Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende
Erweiterte Suche
Anmelden
nach oben
Journal of Medical Systems
Erschienen in: Journal of Medical Systems 6/2013

01.12.2013 | Original Paper

Security Analysis of a Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems

verfasst von: Wei-Chuen Yau, Raphael C.-W. Phan

Erschienen in: Journal of Medical Systems | Ausgabe 6/2013

Einloggen, um Zugang zu erhalten

Abstract

Many authentication schemes have been proposed for telecare medicine information systems (TMIS) to ensure the privacy, integrity, and availability of patient records. These schemes are crucial for TMIS systems because otherwise patients’ medical records become susceptible to tampering thus hampering diagnosis or private medical conditions of patients could be disclosed to parties who do not have a right to access such information. Very recently, Hao et al. proposed a chaotic map-based authentication scheme for telecare medicine information systems in a recent issue of Journal of Medical Systems. They claimed that the authentication scheme can withstand various attacks and it is secure to be used in TMIS. In this paper, we show that this authentication scheme is vulnerable to key-compromise impersonation attacks, off-line password guessing attacks upon compromising of a smart card, and parallel session attacks. We also exploit weaknesses in the password change phase of the scheme to mount a denial-of-service attack. Our results show that this scheme cannot be used to provide security in a telecare medicine information system.
Literatur
1.
Bellare, M., Pointcheval, D., and Rogaway, P., Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (Ed.), EUROCRYPT, Lecture Notes in Computer Science, Vol. 1807, pp. 139–155. Springer, 2000.
2.
Bellare, M., and Rogaway, P., Entity authentication and key distribution. In: Stinson, D.R. (Ed.), CRYPTO, Lecture Notes in Computer Science. Vol. 773, pp. 232–249. Springer, 1993.
3.
Bellovin, S. M., and Merritt, M., Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proceedings of the IEEE Symposium on Research in Security and Privacy. pp. 72–84. Oakland, CA: IEEE Computer Society, 1992.
4.
Bergamo, P., D’Arco, P., De Santis, A., and Kocarev, L., Security of public-key cryptosystems based on Chebyshev polynomials. IEEE Trans. Circ. Syst I: Regular Pap. 52(7):1382–1393, 2005.CrossRef
5.
Blake-Wilson, S., and Menezes, A., Unknown key-share attacks on the station-to-station (STS) protocol. In: Public Key Cryptography, Lecture Notes in Computer Science. Vol. 1560, pp. 154–170. Berlin: Springer, 1999.
6.
Canetti, R., and Krawczyk, H., Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann B. (Ed.), EUROCRYPT, Lecture Notes in Computer Science. Vol. 2045, pp. 453–474. Springer, 2001.
7.
Chung, H. R., and Ku, W. C., Three weaknesses in a simple three-party key exchange protocol. Inf. Sci. 178(1):220–229, 2008.MathSciNetCrossRefMATH
8.
Diffie, W., Oorschot, P. C., and Wiener, M. J., Authentication and authenticated key exchanges. Des. Codes Crypt. 2:107–125, 1992.CrossRef
9.
Dojen, R., Jurcut, A., Coffey, T., and Györödi, C.: On establishing and fixing a parallel session attack in a security protocol. In: Badica, C., Mangioni, G., Carchiolo, V., Burdescu, D. D. (Eds.), IDC, Studies in Computational Intelligence. Vol. 162, pp. 239–244. Springer, 2008.
10.
Günther, C.G., An identity-based key-exchange protocol, In: Quisquater, J. J., and Vandewalle, J. (Eds.), EUROCRYPT, Lecture Notes in Computer Science. Vol. 434, pp. 29–37. Berlin: Springer, 1990.
11.
Guo, C., and Chang, C. C., Chaotic maps-based password authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6):1433–1440, 2013.MathSciNetCrossRef
12.
Hao, X., Wang, J., Yang, Q., Yan, X., and Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):1–7, 2013.
13.
He, D., Chen, J., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef
14.
He, D., and Wu, S., Security flaws in a smart card based authentication scheme for multi-server environment. Wirel. Pers. Commun. 70(1):323–329, 2013.CrossRef
15.
Hsu, C. L., Security of Chien et al.’s remote user authentication scheme using smart cards. Comput. Stand. Interfaces 26(3):167–169, 2004.CrossRef
16.
Just, M., and Vaudenay, S., Authenticated multi-party key agreement. In: Kim, K., and Matsumoto, T. (Eds.), ASIACRYPT, Lecture Notes in Computer Science. Vol. 1163, pp. 36–49. Springer, 1996.
17.
Kaliski, B. S. Jr., An unknown key-share attack on the MQV key agreement protocol. ACM Trans. Inf. Syst. Secur 4(3):275–288, 2001.CrossRef
18.
Kocher, P. C., Jaffe, J., and Jun, B., Differential power analysis. In: Wiener, M. J. (Ed.) , CRYPTO, Lecture Notes in Computer Science, Vol. 1666, pp. 388–397. Springer, 1999.
19.
Krawczyk, H., HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (Ed.) ,CRYPTO, Lecture Notes in Computer Science, Vol. 3621, pp. 546–566. Springer, 2005.
20.
Lee, T.F., and Liu, C.M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3):1–8, 2013.
21.
Lu, R., and Cao, Z., Simple three-party key exchange protocol. Comput. Secur. 26(1):94–97, 2007.CrossRef
22.
Menezes, A., van Oorschot, P.C., and Vanstone, S.A., Handbook of Applied Cryptography. Boca Raton, Florida: CRC Press, 1996.CrossRef
23.
Messerges, T.S., Dabbish, E.A., and Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.MathSciNetCrossRef
24.
Nam, J., Kim, S., Park, S., and Won, D., Security analysis of a nonce-based user authentication scheme using smart cards. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E90-A(1):299–302, 2007.CrossRef
25.
Nam, J., Paik, J., Kang, H.K., Kim, U.M., and Won, D., An off-line dictionary attack on a simple three-party key exchange protocol. IEEE Commun. Lett. 13(3):205–207, 2009.CrossRef
26.
Phan, R.C.W., Yau, W.C., Goi, B.M., Cryptanalysis of simple three-party key exchange protocol (S-3PAKE). Inf. Sci. 178(13):2849–2856, 2008.MathSciNetCrossRefMATH
27.
Stern, J., Why provable security matters? In: Biham, E. (Ed.) , EUROCRYPT, Lecture Notes in Computer Science. Vol. 2656, pp. 449–461. Springer, 2003.
28.
29.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.CrossRef
30.
Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRef
31.
Xu, J., Zhu, W.T., and Feng, D.G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.CrossRef
32.
Yau, W.C., Phan, R.C.W., Goi, B.M., and Heng, S.H., Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS ’09. In: Lin, D., Tsudik, G., Wang, X. (Eds.) , CANS, Lecture Notes in Computer Science. Vol. 7092, pp. 172–184. Springer, 2011.
33.
Zhang, L., Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons Fractals 37(3):669–674, 2008.MathSciNetCrossRefMATH
34.
Zhu, Z., An effcient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.CrossRef
Metadaten
Titel
Security Analysis of a Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems
verfasst von
Wei-Chuen Yau
Raphael C.-W. Phan
Publikationsdatum
01.12.2013
Verlag
Springer US
Erschienen in
Journal of Medical Systems / Ausgabe 6/2013
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-013-9993-9

Weitere Artikel der Ausgabe 6/2013

Journal of Medical Systems 6/2013 Zur Ausgabe

Original Paper

Understanding the Mediating Effects of Relationship Quality on Technology Acceptance: An Empirical Study of E-Appointment System

Original Paper

A Patient Privacy Protection Scheme for Medical Information System

Original Paper

Quality and Cost Improvement of Healthcare via Complementary Measurement and Diagnosis of Patient General Health Outcome Using Electronic Health Record Data: Research Rationale and Design

Original Paper

eHealth in Denmark: A Case Study

Original Paper

HL7 Engine Module for Healthcare Information Systems

Original Paper

RFID Authentication Protocol to Enhance Patient Medication Safety