Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende
Erweiterte Suche
Anmelden
nach oben
Journal of Medical Systems
Erschienen in: Journal of Medical Systems 5/2013

01.10.2013 | Original Paper

An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System

verfasst von: Ashok Kumar Das, Bezawada Bruhadeshwar

Erschienen in: Journal of Medical Systems | Ausgabe 5/2013

Einloggen, um Zugang zu erhalten

Abstract

Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu’s scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu’s scheme. We show that our scheme is efficient as compared to Lee-Liu’s scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.
Literatur
1.
Aumasson, J. P., Henzen, L., Meier, W., and Plasencia, M. N., Quark: a lightweight hash. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES 2010), LNCS. Vol. 6225, pages 1–15, 2010.
2.
3.
4.
Basin, D., Modersheim, S., and Vigano, L., OFMC: A symbolic model checker for security protocols. Int. J. Inf. Secur. 4(3):181–208, 2005.CrossRef
5.
Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst., 37:9902, 2013.CrossRef
6.
Das, A. K., Analysis and improvement on an efficient biometricbased remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.CrossRef
7.
Das, A. K., A random key establishment scheme for multi-phase deployment in large-scale distributed sensor networks. Int. J. Inf. Secur. 11(3):189–211, 2012.CrossRef
8.
Das, A. K., A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Netw. Sci. 2(1–2):12–27, 2013.CrossRef
9.
Das, A. K., Chatterjee, S., and Sing, J. K., A novel efficient access control scheme for large-scale distributed wireless sensor networks. Int. J. Found. Comput. Sci. (In press).
10.
Das, A. K., and Goswami, A., A secure and efficient Uniquenessand-Anonymity-Preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.CrossRef
11.
Das, A. K., Massand, A., and Patil, S., A novel proxy signature scheme based on user hierarchical access control policy. J. King Saud University—Comput. Inform. Sci. 25(2):219–228, 2013.CrossRef
12.
Das, A. K., Paul, N. R., and Tripathy, L., Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf. Sci. 209:80–92, 2012.MathSciNetCrossRefMATH
13.
Das, M. L., Two-factor user authentication in wireless sensor networks. IEEE Trans. Wirel. Commun. 8(3):1086–1090, 2009.CrossRef
14.
Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.CrossRef
15.
16.
He, D., Chen, J., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef
17.
Jaspher, G., Kathrine, W., Kirubakaran, E., and Prakash, P., Smart card based remote user authentication schemes: a survey. Procedia Eng. 38:1318–1326, 2012.CrossRef
18.
Khan, M. K., Kim, S.-K., and Alghathbar, K., Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic IDbased remote user authentication scheme’. Comput. Commun. 34(3):305–309, 2011.CrossRef
19.
Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. In: Proceedings of Advances in Cryptology–CRYPTO’99, LNCS. Vol. 1666, pages 388–397, 1999.
20.
Lee, T.-F., and Liu, C.-M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3), 2013.
21.
Madhusudhan, R., and Mittal, R. C., Dynamic ID-based remote user password authentication schemes using smart cards: A review. J. Netw. Comput. Appl. 35(4):1235–1248, 2012.CrossRef
22.
Manuel, S., Classification and generation of disturbance vectors for collision attacks against SHA-1. Des. Codes Crypt. 59(1–3):247–263, 2011.MathSciNetCrossRefMATH
23.
Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.MathSciNetCrossRef
24.
Rivest, R. L., Shamir, A., and Adleman, L. M., A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21:120–126, 1978.MathSciNetCrossRefMATH
25.
Sarkar, P., A simple and generic construction of authenticated encryption with associated data. ACM Trans. Inf. Syst. Secur. 13(4):33, 2010.CrossRef
26.
Stallings, W., Cryptography and Network Security: Principles and Practices, 3rd edn. Prentice Hall, Englewood Cliffs, 2003
27.
Secure Hash Standard. FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U. S. Department of Commerce, April 1995.
28.
29.
Wang, Y.-Y., Liu, J.-Y., Xiao, F.-X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009.CrossRef
30.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.CrossRef
31.
Wu, Z. Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y.-F., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRef
32.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.CrossRef
Metadaten
Titel
An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System
verfasst von
Ashok Kumar Das
Bezawada Bruhadeshwar
Publikationsdatum
01.10.2013
Verlag
Springer US
Erschienen in
Journal of Medical Systems / Ausgabe 5/2013
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-013-9969-9

Weitere Artikel der Ausgabe 5/2013

Journal of Medical Systems 5/2013 Zur Ausgabe

Original Paper

A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce

Original Paper

The Role of Privacy Protection in Healthcare Information Systems Adoption

Original Paper

The Secure Authorization Model for Healthcare Information System

Original Paper

A Secure RFID-based WBAN for Healthcare Applications

Original Paper

Two RFID Standard-based Security Protocols for Healthcare Environments

Original Paper

An Enhanced Mobile-Healthcare Emergency System Based on Extended Chaotic Maps