Abstract
Telecare medical information system (TMIS) constructs an efficient and convenient connection between patients and the medical server. The patients can enjoy medical services through public networks, and hence the protection of patients’ privacy is very significant. Very recently, Wu et al. identified Jiang et al.’s authentication scheme had some security drawbacks and proposed an enhanced authentication scheme for TMIS. However, we analyze Wu et al.’s scheme and show that their scheme suffers from server spoofing attack, off-line password guessing attack, impersonation attack. Moreover, Wu et al.’s scheme fails to preserve the claimed patient anonymity and its password change phase is unfriendly and inefficient. Thereby, we present a novel anonymous authentication scheme for telecare medical information systems to eliminate the aforementioned faults. Besides, We demonstrate the completeness of the proposed scheme through the BAN logic. Furthermore, the security of our proposed scheme is proven through Bellare and Rogaways model. Compared with the related existing schemes, our scheme is more secure.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Das, M.L. Two-factor user authentication in wireless sensor networks. IEEE Trans. Wirel. Commun. 8(3):1086–1090, 2009
Hwang, M.S., and Li, L.H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1):28–30, 2000
Lee, N.Y., and Chiu, Y.C., Improved remote authentication scheme with smart card. Comput. Stand. Interfac. 27(2): 177-180, 2005
Wen, F.T., Susilo, W., and Yang, G.M., A robust smart card-based anonymous user authentication protocol for wireless communications. Secur. Comm. Netw., doi:10.1002/sec.816, 2013
Wen, F.T., Susilo, W, and Yang, G.M., A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wireless Pers. Commun. 73(3):993–1004, 2013
Yang, G., Wong, D.S., Wang, H., and Deng, X., Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74(7):1160–1172, 2008
Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012
He, D.B., Chen, J.H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012
Zhu, Z., An effcient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012
Chen, H.M., Lo, J.W., and Yeh, C.K., An effcient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012
Khan, M.K., Kim, S.K., and Alghathbar, K., Cryptanalysis and security enhancement of a more effcient & secure dynamic ID-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2011
Jiang, Q., Ma, J.F., Ma, Z., and Li, G.S., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-012-9897-0
Wu, F., and Xu, L.L., Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst. doi:10.1007/s10916-013-9958-z, 2013
D. Boneh, The Decision Diffe-Hellman Problem. In Proc. Third Algorithmic Number Theory Symposium, Springer press,1998, pp.48-63
Mihir, B., and Phillip, R., Entity authentication and key distribution. Proceedings on Advances in Cryptology (CRYPTO’93): Springer press, 22–26, 1993
Kumari, S., Khan, M.K., and Kumar, R., Cryptanalysis and improvement of a privacy enhanced scheme for telecare medical information systems. J. Med. Syst. doi:10.1007/s10916-013-9952-5, 2013
Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. Proceedings of Advances in Cryptology: Santa Barbara, CA, USA., 388–397, 1999
Messerges, T.S., Dabbish, E.A., and Sloan, E.A., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002
Burrows, M., Abadi, M., and Needham, R., A logic of authentication. ACM Trans. Comput. Syst. 8(1):18–36, 1990
Chang, Y.F., Yu, S.H., and Shiao, D.R., An uniqueness and anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013
Acknowledgments
The authors are grateful to the editor and anonymous reviewers for their valuable suggestions, which improved the paper. This work is supported by Natural Science Foundation of Shandong Province(No.ZR2013FM009).
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Mobile Systems
Rights and permissions
About this article
Cite this article
Wen, F., Guo, D. An Improved Anonymous Authentication Scheme for Telecare Medical Information Systems. J Med Syst 38, 26 (2014). https://doi.org/10.1007/s10916-014-0026-0
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-014-0026-0