Strong Authentication Scheme for Telecare Medicine Information Systems

The telecare medicine information system enables or supports health-care delivery services. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. In this paper, we propose a generic construction of smart-card-based password authentication protocol and prove its security. The proposed framework is superior to previous schemes in three following aspects : (1) our scheme is a true two-factor authentication scheme. (2) our scheme can yield a forward secure two-factor authentication scheme with user anonymity when appropriately instantiated. (3) our scheme utilizes each user’s unique identity to accomplish the user authentication and does not need to store or verify others’s certificates. And yet, our scheme is still reasonably efficient and can yield such a concrete scheme that is even more efficient than previous schemes. Therefore the end result is more practical for the telecare medicine system.

[1]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[2]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[3]  Falko Dressler,et al.  Practical Evaluation of the Performance Impact of Security Mechanisms in Sensor Networks , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[4]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[5]  Emmanuel Bresson,et al.  New Security Results on Encrypted Key Exchange , 2003, Public Key Cryptography.

[6]  Yuefei Zhu,et al.  Proof of Forward Security for Password-based Authenticated Key Exchange , 2008, Int. J. Netw. Secur..

[7]  Chien-Lung Hsu,et al.  Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks , 2004, Comput. Secur..

[8]  Brian A. Carter,et al.  Advanced Encryption Standard , 2007 .

[9]  Hitesh Tewari,et al.  Performance analysis of cryptographic protocols on handheld devices , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[10]  Olivier Chevassut,et al.  One-Time Verifier-Based Encrypted Key Exchange , 2005, Public Key Cryptography.

[11]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[12]  Zhoujun Li,et al.  Cryptanalysis of simple three-party key exchange protocol , 2008, Comput. Secur..

[13]  Jianhua Chen,et al.  An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security , 2012, Inf. Fusion.

[14]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[15]  Wu Shuhua,et al.  Practical encrypted key agreement using passwords , 2008, Wuhan University Journal of Natural Sciences.

[16]  YauWei-Chuen,et al.  Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) , 2008 .

[17]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[18]  Srivaths Ravi,et al.  A study of the energy consumption characteristics of cryptographic algorithms and security protocols , 2006, IEEE Transactions on Mobile Computing.

[19]  Duncan S. Wong,et al.  The performance measurement of cryptographic primitives on palm devices , 2001, Seventeenth Annual Computer Security Applications Conference.

[20]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[21]  Junghyun Nam Infringing and Improving Password Security of a Three-Party Key Exchange Protocol , 2008, IACR Cryptol. ePrint Arch..

[22]  Colin Boyd,et al.  The importance of proofs of security for key establishment protocols: Formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, and Yeh-Sun protocols , 2006, Comput. Commun..

[23]  Raphael C.-W. Phan,et al.  Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) , 2008, Inf. Sci..

[24]  Xiaotie Deng,et al.  Two-factor mutual authentication based on smart cards and passwords , 2008, J. Comput. Syst. Sci..

[25]  Rajendra S. Katti,et al.  A Secure Identification and Key agreement protocol with user Anonymity (SIKA) , 2006, Comput. Secur..

[26]  Falko Dressler,et al.  Experimental Performance Evaluation of Cryptographic Algorithms on Sensor Nodes , 2006, 2006 IEEE International Conference on Mobile Ad Hoc and Sensor Systems.

[27]  Chin-Laung Lei,et al.  Provably secure and efficient identification and key agreement protocol with user anonymity , 2011, J. Comput. Syst. Sci..

[28]  M.R. Doomun,et al.  Energy consumption and computational analysis of rijndael-AES , 2007, 2007 3rd IEEE/IFIP International Conference in Central Asia on Internet.

[29]  Yehuda Lindell,et al.  Universally Composable Password-Based Key Exchange , 2005, EUROCRYPT.

[30]  Jin-Young Choi,et al.  Enhanced password-based simple three-party key exchange protocol , 2009, Comput. Electr. Eng..

[31]  Wei-Chi Ku,et al.  Three weaknesses in a simple three-party key exchange protocol , 2008, Inf. Sci..

[32]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[33]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[34]  Hilarie K. Orman,et al.  Fast Key Exchange with Elliptic Curve Systems , 1995, CRYPTO.

[35]  Emmanuel Bresson,et al.  Security proofs for an efficient password-based key exchange , 2003, CCS '03.

[36]  Chien-Chih Wang,et al.  Authenticated multiple key exchange protocols based on elliptic curves and bilinear pairings , 2008, Comput. Electr. Eng..