly popular technologies for healthcare applications. Using TMISs, physicians and caregivers can monitor the vital signs of patients remotely. Since the database of TMISs stores patients’ electronic medical records (EMRs), only authorized users should be granted the access to this information for the privacy concern. To keep the user anonymity, recently, Chen et al. proposed a dynamic ID-based authentication scheme for telecare medical information system. They claimed that their scheme is more secure and robust for use in a TMIS. However, we will demonstrate that their scheme fails to satisfy the user anonymity due to the dictionary attacks. It is also possible to derive a user password in case of smart card loss attacks. Additionally, an improved scheme eliminating these weaknesses is also presented.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Awasthi, A. K., Comment on a dynamic ID-based remote user authentication scheme. Trans. Cryptol. 1(2):15–16, 2004.

    MathSciNet  Google Scholar 

  2. Chen, C., He, D., Chan, S., Bu, S. J., Gao, Y., and Fan, R., Lightweight and provably secure user authentication with anonymity for the global mobility network. Int. J. Commun. Syst. 24(3):347–362, 2011.

    Article  Google Scholar 

  3. Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  Google Scholar 

  4. Das, M. L., Saxana, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.

    Article  Google Scholar 

  5. He, D., Chen, J., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2011.

    Google Scholar 

  6. Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron 46(1):28–30, 2000.

    Article  Google Scholar 

  7. Juang, W. S., and Wu, J. L., Two efficient two-factor authenticated key exchange protocols in public wireless lans. Comput. Electr. Eng. 1(35):33–40, 2009.

    Article  Google Scholar 

  8. Khan, M. K., Kim, S. K., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2011.

    Article  Google Scholar 

  9. Ku, W. C., and Chang, S. T., Impersonation attacks on a dynamic ID-based remote user authentication scheme using smart cards. IEICE Trans. Commun. E88-B(5):2165–2167, 2005.

    Article  Google Scholar 

  10. Lamport, L., Password authentication with insecure communication. Commun. ACM 24(11):770–772, 1981.

    Article  MathSciNet  Google Scholar 

  11. Liao, I., Lee, C. C. and Hwang, M. S., “Security enhancement for a dynamic ID-based remote user authentication scheme, Proceedings of 2005 International Conference on Next Generation Web Services Practices, Seoul, Korea, 2005, pp. 437–440.

  12. Lin, C. L., Sun, H. M., and Hwang, T., Attacks and solutions on strong-password authentication. IEICE Trans. Commun. E84-B(9):2622–2627, 2001.

    Google Scholar 

  13. Misbahuddin, M., and Bindu, C. S., Cryptanalysis of Liao-Lee-Hwang’s dynamic ID scheme. Int. J. Netw. Secur. 2(6):211–213, 2008.

    Google Scholar 

  14. Rivest, R., Shamir, A., and Adleman, L., A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2):120–126, 1978.

    Article  MathSciNet  MATH  Google Scholar 

  15. Shimizu, A., A dynamic password authentication method by one way function. Syst. Comput. Jpn. 22(7):32–40, 1991.

    Article  Google Scholar 

  16. Shimizu, A., Horioka, T., and Inagaki, H., A password authentication method for contents communication on the Internet. IEICE Trans. Commun. E81-B(8):1666–1673, 1998.

    Google Scholar 

  17. Su, R., and Cao, Z. F., An efficient anonymous authentication mechanism for delay tolerant networks. Comput. Electr. Eng. 3(36):435–441, 2010.

    Article  Google Scholar 

  18. Tang, H. B. and Liu, X. S., “Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme,” Int. J. Commun. Syst., to appear, 2012.

  19. Tsai, J. L., Wu, T. C., and Tsai, K. Y., New dynamic ID authentication scheme using smart cards. Int. J. Commun. Syst. 23(12):1449–1462, 2010.

    Article  Google Scholar 

  20. Wang, R. C., Juang, W. S., and Lei, C. L., Robust authentication and key agreement scheme preserving the privacy of secret key. Comput. Commun. 34(3):274–280, 2011.

    Article  Google Scholar 

  21. Wang, Y. Y., Liu, J. Y., Xiao, F. X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009.

    Article  Google Scholar 

  22. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  Google Scholar 

  23. Wen, F., and Li, X., An improved dynamic ID-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2):381–387, 2011.

    Article  Google Scholar 

  24. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  Google Scholar 

  25. Wu, S., Zhu, T., and Pu, Q., Robust smart-cards-based user authentication scheme with user anonymity. Secur. Commun. Netw. 5(2):236–248, 2011.

    Article  Google Scholar 

  26. Yoon, E. J., and Yoo, K. Y., “Improving the dynamic ID-based remote mutual authentication scheme”, Proceedings of 2006 OTM Workshops, Lecture Notes in Computer Science, vol. 4277. Springer, Berlin, pp. 499–507, 2006.

    Google Scholar 

  27. Yoon, E. J., Yoo, K. Y., and Ha, K. S., A user friendly authentication scheme with anonymity for wireless communications. Comput. Electr. Eng. 3(37):356–364, 2011.

    Article  Google Scholar 

  28. Zhu, Z., An efficient authentication scheme for telcare medical information system. J. Med. Syst. 36(6):3833–3838, 2012.

    Article  Google Scholar 

Download references

Acknowledgment

We would like to thank anonymous referees for their valuable suggestions. This work was supported in part by the National Science Council of Republic of China under the contract number NSC 101-2218-E-019-005.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Taiwan Ocean University, 2, Beining Road, Keelung, 202 Taiwan Republic of China

    Han-Yu Lin

Authors
  1. Han-Yu Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Han-Yu Lin.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lin, HY. On the Security of A Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems. J Med Syst 37, 9929 (2013). https://doi.org/10.1007/s10916-013-9929-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-013-9929-4

Keywords

Search

Navigation