Secure User Authentication and User Anonymity Scheme based on Quadratic Residues for the Integrated EPRIS

Abstract Remote user authentication has been widely used in the integrated electronic patient record information system (EPRIS) to protect the security and integrity of communication sessions between the login user and the medical server. Recently, Wen 17 presented the user authentication and user anonymity scheme based on the quadratic residues and claimed that his scheme is secure. However, we analyzed Wen's scheme and identified that Wen's scheme is vulnerable to password disclosure attack and does not provide efficiency in password change phase. As a result, in this paper, we propose an enhanced scheme for the integrated EPRIS with the aim to eliminate the weaknesses of Wen's scheme. By comparing the performance with other related schemes, our scheme not only resists several hard security attacks but also retains lower computational and communication costs.

[1]  Cheng-Chi Lee,et al.  A novel user authentication and privacy preserving scheme with smart cards for wireless communications , 2012, Math. Comput. Model..

[2]  Jianfeng Ma,et al.  Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[3]  Cheng-Chi Lee,et al.  An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments , 2013, Nonlinear Dynamics.

[4]  Qinghai Yang,et al.  A Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[5]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[6]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[7]  Chien-Hung Wu,et al.  Improvement of the RFID authentication scheme based on quadratic residues , 2011, Comput. Commun..

[8]  Chun-Ta Li,et al.  An extended chaotic maps-based keyword search scheme over encrypted data resist outside and inside keyword guessing attacks in cloud storage services , 2015 .

[9]  Fengtong Wen A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System , 2014, Journal of Medical Systems.

[10]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[11]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[12]  Jianfeng Ma,et al.  Mutual Authentication Scheme with Smart Cards and Password under Trusted Computing , 2012, Int. J. Netw. Secur..

[13]  Kenneth H. Rosen Elementary Number Theory: And Its Applications , 2010 .

[14]  Hung-Min Sun,et al.  Improvement of a novel mutual authentication scheme based on quadratic residues for RFID systems , 2008, 2009 Joint Conferences on Pervasive Computing (JCPC).

[15]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[16]  Tsung-Hung Lin,et al.  A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System , 2013, Journal of Medical Systems.

[17]  Cheng-Chi Lee,et al.  A Secure Chaotic Maps and Smart Cards Based Password Authentication and Key Agreement Scheme with User Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[18]  Cheng-Chi Lee,et al.  Towards secure and efficient user authentication scheme using smart card for multi-server environments , 2013, The Journal of Supercomputing.

[19]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.