Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende
Erweiterte Suche
Anmelden
nach oben
Journal of Medical Systems
Erschienen in: Journal of Medical Systems 2/2013

01.04.2013 | Original Paper

Robust Anonymous Authentication Scheme for Telecare Medical Information Systems

verfasst von: Qi Xie, Jun Zhang, Na Dong

Erschienen in: Journal of Medical Systems | Ausgabe 2/2013

Einloggen, um Zugang zu erhalten

Abstract

Patient can obtain sorts of health-care delivery services via Telecare Medical Information Systems (TMIS). Authentication, security, patient’s privacy protection and data confidentiality are important for patient or doctor accessing to Electronic Medical Records (EMR). In 2012, Chen et al. showed that Khan et al.’s dynamic ID-based authentication scheme has some weaknesses and proposed an improved scheme, and they claimed that their scheme is more suitable for TMIS. However, we show that Chen et al.’s scheme also has some weaknesses. In particular, Chen et al.’s scheme does not provide user’s privacy protection and perfect forward secrecy, is vulnerable to off-line password guessing attack and impersonation attack once user’s smart card is compromised. Further, we propose a secure anonymity authentication scheme to overcome their weaknesses even an adversary can know all information stored in smart card.
Literatur
1.
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.CrossRef
2.
Yang, C. M., Lin, H. C., Chang, P., and Jian, W. S., Taiwan’s perspective on electronic medical records’ security and privacy protection: Lessons learned from HIPAA. Comput. Meth. Prog. Biol. 82(3):277–282, 2006.CrossRef
3.
Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.CrossRef
4.
Witteman, M., Advances in smartcard security. Inf. Secur. Bull. 7(2002):11–22, 2002.
5.
Lee, N. Y., and Chen, J. C., Improvement of one-time password authentication scheme using smart card. IEICE Trans. Commun. E88-B(9):3765–3769, 2005.CrossRef
6.
Hölbl, M., Welzer, T., and Brumen, B., Attacks and improvement of an efficient remote mutual authentication and key agreement scheme. Cryptologia 34(1):52–59, 2009.CrossRef
7.
Yeh, K. H., Sub, C. H., Loa, N. W., Li, Y., and Hung, Y. X., Two robust remote user authentication protocols using smart cards. J. Syst. Softw. 83(12):2556–2565, 2010.CrossRef
8.
Wang, X. M., Zhang, W. F., Zhang, J. S., and Khan, M. K., Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Comput. Stand. Interfac. 29(5):507–512, 2007.CrossRef
9.
Chen, T. H., Hsiang, H. C., and Shih, W. K., Security enhancement on an improvement on two remote user authentication schemes using smart cards. Futur. Gener. Comput. Syst. 27(4):377–380, 2011.MATHCrossRef
10.
11.
Wu, Z. Y., Chung, Y., Lai, F., and Chen, T. S., Password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36:631–638, 2012.CrossRef
12.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for Telecare Medicine Information Systems. J. Med. Syst. 36:1529–1535, 2012.CrossRef
13.
He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for Telecare Medicine Information Systems. J. Med. Syst. 36:1989–1995, 2012.CrossRef
14.
15.
16.
Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004. 508.CrossRef
17.
18.
Wang, R. C., Juang, W. S., and Lei, C. L., Provably secure and efficient identification and key agreement protocol with user anonymity. J. Comput. Syst. Sci. 77(4):790–798, 2011.MathSciNetMATHCrossRef
19.
Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for Telecare Medical Information Systems. J. Med. Syst., 2012. doi:10.​1007/​s10916-012-9862-y.
20.
Khan, M. K., Kim, K. S., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.CrossRef
21.
Chen, H., Xiao, Y., Hong, X., Hu, F., and Xie, J., A survey of anonymity in wireless communication systems. Secur. Comm. Netw. 2:427–444, 2009.CrossRef
22.
Kocher, P., Jaffe, J., and Jun, J., Differential power analysis. Proceedings of Advances in Cryptology (CRYPTO 99). pp.388–397, 1999.
23.
Messerges, T., Dabbish, E., and Sloan, R., Examining smartcard security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.MathSciNetCrossRef
24.
Abadi, M., Blanchet, B., and Lundh, H. C., Models and proofs of protocol security: A progress report. 21st International Conference on Computer Aided Verification, Grenoble, France, pp. 35–49, 2009.
25.
Abadi, M., and Fournet, C., Mobile values, new names, and secure communication. Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM New York, pp. 104–115, 2001.
26.
Li, C. T., Hwang, M. S., and Chu, Y. P., A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Comput. Commun. 31:2803–2814, 2008.CrossRef
Metadaten
Titel
Robust Anonymous Authentication Scheme for Telecare Medical Information Systems
verfasst von
Qi Xie
Jun Zhang
Na Dong
Publikationsdatum
01.04.2013
Verlag
Springer US
Erschienen in
Journal of Medical Systems / Ausgabe 2/2013
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-012-9911-6

Weitere Artikel der Ausgabe 2/2013

Journal of Medical Systems 2/2013 Zur Ausgabe

Original Paper

A secure steganography for privacy protection in healthcare system

Original Paper

Evaluating the Ability of Hospital Information Systems to Establish Evidence-Based Medicine in Iran

Original Paper

An Effective and Secure Key-Management Scheme for Hierarchical Access Control in E-Medicine System

Original Paper

Closing the Feedback Loop: An Interactive Voice Response System to Provide Follow-up and Feedback in Primary Care Settings

Original Paper

The Meaningful Use of EMR in Chinese Hospitals: A Case Study on Curbing Antibiotic Abuse

Original Paper

Intelligent Medical Disease Diagnosis Using Improved Hybrid Genetic Algorithm - Multilayer Perceptron Network