A Hash Based Remote User Authentication and Authenticated Key Agreement Scheme for the Integrated EPR Information System

To protect patient privacy and ensure authorized access to remote medical services, many remote user authentication schemes for the integrated electronic patient record (EPR) information system have been proposed in the literature. In a recent paper, Das proposed a hash based remote user authentication scheme using passwords and smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various passive and active attacks. However, in this paper, we found that Das’s authentication scheme is still vulnerable to modification and user duplication attacks. Thereafter we propose a secure and efficient authentication scheme for the integrated EPR information system based on lightweight hash function and bitwise exclusive-or (XOR) operations. The security proof and performance analysis show our new scheme is well-suited to adoption in remote medical healthcare services.

[1]  Jian Shen,et al.  A Novel Routing Protocol Providing Good Transmission Reliability in Underwater Sensor Networks , 2015 .

[2]  Jianfeng Ma,et al.  Mutual Authentication Scheme with Smart Cards and Password under Trusted Computing , 2012, Int. J. Netw. Secur..

[3]  Cheng-Chi Lee,et al.  A Secure Chaotic Maps and Smart Cards Based Password Authentication and Key Agreement Scheme with User Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[4]  Yu-Fang Chung,et al.  A Password-Based User Authentication Scheme for the Integrated EPR Information System , 2012, Journal of Medical Systems.

[5]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[6]  Jin Wang,et al.  A Variable Threshold-Value Authentication Architecture for Wireless Mesh Networks , 2014 .

[7]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[8]  Cheng-Chi Lee,et al.  A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System , 2015, Journal of Medical Systems.

[9]  Sherali Zeadally,et al.  Authentication protocol for an ambient assisted living system , 2015, IEEE Communications Magazine.

[10]  Tsung-Hung Lin,et al.  A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System , 2013, Journal of Medical Systems.

[11]  Tian-Fu Lee,et al.  An Efficient Chaotic Maps-Based Authentication and Key Agreement Scheme Using Smartcards for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[12]  Ashok Kumar Das A Secure and Robust Password-Based Remote User Authentication Scheme Using Smart Cards for the Integrated EPR Information System , 2015, Journal of Medical Systems.

[13]  Rajaram Ramasamy,et al.  An Efficient Password Authentication Scheme for Smart Card , 2012, Int. J. Netw. Secur..

[14]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[15]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[16]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[17]  Hung-Min Sun,et al.  Improvement of a novel mutual authentication scheme based on quadratic residues for RFID systems , 2008, 2009 Joint Conferences on Pervasive Computing (JCPC).

[18]  Jianfeng Ma,et al.  Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[19]  Fengtong Wen A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System , 2014, Journal of Medical Systems.

[20]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[21]  Qinghai Yang,et al.  A Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[22]  Cheng-Chi Lee,et al.  A novel user authentication and privacy preserving scheme with smart cards for wireless communications , 2012, Math. Comput. Model..

[23]  Cheng-Chi Lee,et al.  A Robust Remote User Authentication Scheme Using Smart Card , 2011, Inf. Technol. Control..

[24]  Cheng-Chi Lee,et al.  An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments , 2013 .

[25]  Naveen K. Chilamkurti,et al.  Lightweight ECC Based RFID Authentication Integrated with an ID Verifier Transfer Protocol , 2014, Journal of Medical Systems.

[26]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[27]  Chien-Hung Wu,et al.  Improvement of the RFID authentication scheme based on quadratic residues , 2011, Comput. Commun..

[28]  Chun-Ta Li,et al.  An extended chaotic maps-based keyword search scheme over encrypted data resist outside and inside keyword guessing attacks in cloud storage services , 2015 .

[29]  Yuanyuan Zhang,et al.  Cryptanalysis and Improvement of an Anonymous Authentication Protocol for Wireless Access Networks , 2013, Wireless Personal Communications.

[30]  Peilin Hong,et al.  Security improvement on an anonymous key agreement protocol based on chaotic maps , 2012 .

[31]  Min-Shiang Hwang,et al.  Group Rekeying in Wireless Sensor Networks: A Survey , 2014, Int. J. Netw. Secur..