Skip to main content

Advertisement

SpringerLink
Log in

Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems

  • Research Article
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

To ensure only authorized access to medical services, several authentication schemes for telecare medicine information systems (TMIS) have been proposed in the literature. Due to its better performance than traditional cryptography, Hao et al. proposed an authentication scheme for TMIS using chaotic map based cryptography. They claimed that their scheme could resist various attacks, including the smart card stolen attack. However, we identify that their scheme is vulnerable to the stolen smart card attack. The reason causing the stolen smart card attack is that the scheme is designed based on the assumption that the scheme itself achieves user untraceability. Then, we propose a robust authentication and key agreement scheme. Compared with the previous schemes, our scheme not only enjoys more security features, but also has better efficiency. Our analysis indicates that designing a two-factor authentication scheme based on the assumption that privacy protection is achieved in the scheme itself may pose potential security risks. The lesson learned is that, we should avoid this situation in the future design of two-factor authentication schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  Google Scholar 

  2. Jiang, Q., Ma, J., Ma, Z., and Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-012-9897-0.

    Google Scholar 

  3. Kumari, S., Khan, M. K., and Kumar, R., Cryptanalysis and improvement of ‘A privacy enhanced scheme for telecare medical information systems’. J. Med. Syst. 37(4):9952, 2013.

    Article  Google Scholar 

  4. Lin, H. Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-013-9929-4.

    Google Scholar 

  5. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012. doi:10.1007/s10916-010-9614-9.

    Article  Google Scholar 

  6. He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012. doi:10.1007/s10916-011-9658-5.

    Article  Google Scholar 

  7. Pu, Q., Wang, J., and Zhao, R., Strong authentication scheme for telecare medicine information systems. J. Med. Syst. 36(4):2609–2619, 2012. doi:10.1007/s10916-011-9735-9.

    Article  Google Scholar 

  8. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012. doi:10.1007/s10916-012-9835-1.

    Article  Google Scholar 

  9. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012. doi:10.1007/s10916-012-9856-9.

    Article  Google Scholar 

  10. Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.07/s10916-012-9912-5.

    Google Scholar 

  11. Xie, Q., Zhang, J., and Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-012-9911-6.

    Google Scholar 

  12. Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3):9933, 2013.

    Article  Google Scholar 

  13. Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):9969, 2013. doi:10.1007/s10916-013-9969-9.

    Article  Google Scholar 

  14. Ma, C., Wang, D., and Zhao, S., Security flaws in two improved remote user authentication schemes using smart cards. Int. J. Commun. Syst. 2012. doi:10.1002/dac.2468.

    Google Scholar 

  15. Tseng, H., Jan, R., and Yang, W., A chaotic maps-based key agreement protocol that preserves user anonymity. IEEE Int. Conf. Commun. (ICC09), 2009; p. 1–6.

  16. Wang, X., and Zhao, J., An improved key agreement protocol based on chaos. Commun. Nonlinear Sci. Numer. Simul. 15:4052–4057, 2010.

    Article  MATH  MathSciNet  Google Scholar 

  17. Niu, Y., and Wang, X., An anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 16(4):1986–1992, 2011.

    Article  MATH  MathSciNet  Google Scholar 

  18. Xue, K., and Hong, P., Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 2011. doi:10.1016/j.cnsns.2011.11.025.

    Google Scholar 

  19. Guo, C., and Chang, C., Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 2012. doi:10.1016/j.cnsns.2012.09.032.

    Google Scholar 

  20. Hao, X., Wang, J., Yang, Q., Yan, X., and Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):9919, 2013. doi:10.1007/s10916-012-9919-y.

    Article  Google Scholar 

  21. Bergamo, P., Arco, P., Santis, A., and Kocarev, L., Security of public key cryptosystems based on Chebyshev polynomials. IEEE. Trans. Circ. Syst. I 52:1382–1393, 2005.

    Article  Google Scholar 

  22. Zhang, L., Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos. Soliton. Fract. 37(3):669–674, 2008.

    Article  MATH  Google Scholar 

  23. He, D., Wang, D., and Wu, S., Cryptanalysis and improvement of a password-based remote user authentication scheme without smart cards. Inf. Technol. Control 42(2):105–112, 2013.

    Google Scholar 

  24. Jiang, Q., Ma, J., Li, G., et al., An improved password-based remote user authentication Pprotocol without smart cards. Inf. Technol. Control 42(2):113–123, 2013.

    MathSciNet  Google Scholar 

  25. Arkko, J., Nikander, P., and Näslund, M., Enhancing privacy with shared pseudo random sequences. Security Protocols. Springer Berlin, Heidelberg, pp. 187–196, 2007.

    Google Scholar 

Download references

Acknowledgments

This work is supported by Supported by Program for Changjiang Scholars and Innovative Research Team in University (Program No. IRT1078), Major national S&T program (2011ZX03005-002), National Natural Science Foundation of China (Program No. U1135002, 61173135, 61202389), Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2012JQ8043), Fundamental Research Funds for the Central Universities. The authors would like to thank the anonymous reviewers and the editor for their constructive comments that have helped us to improve this paper.

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Xidian University, Xi’an, China

    Qi Jiang & Jianfeng Ma

  2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Xiang Lu & Youliang Tian

Authors
  1. Qi Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianfeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiang Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Youliang Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qi Jiang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Jiang, Q., Ma, J., Lu, X. et al. Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems. J Med Syst 38, 12 (2014). https://doi.org/10.1007/s10916-014-0012-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0012-6

Keywords

Search

Navigation