On the Security of A Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems

Telecare medical information systems (TMISs) are increasingly popular technologies for healthcare applications. Using TMISs, physicians and caregivers can monitor the vital signs of patients remotely. Since the database of TMISs stores patients’ electronic medical records (EMRs), only authorized users should be granted the access to this information for the privacy concern. To keep the user anonymity, recently, Chen et al. proposed a dynamic ID-based authentication scheme for telecare medical information system. They claimed that their scheme is more secure and robust for use in a TMIS. However, we will demonstrate that their scheme fails to satisfy the user anonymity due to the dictionary attacks. It is also possible to derive a user password in case of smart card loss attacks. Additionally, an improved scheme eliminating these weaknesses is also presented.

[1]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[2]  Xinsong Liu,et al.  Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme , 2012, Int. J. Commun. Syst..

[3]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[4]  Chin-Laung Lei,et al.  Robust authentication and key agreement scheme preserving the privacy of secret key , 2011, Comput. Commun..

[5]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[6]  Amit K. Awasthi Comment on A dynamic ID-based Remote User Authentication Scheme , 2004, ArXiv.

[7]  Hung-Min Sun,et al.  Attacks and Solutions on Strong-Password Authentication , 2001 .

[8]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[9]  Hirohito Inagaki,et al.  A Password Authentication Method for Contents Communications on the Internet , 1998 .

[10]  Eun-Jun Yoon,et al.  A user friendly authentication scheme with anonymity for wireless communications , 2011, Comput. Electr. Eng..

[11]  Chun Chen,et al.  Lightweight and provably secure user authentication with anonymity for the global mobility network , 2011, Int. J. Commun. Syst..

[12]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[13]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[14]  Cheng-Chi Lee,et al.  Security enhancement for a dynamic ID-based remote user authentication scheme , 2005, International Conference on Next Generation Web Services Practices (NWeSP'05).

[15]  Wei-Chi Ku,et al.  Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Commun..

[16]  Juan Qu,et al.  An Improved Dynamic ID-Based Remote User Authentication with Key Agreement Scheme , 2013, J. Electr. Comput. Eng..

[17]  Zhian Zhu,et al.  An Efficient Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[18]  Akihiro Shimizu,et al.  A dynamic password authentication method using a one-way function , 1991, Systems and Computers in Japan.

[19]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[20]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[21]  Yuefei Zhu,et al.  Robust smart-cards-based user authentication scheme with user anonymity , 2012, Secur. Commun. Networks.

[22]  Eun-Jun Yoon,et al.  Improving the Dynamic ID-Based Remote Mutual Authentication Scheme , 2006, OTM Workshops.

[23]  Wen-Shenq Juang,et al.  Two efficient two-factor authenticated key exchange protocols in public wireless LANs , 2009, Comput. Electr. Eng..

[24]  Xuelei Li,et al.  An improved dynamic ID-based remote user authentication with key agreement scheme , 2012, Comput. Electr. Eng..

[25]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[26]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[27]  Mohammed Misbahuddin,et al.  Cryptanalysis of Liao-Lee-Hwang's Dynamic ID Scheme , 2008, Int. J. Netw. Secur..

[28]  Zhenfu Cao,et al.  An efficient anonymous authentication mechanism for delay tolerant networks , 2010, Comput. Electr. Eng..

[29]  Jia-Lun Tsai,et al.  New dynamic ID authentication scheme using smart cards , 2010, Int. J. Commun. Syst..