Skip to main content
SpringerLink
Log in

Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

To ensure reliable telecare services some user authentication schemes for telecare medical information system (TMIS) have been presented in literature. These schemes are proposed with intent to regulate only authorized access to medical services so that medical information can be protected from misuse. Very recently Jiang et al. proposed a user authentication scheme for TMIS which they claimed to provide enhanced privacy. They made use of symmetric encryption/decryption with cipher block chaining mode (CBC) to achieve the claimed user privacy. Their scheme provides features like user anonymity and user un-traceability unlike its preceding schemes on which it is built. Unluckily, authors overlook some important aspects in designing their scheme due to which it falls short to resist user impersonation attack, guessing attacks and denial of service attack. Besides, its password change phase is not secure; air message confidentiality is at risk and also has some other drawbacks. Therefore, we propose an improved scheme free from problems observed in Jiang et al.’s scheme and more suitable for TMIS.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., and Yen, D. C., Design and implementation of a telecare information platform. J. Med. Syst. 36(3):1629–1650, 2012. doi:10.1007/s10916-010-9625-6.

    Article  Google Scholar 

  2. Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.

    Article  Google Scholar 

  3. Gritzalis, S., Lambrinoudakis, C., Lekkas, D., and Deftereos, S., Technical guidelines for enhancing privacy and data protection in modern electronic medical environments. IEEE Trans. Inf. Technol. Biomed. 9(3):413–423, 2005.

    Article  Google Scholar 

  4. Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.

    Article  Google Scholar 

  5. RSA Secure ID, “Secure identity.” [Online] Available: http://www.rsa.com/node.aspx?id=1156.

  6. Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.

    Article  Google Scholar 

  7. Khan, M. K., Kim, S. K., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic ID-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.

    Article  Google Scholar 

  8. Kumari, S., Gupta, M. K., and Kumar, M., Cryptanalysis and security enhancement of Chen et al’.s remote user authentication scheme using smart card. Cent. Eur. J. Comput. Sci. 2(1):60–75, 2012.

    Article  Google Scholar 

  9. Kumar, M., Gupta, M. K., and Kumari, S., An Improved efficient remote password authentication scheme with smart card over insecure networks. Int. J. Netw Secur. 13(3):167–177, 2011.

    Google Scholar 

  10. Khan, M. K., Kumari, S., and Gupta, M. K., More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing, 2013. doi:10.1007/s00607-013-0308-2.

    Google Scholar 

  11. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012. doi:10.1007/s10916-010-9614-9.

    Article  Google Scholar 

  12. He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012. doi:10.1007/s10916-011-9658-5.

    Article  Google Scholar 

  13. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012. doi:10.1007/s10916-012-9835-1.

    Article  Google Scholar 

  14. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012. doi:10.1007/s10916-012-9856-9.

    Article  Google Scholar 

  15. Pu, Q., Wang, J., and Zhao, R., Strong authentication scheme for telecare medicine information systems. J. Med. Syst. 36(4):2609–2619, 2012. doi:10.1007/s10916-011-9735-9.

    Article  Google Scholar 

  16. Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012. doi:10.1007/s10916-012-9862-y.

    Article  Google Scholar 

  17. Jiang, Q., Ma, J., Ma, Z., and Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37:9897, 2013. doi:10.1007/s10916-012-9897-0.

    Article  Google Scholar 

  18. Wang, X. M., Zhang, W. F., Zhang, J. S., and Khan, M. K., Cryptanalysis and improvement on two efficient remote user authentication scheme using cards. Comput. Stand. Interfaces 29(5):507–512, 2007.

    Article  Google Scholar 

  19. Dworkin, M., Recommendation for Block Cipher Modes of Operation: Methods and Techniques. NIST Special Publication 800-38A, 2001.

  20. Mao, W., Modern Cryptography: Theory and Practice. Prentice Hall Professional Technical Reference, 2003.

  21. Kocher, P., Jaffe, J., Jun, B., Differential power analysis. Proceedings of Advances in Cryptology. Santa Barbara, CA, U.S.A., 388–397, 1999.

  22. Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  MathSciNet  Google Scholar 

  23. Sood, S. K., Sarjee, A. K., Singh, K., An improvement of Liao et al.’s authentication scheme using smart card. IEEE 2nd International Advance Computing Conference (IACC2010), Patiala, India, pp. 240–245, 2010.

Download references

Acknowledgments

We declare that there is no role or involvement of any sponsor in this study.

Conflict of interest statement

Authors have no conflict of interest.

Author information

Authors and Affiliations

  1. Department of Mathematics, Agra College, Agra, Uttar Pradesh, India

    Saru Kumari

  2. Center of Excellence in Information Assurance, King Saud University, Riyadh, Kingdom of Saudi Arabia

    Muhammad Khurram Khan

  3. Department of Mathematics, D. B. S. College, Kanpur, Uttar Pradesh, India

    Rahul Kumar

Authors
  1. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rahul Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saru Kumari.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kumari, S., Khan, M.K. & Kumar, R. Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’. J Med Syst 37, 9952 (2013). https://doi.org/10.1007/s10916-013-9952-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-013-9952-5

Keywords

Search

Navigation