Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende
Erweiterte Suche
Anmelden
nach oben
Journal of Medical Systems
Erschienen in: Journal of Medical Systems 5/2014

01.05.2014 | MOBILE SYSTEMS

A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System

verfasst von: Fengtong Wen

Erschienen in: Journal of Medical Systems | Ausgabe 5/2014

Einloggen, um Zugang zu erhalten

Abstract

Secure and efficient user mutual authentication is an essential task for integrated electronic patient record (EPR) information system. Recently, several authentication schemes have been proposed to meet this requirement. In a recent paper, Lee et al. proposed an efficient and secure password-based authentication scheme used smart cards for the integrated EPR information system. This scheme is believed to have many abilities to resist a range of network attacks. Especially, they claimed that their scheme could resist lost smart card attack. However, we reanalyze the security of Lee et al.’s scheme, and show that it fails to protect off-line password guessing attack if the secret information stored in the smart card is compromised. This also renders that their scheme is insecure against user impersonation attacks. Then, we propose a new user authentication scheme for integrated EPR information systems based on the quadratic residues. The new scheme not only resists a range of network attacks but also provides user anonymity. We show that our proposed scheme can provide stronger security.
Literatur
1.
Chang, Y.F., Lin, S.C., Chang, P.Y., A location-privacy-protected RFID authentication scheme. In: IEEE International Conference on Communications, pp. 1–4, 2011.
2.
Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic ID-based authentication scheme for Telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.CrossRef
3.
Chen, Y., Chou, J., Sun, H., A novel mutual-authentication scheme based on quadratic residues for RFID systems. Comput. Netw. 52(12):2373–2380, 2008.CrossRefMATH
4.
Cheng, Z.Y., Liu, Y., Chang, C.C., Liu, C.X., A novel biometric-based remote user authentication scheme using quadratic residues. Int. J. Inf. Electron. Eng. 3(4):419–422, 2013.
5.
He, D.B., Chen, J.H., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef
6.
Kumar, M., A new secure remote user authentication scheme with smart cards. Int. J. Netw. Secur. 11(2):88–93, 2010.
7.
Kocher, P.C., Jaffe, J., Jun, B., Differential power analysis. In: Proceedings of 19th International Advances in Cryptology, pp. 388-397, Santa Barbara, 1999.
8.
Lee, N.Y., and Chiu, Y.C., Improved remote authentication scheme with smart card. Comput. Stand. Interfaces 27(2):177–180, 2005.CrossRef
9.
Lee, S.W., Kim, H.S., Yoo, K.Y., Improvement of Chien et al.s remote user authentication scheme using smart cards. Comput. Stand. Interfaces 27(2):181–183, 2005.CrossRef
10.
Lee, T.F., Chang, I.P., Lin, T.H., Wang, C.C., A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system. J. Med. Syst. 37(3):9941, 2013. doi:10.​1007/​s10916-013-9941-8.CrossRef
11.
12.
Li, X., Qiu, W., Zheng, D., Chen, K., Li, J., Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 57(2):793–800, 2010.CrossRef
13.
Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRefMathSciNet
14.
Rosen, K., Elementary number theory and its applications. Reading.MA: Addison-Wesley, 1988.MATH
15.
Takeda, H., Matsumura, Y., Kuwata, S., Architecture for networked electronic patient record systems. Int. J. Med. Inform. 60(2):161–167, 2000.CrossRef
16.
Wang, B., and Li, Z.Q., A forward-secure user authentication scheme with smart cards. Int. J. Netw. Secur. 3(2):116–119, 2006.
17.
Wei, J., Hu, X., Liu, W.: An improved authentication scheme for telecare medicine information systems. In: Journal of Medical System, 36(6):3597–3604, 2012.CrossRef
18.
Wen, F.T., Susilo, W., Yang, G.M., A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. In: Wireless personal communicationx, 73(3):993–1004, 2013.CrossRef
19.
Wen, F.T., A robust uniqueness and anonymity preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(6):9980, 2013.CrossRef
20.
Wen, F.T., Susilo, W., Yang, G.M., A robust smart card-based anonymous user authentication protocol for wireless communications. In: Security and Communication Networks, 2013. doi:10.​1002/​sec.​816.
21.
Wu, Z.P., Chung, Y., Lai, F., Chen, T.S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.CrossRef
22.
Wu, S., Zhu, Y., Pu, Q., Robust smart-cards-based user authentication scheme with user anonymity. Secur. Commun. Netw. 5(2):236–248, 2012.CrossRef
23.
Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRef
24.
Xu, J., Zhu, W.T., Feng, D.G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.CrossRef
25.
Yang, G., Wong, D., Wang, H., Deng, X., Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74(7):1160–172, 2008.CrossRefMATHMathSciNet
26.
27.
Yeh, T.C., Wu, C.H., Tseng, Y.M., Improvement of the RFID authentication scheme based on quadratic residues. Comput. Commun. 34:337–341, 2011.CrossRef
28.
Youn, T., Park, Y., Lim, J., Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks. IEEE Commun. Lett. 13(7):471–473, 2009.CrossRef
29.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.CrossRef
Metadaten
Titel
A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System
verfasst von
Fengtong Wen
Publikationsdatum
01.05.2014
Verlag
Springer US
Erschienen in
Journal of Medical Systems / Ausgabe 5/2014
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-014-0042-0

Weitere Artikel der Ausgabe 5/2014

Journal of Medical Systems 5/2014 Zur Ausgabe

MOBILE SYSTEMS

Security Enhancement of a Biometric based Authentication Scheme for Telecare Medicine Information Systems with Nonce

Systems-Level Quality Improvement

A Secure RFID Authentication Protocol for Healthcare Environments Using Elliptic Curve Cryptosystem

Systems-Level Quality Improvement

Heart Motion Uncertainty Compensation Prediction Method for Robot Assisted Beating Heart Surgery – Master–slave Kalman Filters Approach

TRANSACTIONAL PROCESSING SYSTEMS

Classification of Normal and Diseased Liver Shapes based on Spherical Harmonics Coefficients

SYSTEMS-LEVEL QUALITY IMPROVEMENT

On the Security of Two Remote User Authentication Schemes for Telecare Medical Information Systems

Transactional Processing Systems

Secure Verifier-Based Three-Party Authentication Schemes without Server Public Keys for Data Exchange in Telecare Medicine Information Systems