Enabling Telecare Medical Information Systems With Strong Authentication and Anonymity

Telecare medical information system (TMIS) is highly desirable to users by allowing them to remotely access medical services or medical information and security, such as authentication and privacy preserving of users is challenging. Recently, some smart card-based password authentication (two-factor authentication) schemes have been proposed. In this paper, we use Chaudhry et al.’s scheme as a case study and demonstrate that a family of two-factor authentication schemes for the TMIS are not secure against offline dictionary attack and fail to revoke the stolen/lost smart card. Furthermore, an improved two-factor authentication scheme with anonymity has been proposed to remedy the weakness of these schemes. The security analysis of the proposed solution is formally given with the random oracle model and Burrows–Abadi–Needham logic.

[1]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[2]  Michael Scott,et al.  Implementing Cryptographic Pairings on Smartcards , 2006, CHES.

[3]  A Bourka,et al.  Multi-purpose HealthCare Telemedicine Systems with mobile communication link support , 2003, Biomedical engineering online.

[4]  Cheng-Chi Lee,et al.  A two-factor authentication scheme with anonymity for multi-server environments , 2015, Secur. Commun. Networks.

[5]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[6]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[7]  Ping Wang,et al.  Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks , 2014, Ad Hoc Networks.

[8]  Michael Scott Cryptanalysis of a recent two factor authentication scheme , 2012, IACR Cryptol. ePrint Arch..

[9]  Habib F. Rashvand,et al.  Ubiquitous wireless telemedicine , 2008, IET Commun..

[10]  Piotr J Durka,et al.  From wavelets to adaptive approximations: time-frequency parametrization of EEG , 2003, Biomedical engineering online.

[11]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[12]  Han-Yu Lin,et al.  Chaotic Map Based Mobile Dynamic ID Authenticated Key Agreement Scheme , 2014, Wirel. Pers. Commun..

[13]  Jianfeng Ma,et al.  A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[14]  Jianfeng Ma,et al.  Improvement of robust smart‐card‐based password authentication scheme , 2015, Int. J. Commun. Syst..

[15]  Alessandro Barenghi,et al.  Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.

[16]  Basant Kumar,et al.  Emerging mobile communication technologies for health , 2010, 2010 International Conference on Computer and Communication Technology (ICCCT).

[17]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[18]  Tae Hyun Kim,et al.  Side channel analysis attacks using AM demodulation on commercial smart cards with SEED , 2012, J. Syst. Softw..

[19]  Muhammad Khurram Khan,et al.  An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[20]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[21]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[22]  S. Gritzalis,et al.  Managing Medical and Insurance Information Through a Smart-Card-Based Information System , 2000, Journal of Medical Systems.

[23]  Ajinkya Kulkarni,et al.  Understanding identity exposure in pervasive computing environments , 2012, Pervasive Mob. Comput..

[24]  Jacques Demongeot,et al.  Health "Smart" home: information technology for patients at home. , 2002, Telemedicine journal and e-health : the official journal of the American Telemedicine Association.

[25]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[26]  Marios S. Pattichis,et al.  Wireless telemedicine systems: an overview , 2002 .

[27]  Zhian Zhu,et al.  An Efficient Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[28]  Liping Zhang,et al.  Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems , 2015, Journal of Medical Systems.

[29]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[30]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[31]  Ping Wang,et al.  Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity , 2015, Inf. Sci..

[32]  Ruhul Amin,et al.  A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity , 2015, Journal of Medical Systems.

[33]  Zhiheng Wang,et al.  A Dynamic Identity Based Authentication Scheme Using Chaotic Maps for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[34]  Debiao He,et al.  An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings , 2012, Ad Hoc Networks.

[35]  Robert S. H. Istepanian,et al.  Emerging mobile communication technologies for health: some imperative notes on m-health , 2003, Proceedings of the 25th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (IEEE Cat. No.03CH37439).

[36]  Yu-Fang Chung,et al.  A Password-Based User Authentication Scheme for the Integrated EPR Information System , 2012, Journal of Medical Systems.

[37]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’ , 2012, Journal of Medical Systems.

[38]  Changhoon Lee,et al.  Efficient three-party key exchange protocols with round efficiency , 2013, Telecommun. Syst..

[39]  Xin Xu,et al.  A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[40]  Ashok Kumar Das A Secure and Robust Password-Based Remote User Authentication Scheme Using Smart Cards for the Integrated EPR Information System , 2015, Journal of Medical Systems.

[41]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[42]  Qiaoyan Wen,et al.  An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network , 2012, Comput. Commun..

[43]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[44]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[45]  Tsung-Hung Lin,et al.  A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System , 2013, Journal of Medical Systems.

[46]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[47]  Jian Shen,et al.  An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks , 2016, J. Netw. Comput. Appl..

[48]  R. Istepanian,et al.  Mobile e-health: the unwired evolution of telemedicine. , 2003, Telemedicine journal and e-health : the official journal of the American Telemedicine Association.

[49]  Jianfeng Ma,et al.  On the Security of a Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services , 2018, IEEE Systems Journal.

[50]  Jianfeng Ma,et al.  Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy , 2016 .