Skip to main content

Advertisement

SpringerLink
Log in

Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems

  • Patient Facing Systems
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Telecare medical information systems (TMIS) provides rapid and convenient health care services remotely. Efficient authentication is a prerequisite to guarantee the security and privacy of patients in TMIS. Authentication is used to verify the legality of the patients and TMIS server during remote access. Very recently Islam et al. (J. Med. Syst. 38(10):135, 2014) proposed a two factor authentication protocol for TMIS using elliptic curve cryptography (ECC) to improve Xu et al.’s (J. Med. Syst. 38(1):9994, 2014) protocol. They claimed their improved protocol to be efficient and provides all security requirements. However our analysis reveals that Islam et al.’s protocol suffers from user impersonation and server impersonation attacks. Furthermore we proposed an enhanced protocol. The proposed protocol while delivering all the virtues of Islam et al.’s protocol resists all known attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Ch, S.A., uddin, N., Sher, M., Ghani, A., Naqvi, H., Irshad, A., An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimed. Tools Appl.,1–13, 2014. doi:10.1007/s11042-014-2283-9.

  2. Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012. doi:10.1007/s10916-012-9862-y.

    Article  Google Scholar 

  3. Das, A., A secure and robust password-based remote user authentication scheme using smart cards for the integrated epr information system. J. Med. Syst. 39(3):25, 2015. doi:10.1007/s10916-015-0204-8.

    Article  Google Scholar 

  4. Debiao, H., Jianhua, C., Jin, H., An id-based client authentication with key agreement protocol for mobile client–server environment on ecc with provable security. Inf. Fusion 13(3):223–230, 2012.

    Article  Google Scholar 

  5. Debiao, H., Jianhua, C., Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012. doi:10.1007/s10916-011-9658-5.

    Article  Google Scholar 

  6. Diffie, W., and Hellman, M.E., New directions in cryptography. IEEE Trans. Inf. Theory 22(6):644–654, 1976.

  7. Farash, M.S., and Attari, M.A., Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC. ISC Int. J. Inf. Secur. 5(1):18–43, 2013.

  8. Farash, M.S., Attari, M.A., Atani, R.E., Jami, M., A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Comput. Electr. Eng. 39(2):530–541, 2013.

    Article  Google Scholar 

  9. Farash, M.S., An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int. J. Commun. Syst. 2014. doi:10.1002/dac.2879.

  10. Farash, M.S., Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw. Appl.,1–10, 2014. doi:10.1007/s12083-014-0315-x.

  11. Farash, M.S., and Attari, M.A., An efficient and provably secure three-party password-based authenticated key exchange protocol based on chebyshev chaotic maps. Nonlinear Dyn. 77(1–2):399–411, 2014.

  12. Farash, M.S., and Attari, M.A., An enhanced and secure threeparty password-based authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. Inf. Technol. Control 43(2):143–150, 2014.

  13. Farash, M.S., and Attari, M.A., A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J. Supercomputing, 1–17, 2014.

  14. Farash, M.S., and Attari, M.A., An efficient client-client password-based authentication scheme with provable security. J Supercomput. 2014. doi:10.1007/s11227-014-1273-z

  15. Giri, D., Maitra, T., Amin, R., Srivastava, P., An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1):145, 2014. doi:10.1007/s10916-014-0145-7.

    Article  Google Scholar 

  16. He, D., An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings. Ad Hoc Netw. 10(6):1009–1016, 2012.

    Article  Google Scholar 

  17. Irshad, A., Sher, M., Faisal, M.S., Ghani, A., Ul Hassan, M., Ch, S.A.: A secure authentication scheme for session initiation protocol by using ecc on the basis of the tang and liu scheme. Secur. Comm. Netw. (2013)

  18. Irshad, A., Sher, M., Rehman, E., Ch, S.A., Hassan, M.U., Ghani, A., A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl.,1–18, 2013.

  19. Islam, S., and Biswas, G., A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.

  20. Islam, S., and Khan, M., Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10):135, 2014. doi:10.1007/s10916-014-0135-9

  21. Jiang, Q., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):9897, 2013. doi:10.1007/s10916-012-9897-0.

    Article  MathSciNet  Google Scholar 

  22. Khan, M.K., Kim, S.K., Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2011. doi:10.1016/j.comcom.2010.02.011. Special Issue of Computer Communications on Information and Future Communication Security.

  23. Khan, M.K., and Kumari, S., Cryptanalysis and improvement of an efficient and secure dynamic id-based authentication scheme for telecare medical information systems? Secur. Commun. Netw. 7(2):399–408, 2014. doi:10.1002/sec.791

  24. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology CRYPTO 99, pp. 388–397. Springer (1999)

  25. Kumari, S., Khan, M.K., Kumar, R., Cryptanalysis and improvement of a privacy enhanced scheme for telecare medical information systems. J. Med. Syst. 37(4):9952, 2013. doi:10.1007/s10916-013-9952-5.

    Article  Google Scholar 

  26. Lee, C.C., Chen, C.L., Wu, C.Y., Huang, S.Y., An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dyn. 69(1–2):79–87, 2012.

    Article  MATH  MathSciNet  Google Scholar 

  27. Liao, Y.P., and Wang, S.S., A new secure password authenticated key agreement scheme for sip using self-certified public keys on elliptic curves. Comput. Commun. 33 (3): 372–380 , 2010.

    Article  Google Scholar 

  28. Liu, J., Zhang, Z., Chen, X., Kwak, K.S., Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Trans. Parallel Distrib. Syst. 25 (2): 332–342 , 2014.

    Article  Google Scholar 

  29. Mehmood, Z., uddin, N., Ch, S.A., Nasar, W., Ghani, A.: An efficient key agreement with rekeying for secured body sensor networks. In: 2012 Second International Conference on Digital Information Processing and Communications (ICDIPC), pp. 164–167. IEEE (2012)

  30. Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552, 2002.

    Article  MathSciNet  Google Scholar 

  31. Chaudhry, S.A., Comment on ‘Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications’. IET Communications, pp. 1. doi:10.1049/iet-com.2014.1082.

  32. Ul Amin, N., Asad, M., Din, N., Ch, S.A.: An authenticated key agreement with rekeying for secured body sensor networks based on hybrid cryptosystem. In: 2012 9th IEEE International Conference on Networking, Sensing and Control (ICNSC), pp. 118–121. IEEE (2012)

  33. Wang, Z., Huo, Z., Shi, W., A dynamic identity based authentication scheme using chaotic maps for telecare medicine information systems. J. Med. Syst. 39(1):158, 2014. doi:10.1007/s10916-014-0158-2.

    Article  Google Scholar 

  34. Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012. doi:10.1007/s10916-012-9835-1.

    Article  Google Scholar 

  35. Wu, S., and Chen, K., An efficient key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 36(4):2325–2337, 2012.

  36. Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012. doi:10.1007/s10916-010-9614-9.

    Article  Google Scholar 

  37. Xiang, T., Wong, K.W., Liao, X., On the security of a novel key agreement protocol based on chaotic maps. Chaos, Solitons & Fractals 40(2):672–675, 2009. doi:10.1016/j.chaos.2007.08.012.

  38. Xu, L., and Wu, F., Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J. Med. Syst. 39(2):10, 2015. doi:10.1007/s10916-014-0179-x

  39. Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., He, L., A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(1):1–7, 2014.

  40. Yang, H., Kim, H., Mtonga, K., An efficient privacy-preserving authentication scheme with adaptive key evolution in remote health monitoring system. Peer-to-Peer Netw. Appl.,1–11, 2014. doi:10.1007/s12083-014-0299-6.

  41. Yoon, E.J., Ryu, E.K., Yoo, K.Y., Attacks and solutions of Yang et al.’s protected password changing scheme. Informatica 16(2):285–294, 2005.

    MATH  MathSciNet  Google Scholar 

  42. Zhang, L., Tang, S., Cai, Z., Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications. IET Communications 8(1):83–91, 2014.

    Article  Google Scholar 

  43. Zhao, Z., An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. J. Med. Syst. 38(2):1–7, 2014.

    Article  MATH  Google Scholar 

  44. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012. doi:10.1007/s10916-012-9856-9.

    Article  Google Scholar 

Download references

Acknowledgments

Authors would like to thank the anonymous reviewers, Prof. Jesse M Ehrenfeld and Dr. Mohammad Sabzinejad Farash for their valuable suggestions to improve the quality, correctness, presentation and readability of the manuscript.

Author information

Authors and Affiliations

  1. International Islamic University Islamabad, Islamabad, Pakistan

    Shehzad Ashraf Chaudhry, Husnain Naqvi & Muhammad Sher

  2. Division of Information and Computer Engineering, College of Information Technology, Ajou University, San 5, Woncheon-Dong, Yeongtong-Gu, Suwon, 443-749, Korea

    Taeshik Shon

  3. Mohammad Sabzinejad Farash Department of Mathematics and Computer Sciences, Kharazmi University, Tehran, Iran

    Mohammad Sabzinejad Farash

Authors
  1. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Husnain Naqvi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Taeshik Shon
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Muhammad Sher
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohammad Sabzinejad Farash
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shehzad Ashraf Chaudhry.

Additional information

This article is part of the Topical Collection on Patient Facing Systems

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chaudhry, S.A., Naqvi, H., Shon, T. et al. Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems. J Med Syst 39, 66 (2015). https://doi.org/10.1007/s10916-015-0244-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0244-0

Keywords

Search

Navigation