Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende

Live-Webinar "Chronische Unterbauch- und Viszeralschmerzen in der Praxis managen"

Das Thema chronische Unterbauch- und Viszeralschmerzen wird im Live-Webinar am 7. Mai von 17.30 bis 19 Uhr aus internistischer, gynäkologischer und psychologisch-neurowissenschaftlicher Perspektive beleuchtet. Besprochen werden krankheitsbedingte Ursachen, Mechanismen der kognitiven Schmerzmodulation sowie mögliche Therapieoptionen. Die Fortbildung ist mit 2 CME-Punkten zertifiziert. Melden Sie sich jetzt an!
Erweiterte Suche
Anmelden
nach oben
Journal of Medical Systems
Erschienen in: Journal of Medical Systems 3/2015

01.03.2015 | Mobile Systems

A Secure and Robust Password-Based Remote User Authentication Scheme Using Smart Cards for the Integrated EPR Information System

verfasst von: Ashok Kumar Das

Erschienen in: Journal of Medical Systems | Ausgabe 3/2015

Einloggen, um Zugang zu erhalten

Abstract

An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients’ information in details for them to make corrective decisions and clinical decisions in order to maintain and analyze patients’ health. In such system, the illegal access must be restricted and the information from theft during transmission over the insecure Internet must be prevented. Lee et al. proposed an efficient password-based remote user authentication scheme using smart card for the integrated EPR information system. Their scheme is very efficient due to usage of one-way hash function and bitwise exclusive-or (XOR) operations. However, in this paper, we show that though their scheme is very efficient, their scheme has three security weaknesses such as (1) it has design flaws in password change phase, (2) it fails to protect privileged insider attack and (3) it lacks the formal security verification. We also find that another recently proposed Wen’s scheme has the same security drawbacks as in Lee at al.’s scheme. In order to remedy these security weaknesses found in Lee et al.’s scheme and Wen’s scheme, we propose a secure and efficient password-based remote user authentication scheme using smart cards for the integrated EPR information system. We show that our scheme is also efficient as compared to Lee et al.’s scheme and Wen’s scheme as our scheme only uses one-way hash function and bitwise exclusive-or (XOR) operations. Through the security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks.
Literatur
1.
Aumasson, J.P., Henzen, L., Meier, W., Plasencia, M.N., Quark: A lightweight hash. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES 2010), LNCS, vol. 6225, pp. 1–15, 2010.
2.
3.
4.
Basin, D., Modersheim, S., OFMC, L. Vigano., A symbolic model checker for security protocols. Int. J. Inf. Secur. 4(3):181–208, 2005.CrossRef
5.
Chang, Y.-F., Yu, S.-H., Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(2):1–9, 2013.MATH
6.
Chatterjee, S., and Das, A.K., An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks. Secur. Commun. Netw., 2014. doi:10.​1002/​sec.​1140.
7.
Das, A.K, Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.CrossRef
8.
Das, A.K., A random key establishment scheme for multi-phase deployment in large-scale distributed sensor networks. Int. J. Inf. Secury. 11(3):189–211, 2012.CrossRef
9.
Das, A.K., A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Netw. Sci. 2(1-2):12–27, 2013.CrossRef
10.
Das, A.K., A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw. Appl., 2014. doi:10.​1007/​s12083-014-0324-9.
11.
Das, A.K., Chatterjee, S., Sing, J.K., A novel efficient access control scheme for large-scale distributed wireless sensor networks. Int. J. Found. Comput. Sci. 24(5):625–653, 2013.CrossRefMATHMathSciNet
12.
Das, A.K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.CrossRef
13.
Das, A.K., Massand, A., Patil, S., A novel proxy signature scheme based on user hierarchical access control policy. J. King Saud University - Comput. Inform. Sci. 25(2):219–228, 2013.CrossRef
14.
Das, M.L., Two-factor user authentication in wireless sensor networks. IEEE Trans. Wirel. Commun. 8(3):1086–1090, 2009.CrossRef
15.
16.
Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Proceedings of Advances in Cryptology - CRYPTO’99, LNCS, vol. 1666, pp. 388–397, 1999.
17.
Lee, T.-F., Chang, I.-P., Lin, T.-H., Wang, C.-C., A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system. J. Med. Syst. 37(3), 2013.
18.
Manuel, S., Classification and generation of disturbance vectors for collision attacks against SHA-1. Des. Codes Crypt. 59(1-3):247–263, 2011.CrossRefMATHMathSciNet
19.
Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRefMathSciNet
20.
Mishra, D., On the security flaws in id-based password authentication schemes for telecare medical information systems. J. Med. Syst. 39(1), 2014.
21.
Mishra, D., Das, A.K., Mukhopadhyay, S., A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card, 2014. doi:10.​1007/​s12083-014-0321-z.
22.
Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M.K., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Sys 38(5), 2014.
23.
Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Sys 38(10), 2014.
24.
Sarkar, P., A simple and generic construction of authenticated encryption with associated data. ACM Trans Inf. Syst. Secur. 13(4):33, 2010.CrossRef
25.
Stallings, W., Cryptography and network security: Principles and practices. 3 ed. Englewood Cliffs: Prentice Hall, 2003.
26.
Secure Hash Standard: Secure hash standard, FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce, April 1995 (1995)
27.
28.
Wen, F., A more secure anonymous user authentication scheme for the integrated EPR information system. J. Med. Syst. 38(5):42, 2014.CrossRef
29.
Wu, Z.Y., Chung, Y.-F., Lai, F., Chen, T.-S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.CrossRef
Metadaten
Titel
A Secure and Robust Password-Based Remote User Authentication Scheme Using Smart Cards for the Integrated EPR Information System
verfasst von
Ashok Kumar Das
Publikationsdatum
01.03.2015
Verlag
Springer US
Erschienen in
Journal of Medical Systems / Ausgabe 3/2015
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-015-0204-8

Weitere Artikel der Ausgabe 3/2015

Journal of Medical Systems 3/2015 Zur Ausgabe

Transactional Processing Systems

Design and Development of a Medical Big Data Processing System Based on Hadoop

Systems-Level Quality Improvement

A Fuzzy Probabilistic Method for Medical Diagnosis

Patient Facing Systems

Understanding Security Failures of Two Authentication and Key Agreement Schemes for Telecare Medicine Information Systems

Mobile Systems

A Wearable Wireless ECG Monitoring System With Dynamic Transmission Power Control for Long-Term Homecare

Systems-Level Quality Improvement

Automatic Lung Segmentation Using Control Feedback System: Morphology and Texture Paradigm

Systems-Level Quality Improvement

An Improved Biometrics-Based Authentication Scheme for Telecare Medical Information Systems