Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende

Live-Webinar: Aktuelle Leitlinien bei Herz-Kreislauf-Erkrankungen

Konkret geht es um den Diabetes-Patienten mit kardiovaskulären Erkrankungen oder Risiken, die Herzinsuffizienz sowie die kardiovaskuläre Primär- und Sekundärprävention. Sind Sie hier schon auf dem neuesten Stand? Unsere Experten beleuchten, wo und warum das bisherige Procedere geändert werden soll und was in der Praxis sinnvoll ist. Holen Sie sich Ihr Update und 2 CME-Punkte beim MMW-Webinar am 24. April von 17.30 bis 19 Uhr
Erweiterte Suche
Anmelden
nach oben
Journal of Medical Systems
Erschienen in: Journal of Medical Systems 8/2015

01.08.2015 | Systems-Level Quality Improvement

On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems

verfasst von: Hamed Arshad, Vahid Teymoori, Morteza Nikooghadam, Hassan Abbassi

Erschienen in: Journal of Medical Systems | Ausgabe 8/2015

Einloggen, um Zugang zu erhalten

Abstract

Telecare medicine information systems (TMISs) aim to deliver appropriate healthcare services in an efficient and secure manner to patients. A secure mechanism for authentication and key agreement is required to provide proper security in these systems. Recently, Bin Muhaya demonstrated some security weaknesses of Zhu’s authentication and key agreement scheme and proposed a security enhanced authentication and key agreement scheme for TMISs. However, we show that Bin Muhaya’s scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned weaknesses, we propose a new two-factor anonymous authentication and key agreement scheme using the elliptic curve cryptosystem. Security and performance analyses demonstrate that the proposed scheme not only overcomes the weaknesses of Bin Muhaya’s scheme, but also is about 2.73 times faster than Bin Muhaya’s scheme.
Literatur
1.
Lin, T. H., and Lee, T. F., Secure verifier-based three-party authentication schemes without server public keys for data exchange in telecare medicine information systems. J. Med. Syst. 38(5):1–9, 2014.
2.
Arshad, H., and Nikooghadam, M., Three-Factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):1–12, 2014.CrossRef
3.
Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–8, 2013.CrossRef
4.
Wu, F., and Xu, L., Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst. 37(4):1–9, 2013.CrossRef
5.
Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10):1–10, 2014.CrossRef
6.
Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5): 1–11, 2014.CrossRef
7.
Kim, K. W., and Lee, J. D, On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 38(5):1–11, 2014.CrossRef
8.
Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M. K., Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):1–12, 2014.CrossRef
9.
Mishra, D., Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems. J. Med. Syst. 39(3):1–8, 2015.CrossRef
10.
Mishra, D., On the security flaws in id-based password authentication schemes for telecare medical information systems. J. Med. Syst. 39(1):1–16, 2015.CrossRef
11.
Mishra, D., A study on ID?based authentication schemes for telecare medical information system, arXiv:1311.​0151, 2013.
12.
He, D., Kumar, N., Chilamkurti, N., Lee, J. H., Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J. Med. Syst. 38(10):1–6, 2014.CrossRef
13.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.PubMedCrossRef
14.
He, D., Chen, j., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef
15.
Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.PubMedCrossRef
16.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012.PubMedCrossRef
17.
Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):1–12, 2013.CrossRef
18.
Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst., 2013. doi:10.​1007/​s10916-013-9933-8.
19.
Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.CrossRef
20.
Bin Muhaya, F. T., Cryptanalysis and security enhancement of Zhu’s authentication scheme for telecare medicine information system. Security and Communication Networks 8:149–158, 2015. doi:10.​1002/​sec.​967.CrossRef
21.
Arshad, H., and Nikooghadam, M., An efficient and secure authentication and key agreement scheme for session protocol using ECC. Multimedia Tools and Applications, 2014. doi:10.​1007/​s11042-014-2282-x.
22.
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. Proceedings of Advances in Cryptology, Vol. 1666, pp. 788–797, Santa Barbara (1999)
23.
Messerges, T. S., Dabbish, E. A., Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRef
24.
Wang, D., and Wang, P., Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw. 20:1–15, 2014.CrossRef
25.
Ma, C.-G., Wang, D., Zhao, S.-D., Security flaws in two improved remote user authentication schemes using smart cards. Int. J. Commun. Syst. 27:2215–2227, 2014. doi:10.​1002/​dac.​2468.CrossRef
26.
Klein, D. V. Foiling the cracker: a survey of, and improvements to, password security. In: Proceedings of the 2nd USENIX Security Workshop. Anaheim (1990)
27.
Bonneau, J. The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In: 33th IEEE Symposium on Security and Privacy (S&P 2012), IEEE Computer Society, pp. 538–552. San Francisco (2012)
28.
Islam, S. H., Design and analysis of an improved smartcard-based remote user password authentication scheme. Int. J. Commun. Syst., 2014. doi:10.​1002/​dac.​2793.
29.
Hankerson, D., Menezes, A., Vanstone, S., Guide to elliptic curve cryptography. New York: Springer, 2004.
30.
Von Ahn, L., Blum, M., Langford, J., Telling humans and computers apart automatically. Commun. ACM 47(2):56–60, 2004.CrossRef
31.
Jiang, Q., Ma, J., Li, G., Yang, l., An Efficient Ticket Based Authentication Protocol with unlinkability for wireless access networks. Wirel. Pers. Commun. 77(2):1489–1506, 2014.CrossRef
32.
Hsieh, W.-B., and Leu, J.-S., Anonymous authentication protocol based on elliptic curve DiffieHellman for wireless access networks. Wirel. Commun. Mob. Comput. 14:995–1006, 2014. doi:10.​1002/​wcm.​2252.CrossRef
33.
Vanstone, S. A., Elliptic curve cryptosystem-the answer to strong, fast public-key cryptography for securing constrained environments. Inf. Secur. Tech. Rep. 12:78–87, 1997.CrossRef
34.
Stallings, W., Cryptography and Network Security: Principles and Practice. 4th edition. Upper Saddle River: Prentice Hall, 2005.
Metadaten
Titel
On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems
verfasst von
Hamed Arshad
Vahid Teymoori
Morteza Nikooghadam
Hassan Abbassi
Publikationsdatum
01.08.2015
Verlag
Springer US
Erschienen in
Journal of Medical Systems / Ausgabe 8/2015
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-015-0259-6

Weitere Artikel der Ausgabe 8/2015

Journal of Medical Systems 8/2015 Zur Ausgabe

Erratum

Erratum to: Determinants of RFID Adoption in Malaysia’s Healthcare Industry: Occupational Level as a Moderator

Systems-Level Quality Improvement

Extraction of 3D Femur Neck Trabecular Bone Architecture from Clinical CT Images in Osteoporotic Evaluation: a Novel Framework

Patient Facing Systems

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity

Transactional Processing Systems

An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS

Systems-Level Quality Improvement

A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System

Patient Facing Systems

Evaluation Study for an ISO 13606 Archetype Based Medical Data Visualization Method