An improved authenticated key agreement protocol for telecare medicine information system

In telecare medicine information systems (TMIS), identity authentication of patients plays an important role and has been widely studied in the research field. Generally, it is realized by an authenticated key agreement protocol, and many such protocols were proposed in the literature. Recently, Zhang et al. pointed out that Islam et al.’s protocol suffers from the following security weaknesses: (1) Any legal but malicious patient can reveal other user’s identity; (2) An attacker can launch off-line password guessing attack and the impersonation attack if the patient’s identity is compromised. Zhang et al. also proposed an improved authenticated key agreement scheme with privacy protection for TMIS. However, in this paper, we point out that Zhang et al.’s scheme cannot resist off-line password guessing attack, and it fails to provide the revocation of lost/stolen smartcard. In order to overcome these weaknesses, we propose an improved protocol, the security and authentication of which can be proven using applied pi calculus based formal verification tool ProVerif.

[1]  Muhammad Khurram Khan,et al.  Security Enhancement of a Biometric based Authentication Scheme for Telecare Medicine Information Systems with Nonce , 2014, Journal of Medical Systems.

[2]  Amit K. Awasthi,et al.  A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce , 2013, Journal of Medical Systems.

[3]  Yu-Fang Chung,et al.  A Password-Based User Authentication Scheme for the Integrated EPR Information System , 2012, Journal of Medical Systems.

[4]  Abdul Hanan Abdullah,et al.  Smart Environment as a Service: Three Factor Cloud Based User Authentication for Telecare Medical Information System , 2013, Journal of Medical Systems.

[5]  Tugrul Yanik,et al.  A Survey of SIP Authentication and Key Agreement Schemes , 2014, IEEE Communications Surveys & Tutorials.

[6]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[7]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[8]  Sk Hafizul Islam,et al.  Cryptanalysis and improvement of a password-based user authentication scheme for the integrated EPR information system , 2015, J. King Saud Univ. Comput. Inf. Sci..

[9]  Jian Wang,et al.  Strong Authentication Scheme for Telecare Medicine Information Systems , 2011, Journal of Medical Systems.

[10]  Zhian Zhu,et al.  An Efficient Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[11]  Liping Zhang,et al.  Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems , 2015, Journal of Medical Systems.

[12]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[13]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[14]  Bruno Blanchet,et al.  Models and Proofs of Protocol Security: A Progress Report , 2009, CAV.

[15]  Amit K. Awasthi,et al.  RFID Authentication Protocol to Enhance Patient Medication Safety , 2013, Journal of Medical Systems.

[16]  Jianfeng Ma,et al.  An novel three-party authenticated key exchange protocol using one-time key , 2013, J. Netw. Comput. Appl..

[17]  Rui Zhang,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[18]  Xin Xu,et al.  A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[19]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[20]  Fahad Bin Muhaya,et al.  Cryptanalysis and security enhancement of Zhu's authentication scheme for Telecare medicine information system , 2015, Secur. Commun. Networks.

[21]  Ting Wu,et al.  Improvement of a Uniqueness-and-Anonymity-Preserving User Authentication Scheme for Connected Health Care , 2014, Journal of Medical Systems.

[22]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[23]  Jun Zhang,et al.  Robust Anonymous Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[24]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[25]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[26]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[27]  Jianfeng Ma,et al.  A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[28]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[29]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[30]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[31]  Luciano Lavagno,et al.  Online Authentication and Key Establishment Scheme for Heterogeneous Sensor Networks , 2014, Int. J. Distributed Sens. Networks.

[32]  Minh-Triet Tran,et al.  Robust Biometrics-Based Remote User Authentication Scheme Using Smart Cards , 2012, 2012 15th International Conference on Network-Based Information Systems.

[33]  Fengtong Wen,et al.  A Robust Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[34]  Li Miao,et al.  Health Information Technology Adoption in U.S. Acute Care Hospitals , 2013, Journal of Medical Systems.