Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende
Erweiterte Suche
Anmelden
nach oben
Journal of Medical Systems
Erschienen in: Journal of Medical Systems 4/2013

01.08.2013 | Original Paper

Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’

verfasst von: Saru Kumari, Muhammad Khurram Khan, Rahul Kumar

Erschienen in: Journal of Medical Systems | Ausgabe 4/2013

Einloggen, um Zugang zu erhalten

Abstract

To ensure reliable telecare services some user authentication schemes for telecare medical information system (TMIS) have been presented in literature. These schemes are proposed with intent to regulate only authorized access to medical services so that medical information can be protected from misuse. Very recently Jiang et al. proposed a user authentication scheme for TMIS which they claimed to provide enhanced privacy. They made use of symmetric encryption/decryption with cipher block chaining mode (CBC) to achieve the claimed user privacy. Their scheme provides features like user anonymity and user un-traceability unlike its preceding schemes on which it is built. Unluckily, authors overlook some important aspects in designing their scheme due to which it falls short to resist user impersonation attack, guessing attacks and denial of service attack. Besides, its password change phase is not secure; air message confidentiality is at risk and also has some other drawbacks. Therefore, we propose an improved scheme free from problems observed in Jiang et al.’s scheme and more suitable for TMIS.
Literatur
1.
2.
Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.CrossRef
3.
Gritzalis, S., Lambrinoudakis, C., Lekkas, D., and Deftereos, S., Technical guidelines for enhancing privacy and data protection in modern electronic medical environments. IEEE Trans. Inf. Technol. Biomed. 9(3):413–423, 2005.CrossRef
4.
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.CrossRef
5.
6.
Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.CrossRef
7.
Khan, M. K., Kim, S. K., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic ID-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.CrossRef
8.
Kumari, S., Gupta, M. K., and Kumar, M., Cryptanalysis and security enhancement of Chen et al’.s remote user authentication scheme using smart card. Cent. Eur. J. Comput. Sci. 2(1):60–75, 2012.CrossRef
9.
Kumar, M., Gupta, M. K., and Kumari, S., An Improved efficient remote password authentication scheme with smart card over insecure networks. Int. J. Netw Secur. 13(3):167–177, 2011.
10.
Khan, M. K., Kumari, S., and Gupta, M. K., More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing, 2013. doi:10.​1007/​s00607-013-0308-2.
11.
12.
13.
14.
15.
16.
Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012. doi:10.​1007/​s10916-012-9862-y.CrossRef
17.
18.
Wang, X. M., Zhang, W. F., Zhang, J. S., and Khan, M. K., Cryptanalysis and improvement on two efficient remote user authentication scheme using cards. Comput. Stand. Interfaces 29(5):507–512, 2007.CrossRef
19.
Dworkin, M., Recommendation for Block Cipher Modes of Operation: Methods and Techniques. NIST Special Publication 800-38A, 2001.
20.
Mao, W., Modern Cryptography: Theory and Practice. Prentice Hall Professional Technical Reference, 2003.
21.
Kocher, P., Jaffe, J., Jun, B., Differential power analysis. Proceedings of Advances in Cryptology. Santa Barbara, CA, U.S.A., 388–397, 1999.
22.
Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.MathSciNetCrossRef
23.
Sood, S. K., Sarjee, A. K., Singh, K., An improvement of Liao et al.’s authentication scheme using smart card. IEEE 2nd International Advance Computing Conference (IACC2010), Patiala, India, pp. 240–245, 2010.
Metadaten
Titel
Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’
verfasst von
Saru Kumari
Muhammad Khurram Khan
Rahul Kumar
Publikationsdatum
01.08.2013
Verlag
Springer US
Erschienen in
Journal of Medical Systems / Ausgabe 4/2013
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-013-9952-5

Weitere Artikel der Ausgabe 4/2013

Journal of Medical Systems 4/2013 Zur Ausgabe

Original Paper

Benefits and Challenges of Electronic Health Record System on Stakeholders: A Qualitative Study of Outpatient Physicians

Original Paper

Tablet Computer Use by Medical Students in the United States

Original Paper

EHR Implementation in a New Clinic: A Case Study of Clinician Perceptions

Original Paper

A Novel System Architecture for the National Integration of Electronic Health Records: A Semi-Centralized Approach

Original Paper

Synthetic Hardware Performance Analysis in Virtualized Cloud Environment for Healthcare Organization

Original Paper

Security analysis and Improvement of a Privacy Authentication Scheme for Telecare Medical Information Systems