Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende

Klimawandel und Gesundheit: Was Sie in der Hausarztpraxis wissen müssen und tun können

Die Folgen des Klimwandels haben einen direkten Einfluss auf die Primärversorgung in Deutschland: Hitzeschutz insbesondere bei älteren Patienten, die Zunahme von Infektionen und die Verlängerung der Allergiesesaison spielen medizinisch eine bedeutsame Rolle. Aber auch in der Prävention und der Aufklärung der Patienten kommt den Hausärztinnen und -ärzten eine besondere Rolle zu. Direkt aus der Praxis berichtet im Live-Webinar am 13. Mai von 18 bis 19 Uhr unser Experte Dr. med. Robin Maitra.
Erweiterte Suche
Anmelden
nach oben
Journal of Medical Systems
Erschienen in: Journal of Medical Systems 5/2014

01.05.2014 | SYSTEMS-LEVEL QUALITY IMPROVEMENT

On the Security of Two Remote User Authentication Schemes for Telecare Medical Information Systems

verfasst von: Kee-Won Kim, Jae-Dong Lee

Erschienen in: Journal of Medical Systems | Ausgabe 5/2014

Einloggen, um Zugang zu erhalten

Abstract

The telecare medical information systems (TMISs) support convenient and rapid health-care services. A secure and efficient authentication scheme for TMIS provides safeguarding patients’ electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Kumari et al. proposed a password based user authentication scheme using smart cards for TMIS, and claimed that the proposed scheme could resist various malicious attacks. However, we point out that their scheme is still vulnerable to lost smart card and cannot provide forward secrecy. Subsequently, Das and Goswami proposed a secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. They simulated their scheme for the formal security verification using the widely-accepted automated validation of Internet security protocols and applications (AVISPA) tool to ensure that their scheme is secure against passive and active attacks. However, we show that their scheme is still vulnerable to smart card loss attacks and cannot provide forward secrecy property. The proposed cryptanalysis discourages any use ofthe two schemes under investigation in practice and reveals some subtleties and challenges in designing this type of schemes.
Literatur
1.
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 2000. doi:10.​1023/​A:​1005549330655.
2.
3.
4.
Tsai, J.- L, Wu, T.- C, Tsai, K.- Y, New dynamic I D authentication scheme using smart cards. Int. J. Commun. Syst. 2010. doi:10.​1002/​dac.​1118.
5.
Khan, M. K., Kim, S. K., Alghathbar, K., Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic id-based remote user authentication scheme’. Comput. Commun. 2010. doi:10.​1016/​j.​comcom.​2010.​02.​011.
6.
Chen, H. M., Lo, J. W., Yeh, C. K., An efficient secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 2012. doi:10.​1007/​s10916-012-9862-y.
7.
Ma, C.- G, Wang, D., Zhao, S.- D., Security flaws in two improved remote user authentication schemes using smart cards. Int. J. Commun. Syst. 2012. doi:10.​1002/​dac.​2468.
8.
9.
Kumari, S., and Khan, M. K., Cryptanalysis and improvement of ‘a robust smart-card-based remote user password authentication scheme. Int. J. Commun. Syst. 2013. doi:10.​1002/​dac.​2590.
10.
Jiang, Q., Ma, J., Li, G., Li, X., Improvement of robust smart-card-based password authentication scheme. Int. J. Commun. Syst. 2013. doi:10.​1002/​dac.​2644.
11.
Li, X., Niu, J., Liao, J., Liang, W., Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 2013. doi:10.​1002/​dac.​2676.
12.
Kumari, S., Khan, M. K., Kumar, R., Cryptanalysis and improvement of ‘a privacy enhanced scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.​1007/​s10916-013-9952-5.
13.
14.
15.
Li, X., Niu, J.- W, Ma, J., Wang, W.- D, Liu, C.- L., Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 2011. doi:10.​1016/​j.​jnca.​2010.​09.​003.
16.
Chang, Y.- F, Yu, S.- H, Shiao, D.- R., An uniqueness-and -anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 2013. doi:10.​1007/​s10916-012-9902-7.
17.
Das, A. K., and Goswami A., A secure efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 2013. doi:10.​1007/​s10916-013-9948-1.
18.
Islam, S., and Biswas, G., A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Software. 2011. doi:10.​1016/​j.​jss.​2011.​06.​061.
19.
Bellare, M., Pointcheval, D., Rogaway, P., Authenticated key exchange secure against dictionary attacks. EUROCRYPT 2000. In: Lecture Notes in Computer Science, 2000. doi:10.​1007/​3-540-45539-6_​11.
20.
21.
22.
Dworkin, M., Recommendation for Block Cipher Modes of Operation: Methods and Techniques. NIST Special Publication 800-38A, 2001.
23.
24.
25.
Krawczyk, H., HMQV: A high-performance secure Diffie-Hellman protocol. Crypto2005. In: Lecture Notes in Computer Science, 2005. doi:10.​1007/​11535218_​33.
26.
ANSI, 2001 ANSI X9.63, Public key cryptography for the financial services industry: Key agreement and key transport using Elliptic Curve cryptography, ANSI, 2001.
27.
28.
29.
30.
Giridhar, A., and Kumar, P., Distributed clock synchronization over wireless networks: algorithms and analysis. In: Proceedings of the 45th IEEE Conference on Decision and Control pp. 4915–4920, 2006. doi:10.​1109/​CDC.​2006.​377325.
31.
32.
Han, J., and Jeong, D., A practical implementation of ieee 1588-2008 transparent clock for distributed measurement and control systems. IEEE Trans. Actions Instrum. Meas. 2010. doi:10.​1109/​TIM.​2009.​2024371.
33.
Baldoni, R., Corsaro, A., Querzoni, L., Scipioni, S., Piergiovanni, S., Coupling-based internal clock synchronization for large-scale dynamic distributed systems. IEEE Trans. Parallel Distrib. Syst. 2010. doi:10.​1109/​TPDS.​2009.​111.
34.
Metadaten
Titel
On the Security of Two Remote User Authentication Schemes for Telecare Medical Information Systems
verfasst von
Kee-Won Kim
Jae-Dong Lee
Publikationsdatum
01.05.2014
Verlag
Springer US
Erschienen in
Journal of Medical Systems / Ausgabe 5/2014
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-014-0017-1

Weitere Artikel der Ausgabe 5/2014

Journal of Medical Systems 5/2014 Zur Ausgabe

MOBILE SYSTEMS

Security Enhancement of a Biometric based Authentication Scheme for Telecare Medicine Information Systems with Nonce

Patient Facing Systems

A Broadcast-Based Key Agreement Scheme Using Set Reconciliation for Wireless Body Area Networks

Systems-Level Quality Improvement

A Secure RFID Authentication Protocol for Healthcare Environments Using Elliptic Curve Cryptosystem

Patient Facing Systems

An Efficient RFID Authentication Protocol to Enhance Patient Medication Safety Using Elliptic Curve Cryptography

TRANSACTIONAL PROCESSING SYSTEMS

Classification of Normal and Diseased Liver Shapes based on Spherical Harmonics Coefficients

Systems-Level Quality Improvement

The effect of electronic medical record application on the length of stay in a Chinese general hospital: a department- and disease-focused interrupted time-series study