Abstract
Telecare medical information systems (TMISs) are increasingly popular technologies for healthcare applications. Using TMISs, physicians and caregivers can monitor the vital signs of patients remotely. Since the database of TMISs stores patients’ electronic medical records (EMRs), only authorized users should be granted the access to this information for the privacy concern. To keep the user anonymity, recently, Chen et al. proposed a dynamic ID-based authentication scheme for telecare medical information system. They claimed that their scheme is more secure and robust for use in a TMIS. However, we will demonstrate that their scheme fails to satisfy the user anonymity due to the dictionary attacks. It is also possible to derive a user password in case of smart card loss attacks. Additionally, an improved scheme eliminating these weaknesses is also presented.
Similar content being viewed by others
References
Awasthi, A. K., Comment on a dynamic ID-based remote user authentication scheme. Trans. Cryptol. 1(2):15–16, 2004.
Chen, C., He, D., Chan, S., Bu, S. J., Gao, Y., and Fan, R., Lightweight and provably secure user authentication with anonymity for the global mobility network. Int. J. Commun. Syst. 24(3):347–362, 2011.
Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.
Das, M. L., Saxana, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.
He, D., Chen, J., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2011.
Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron 46(1):28–30, 2000.
Juang, W. S., and Wu, J. L., Two efficient two-factor authenticated key exchange protocols in public wireless lans. Comput. Electr. Eng. 1(35):33–40, 2009.
Khan, M. K., Kim, S. K., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2011.
Ku, W. C., and Chang, S. T., Impersonation attacks on a dynamic ID-based remote user authentication scheme using smart cards. IEICE Trans. Commun. E88-B(5):2165–2167, 2005.
Lamport, L., Password authentication with insecure communication. Commun. ACM 24(11):770–772, 1981.
Liao, I., Lee, C. C. and Hwang, M. S., “Security enhancement for a dynamic ID-based remote user authentication scheme, Proceedings of 2005 International Conference on Next Generation Web Services Practices, Seoul, Korea, 2005, pp. 437–440.
Lin, C. L., Sun, H. M., and Hwang, T., Attacks and solutions on strong-password authentication. IEICE Trans. Commun. E84-B(9):2622–2627, 2001.
Misbahuddin, M., and Bindu, C. S., Cryptanalysis of Liao-Lee-Hwang’s dynamic ID scheme. Int. J. Netw. Secur. 2(6):211–213, 2008.
Rivest, R., Shamir, A., and Adleman, L., A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2):120–126, 1978.
Shimizu, A., A dynamic password authentication method by one way function. Syst. Comput. Jpn. 22(7):32–40, 1991.
Shimizu, A., Horioka, T., and Inagaki, H., A password authentication method for contents communication on the Internet. IEICE Trans. Commun. E81-B(8):1666–1673, 1998.
Su, R., and Cao, Z. F., An efficient anonymous authentication mechanism for delay tolerant networks. Comput. Electr. Eng. 3(36):435–441, 2010.
Tang, H. B. and Liu, X. S., “Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme,” Int. J. Commun. Syst., to appear, 2012.
Tsai, J. L., Wu, T. C., and Tsai, K. Y., New dynamic ID authentication scheme using smart cards. Int. J. Commun. Syst. 23(12):1449–1462, 2010.
Wang, R. C., Juang, W. S., and Lei, C. L., Robust authentication and key agreement scheme preserving the privacy of secret key. Comput. Commun. 34(3):274–280, 2011.
Wang, Y. Y., Liu, J. Y., Xiao, F. X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.
Wen, F., and Li, X., An improved dynamic ID-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2):381–387, 2011.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.
Wu, S., Zhu, T., and Pu, Q., Robust smart-cards-based user authentication scheme with user anonymity. Secur. Commun. Netw. 5(2):236–248, 2011.
Yoon, E. J., and Yoo, K. Y., “Improving the dynamic ID-based remote mutual authentication scheme”, Proceedings of 2006 OTM Workshops, Lecture Notes in Computer Science, vol. 4277. Springer, Berlin, pp. 499–507, 2006.
Yoon, E. J., Yoo, K. Y., and Ha, K. S., A user friendly authentication scheme with anonymity for wireless communications. Comput. Electr. Eng. 3(37):356–364, 2011.
Zhu, Z., An efficient authentication scheme for telcare medical information system. J. Med. Syst. 36(6):3833–3838, 2012.
Acknowledgment
We would like to thank anonymous referees for their valuable suggestions. This work was supported in part by the National Science Council of Republic of China under the contract number NSC 101-2218-E-019-005.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lin, HY. On the Security of A Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems. J Med Syst 37, 9929 (2013). https://doi.org/10.1007/s10916-013-9929-4
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-013-9929-4