Improvement of SPEKE Protocol Using ECC and HMAC for Applications in Telecare Medicine Information Systems

To ensure patient’s privacy and protect data exchanged in Telecare Medicine Information Systems (TMIS), several authenticated key agreement schemes were proposed. In this paper, we propose an elliptic curve instantiation of Abdalla and Pointcheval’s Simple Password-Based Encrypted Key Exchange Protocol (SPEKE) including an additional key confirmation step. The proposal is based on short passwords without requiring a complex (PKI). So, it is more suitable to authenticate medical devices and secure medical data exchanged through (RFID) technology, or to ensure remote authenticated key exchanges between patients and servers in TMIS. In addition, we discuss the different security aspects of the proposed protocol, including resistance against side channel attacks in real-world implementations.

[1]  Marc Joye,et al.  Highly Regular Right-to-Left Algorithms for Scalar Multiplication , 2007, CHES.

[2]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[3]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[4]  Xin Xu,et al.  A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[5]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[6]  Hua Fang,et al.  iMStrong: Deployment of a Biosensor System to Detect Cocaine Use , 2015, Journal of Medical Systems.

[7]  Jean-Charles Faugère,et al.  Improving the Complexity of Index Calculus Algorithms in Elliptic Curves over Binary Fields , 2012, EUROCRYPT.

[8]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[9]  John M. Pollard,et al.  Kangaroos, Monopoly and Discrete Logarithms , 2015, Journal of Cryptology.

[10]  Huilong Duan,et al.  Online Treatment Compliance Checking for Clinical Pathways , 2014, Journal of Medical Systems.

[11]  Denis Réal,et al.  Fault Attack on Elliptic Curve Montgomery Ladder Implementation , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[12]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[13]  R. C. Mittal,et al.  A Hash Based Mutual RFID Tag Authentication Protocol in Telecare Medicine Information System , 2014, Journal of Medical Systems.

[14]  Fengtong Wen,et al.  An Improved Anonymous Authentication Scheme for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[15]  Louis Goubin,et al.  A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[16]  Fan Wu,et al.  Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care , 2015, Journal of Medical Systems.

[17]  Benedikt Heinz,et al.  Localized Electromagnetic Analysis of Cryptographic Implementations , 2012, CT-RSA.

[18]  Liping Zhang,et al.  Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems , 2015, Journal of Medical Systems.

[19]  Hisayoshi Sato,et al.  Exact Analysis of Montgomery Multiplication , 2004, INDOCRYPT.

[20]  Nigel P. Smart,et al.  The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[21]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[22]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[23]  M. Anwar Hasan,et al.  Fault Attacks on Elliptic Curve Cryptosystems , 2012, Fault Analysis in Cryptography.

[24]  Igor A. Semaev,et al.  Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p , 1998, Math. Comput..

[25]  Elaine B. Barker,et al.  SP 800-131A. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths , 2011 .

[26]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[27]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1993, IEEE Trans. Inf. Theory.

[28]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[29]  Takakazu Satoh,et al.  Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves , 1998 .

[30]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .