nach oben

Journal of Medical Systems

Erschienen in:

01.06.2015 | Patient Facing Systems

Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems

verfasst von: Shehzad Ashraf Chaudhry, Husnain Naqvi, Taeshik Shon, Muhammad Sher, Mohammad Sabzinejad Farash

Erschienen in: Journal of Medical Systems | Ausgabe 6/2015

Einloggen, um Zugang zu erhalten

Abstract

Telecare medical information systems (TMIS) provides rapid and convenient health care services remotely. Efficient authentication is a prerequisite to guarantee the security and privacy of patients in TMIS. Authentication is used to verify the legality of the patients and TMIS server during remote access. Very recently Islam et al. (J. Med. Syst. 38(10):135, 2014) proposed a two factor authentication protocol for TMIS using elliptic curve cryptography (ECC) to improve Xu et al.’s (J. Med. Syst. 38(1):9994, 2014) protocol. They claimed their improved protocol to be efficient and provides all security requirements. However our analysis reveals that Islam et al.’s protocol suffers from user impersonation and server impersonation attacks. Furthermore we proposed an enhanced protocol. The proposed protocol while delivering all the virtues of Islam et al.’s protocol resists all known attacks.

Ch, S.A., uddin, N., Sher, M., Ghani, A., Naqvi, H., Irshad, A., An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimed. Tools Appl.,1–13, 2014. doi:10.1007/s11042-014-2283-9.

Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012. doi:10.1007/s10916-012-9862-y.CrossRef

Das, A., A secure and robust password-based remote user authentication scheme using smart cards for the integrated epr information system. J. Med. Syst. 39(3):25, 2015. doi:10.1007/s10916-015-0204-8.CrossRef

Debiao, H., Jianhua, C., Jin, H., An id-based client authentication with key agreement protocol for mobile client–server environment on ecc with provable security. Inf. Fusion 13(3):223–230, 2012.CrossRef

Debiao, H., Jianhua, C., Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012. doi:10.1007/s10916-011-9658-5.CrossRef

Diffie, W., and Hellman, M.E., New directions in cryptography. IEEE Trans. Inf. Theory 22(6):644–654, 1976.

Farash, M.S., and Attari, M.A., Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC. ISC Int. J. Inf. Secur. 5(1):18–43, 2013.

Farash, M.S., Attari, M.A., Atani, R.E., Jami, M., A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Comput. Electr. Eng. 39(2):530–541, 2013.CrossRef

Farash, M.S., An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int. J. Commun. Syst. 2014. doi:10.1002/dac.2879.

10.

Farash, M.S., Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw. Appl.,1–10, 2014. doi:10.1007/s12083-014-0315-x.

11.

Farash, M.S., and Attari, M.A., An efficient and provably secure three-party password-based authenticated key exchange protocol based on chebyshev chaotic maps. Nonlinear Dyn. 77(1–2):399–411, 2014.

12.

Farash, M.S., and Attari, M.A., An enhanced and secure threeparty password-based authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. Inf. Technol. Control 43(2):143–150, 2014.

13.

Farash, M.S., and Attari, M.A., A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J. Supercomputing, 1–17, 2014.

14.

Farash, M.S., and Attari, M.A., An efficient client-client password-based authentication scheme with provable security. J Supercomput. 2014. doi:10.1007/s11227-014-1273-z

15.

Giri, D., Maitra, T., Amin, R., Srivastava, P., An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1):145, 2014. doi:10.1007/s10916-014-0145-7.CrossRef

16.

He, D., An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings. Ad Hoc Netw. 10(6):1009–1016, 2012.CrossRef

17.

Irshad, A., Sher, M., Faisal, M.S., Ghani, A., Ul Hassan, M., Ch, S.A.: A secure authentication scheme for session initiation protocol by using ecc on the basis of the tang and liu scheme. Secur. Comm. Netw. (2013)

18.

Irshad, A., Sher, M., Rehman, E., Ch, S.A., Hassan, M.U., Ghani, A., A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl.,1–18, 2013.

19.

Islam, S., and Biswas, G., A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.

20.

Islam, S., and Khan, M., Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10):135, 2014. doi:10.1007/s10916-014-0135-9

21.

Jiang, Q., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):9897, 2013. doi:10.1007/s10916-012-9897-0.CrossRefMathSciNet

22.

Khan, M.K., Kim, S.K., Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2011. doi:10.1016/j.comcom.2010.02.011. Special Issue of Computer Communications on Information and Future Communication Security.

23.

Khan, M.K., and Kumari, S., Cryptanalysis and improvement of an efficient and secure dynamic id-based authentication scheme for telecare medical information systems? Secur. Commun. Netw. 7(2):399–408, 2014. doi:10.1002/sec.791

24.

Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology CRYPTO 99, pp. 388–397. Springer (1999)

25.

Kumari, S., Khan, M.K., Kumar, R., Cryptanalysis and improvement of a privacy enhanced scheme for telecare medical information systems. J. Med. Syst. 37(4):9952, 2013. doi:10.1007/s10916-013-9952-5.CrossRef

26.

Lee, C.C., Chen, C.L., Wu, C.Y., Huang, S.Y., An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dyn. 69(1–2):79–87, 2012.CrossRefMATHMathSciNet

27.

Liao, Y.P., and Wang, S.S., A new secure password authenticated key agreement scheme for sip using self-certified public keys on elliptic curves. Comput. Commun. 33 (3): 372–380 , 2010.CrossRef

28.

Liu, J., Zhang, Z., Chen, X., Kwak, K.S., Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Trans. Parallel Distrib. Syst. 25 (2): 332–342 , 2014.CrossRef

29.

Mehmood, Z., uddin, N., Ch, S.A., Nasar, W., Ghani, A.: An efficient key agreement with rekeying for secured body sensor networks. In: 2012 Second International Conference on Digital Information Processing and Communications (ICDIPC), pp. 164–167. IEEE (2012)

30.

Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552, 2002.CrossRefMathSciNet

31.

Chaudhry, S.A., Comment on ‘Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications’. IET Communications, pp. 1. doi:10.1049/iet-com.2014.1082.

32.

Ul Amin, N., Asad, M., Din, N., Ch, S.A.: An authenticated key agreement with rekeying for secured body sensor networks based on hybrid cryptosystem. In: 2012 9th IEEE International Conference on Networking, Sensing and Control (ICNSC), pp. 118–121. IEEE (2012)

33.

Wang, Z., Huo, Z., Shi, W., A dynamic identity based authentication scheme using chaotic maps for telecare medicine information systems. J. Med. Syst. 39(1):158, 2014. doi:10.1007/s10916-014-0158-2.CrossRef

34.

Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012. doi:10.1007/s10916-012-9835-1.CrossRef

35.

Wu, S., and Chen, K., An efficient key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 36(4):2325–2337, 2012.

36.

Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012. doi:10.1007/s10916-010-9614-9.CrossRef

37.

Xiang, T., Wong, K.W., Liao, X., On the security of a novel key agreement protocol based on chaotic maps. Chaos, Solitons & Fractals 40(2):672–675, 2009. doi:10.1016/j.chaos.2007.08.012.

38.

Xu, L., and Wu, F., Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J. Med. Syst. 39(2):10, 2015. doi:10.1007/s10916-014-0179-x

39.

Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., He, L., A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(1):1–7, 2014.

40.

Yang, H., Kim, H., Mtonga, K., An efficient privacy-preserving authentication scheme with adaptive key evolution in remote health monitoring system. Peer-to-Peer Netw. Appl.,1–11, 2014. doi:10.1007/s12083-014-0299-6.

41.

Yoon, E.J., Ryu, E.K., Yoo, K.Y., Attacks and solutions of Yang et al.’s protected password changing scheme. Informatica 16(2):285–294, 2005.MATHMathSciNet

42.

Zhang, L., Tang, S., Cai, Z., Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications. IET Communications 8(1):83–91, 2014.CrossRef

43.

Zhao, Z., An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. J. Med. Syst. 38(2):1–7, 2014.CrossRefMATH

44.

Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012. doi:10.1007/s10916-012-9856-9.CrossRef

Titel: Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems
verfasst von: Shehzad Ashraf Chaudhry
Husnain Naqvi
Taeshik Shon
Muhammad Sher
Mohammad Sabzinejad Farash
Publikationsdatum: 01.06.2015
Verlag: Springer US
Erschienen in: Journal of Medical Systems / Ausgabe 6/2015
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-015-0244-0

Springer Medizin

Abstract

Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten

Weitere Artikel der Ausgabe 6/2015

Optimization of Frequency Lowering Algorithms for Getting the Highest Speech Intelligibility Improvement by Hearing Loss Simulation

Validation of a Nurses’ Views on Electronic Medical Record Systems (EMR) Questionnaire in Turkish Health System

Real-Time Feedback for Improving Compliance to Hand Sanitization Among Healthcare Workers in an Open Layout ICU Using Radiofrequency Identification

A Hand Hygiene Compliance Check System: Brief Communication on a System to Improve Hand Hygiene Compliance in Hospitals and Reduce Infection

Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps

Compliance of Blood Donation Apps with Mobile OS Usability Guidelines