Top

Published in:

01-08-2012 | Original Paper

Strong Authentication Scheme for Telecare Medicine Information Systems

Authors: Qiong Pu, Jian Wang, Rongyong Zhao

Published in: Journal of Medical Systems | Issue 4/2012

Abstract

The telecare medicine information system enables or supports health-care delivery services. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. In this paper, we propose a generic construction of smart-card-based password authentication protocol and prove its security. The proposed framework is superior to previous schemes in three following aspects : (1) our scheme is a true two-factor authentication scheme. (2) our scheme can yield a forward secure two-factor authentication scheme with user anonymity when appropriately instantiated. (3) our scheme utilizes each user’s unique identity to accomplish the user authentication and does not need to store or verify others’s certificates. And yet, our scheme is still reasonably efficient and can yield such a concrete scheme that is even more efficient than previous schemes. Therefore the end result is more practical for the telecare medicine system.

Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee H.-C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2010. doi:10.1007/s10916-010-9614-9.

Hankerson, D., Menezes, A., Vanstone S. guide to elliptic curve cryptography. Springer-Verlag, New York, USA, 2004.

Koblitz, N., Elliptic curve cryptosystem. Mathematics of Computation, 48:203–209, 1987.MathSciNetMATHCrossRef

Juang, W.-S., Wu, J.-L., An efficient two-factor authenticated key exchange protocol based on elliptic curve cryptosystems. In Proc. of The 11th information management and implementation conference (IMI’05), pp. 299–306, 2005.

Lee, N.-Y., Wu, C.-N., Wang, C.-C., Authenticated multiple key exchange protocols based on elliptic curves and bilinear pairings. Computers & Electrical Engineering, 34(1):12–20, 2008.MATHCrossRef

Schroeppel, R., Orman, H., OMalley, S., Spatscheck, O., Fast key exchange with elliptic curve systems. In Proc. of Advances in Cryptology, CRYPTO’95, pp. 43–56, 1995.

Yang, J.-H., Chang, C.-C., An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers and Security, 28:138–143, 2009.CrossRef

He, D., Chen, J., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2010. doi:10.1007/s10916-011-9658-5.

He, D., Chen, J., Hu, J., An ID-based client authentication with key agreement protocol for mobile clientCserver environment on ECC with provable security. Informat. Fusion, 2011. doi:10.1016/j.infus.2011.01.001.

10.

Wang, R.-C., Juang, W.-S., Lei, C.-L., Provably secure and efficient identification and key agreement protocol with user anonymity. Journal of Computer and System Sciences, 2010. doi:10.1016/j.jcss.2010.07.004.

11.

Lee, W.-B., Chang, C.-C., User identification and key distribution maintaining anonymity for distributed computer network. Comput. Syst. Sci. Engrg., 15 (4):113–116, 2000.MathSciNet

12.

Wu,T.-S., Hsu, C.-L., Efficient user identification protocol with key distribution preserving anonymity for distributed computer networks. Computers & Security, 23(2):120–125, 2004.CrossRef

13.

Yang, Y., Wang, S., Bao, F., Wang, J., Deng, D.H., New efficient user identification and key distribution protocol providing enhanced security. Computers & Security, 23 (8):697–704, 2005.CrossRef

14.

Mangipudi, K., Katti, R., A secure identification and key agreement protocol with user anonymity (SIKA). Computers & Security, 25(6):420–425, 2006.CrossRef

15.

Yang, G., Wonga, D.S., Wang H., Deng X., Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74(7):1160–1172, 2008.MathSciNetMATHCrossRef

16.

Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In Proceedings of advances in cryptology (CRYPTO 1999), 388–397, 1999.

17.

Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart card security under the threat of power analysis attacks. IEEE Trans. on Computers, 51(5):541–552, 2002.MathSciNetCrossRef

18.

Quisquater, J.-J., Side channel attacks—State-of-the-art. Technical report. Available at: http://www.ipa.go.jp/security/enc/CRYPTREC/fy15/doc/1047_Side_Channel_report.pdf.

19.

Bresson, E., Chevassut, O., Pointcheval, D., Security proofs for an efficient password-based key exchange. In Proc. of ACM CCS’03, pp. 241–250, ACM Press, Oct. 2003.

20.

Bresson, E., Chevassut, O., Pointcheval, D., New security results on encrypted key exchange. In Proc. of PKC 2004, LNCS 2947, pp. 145–158, Springer-Verlag, Mar. 2004.

21.

Wu, S.H., Zhu, Y.F., Practical encrypted key agreement using passwords. Wuhun University Journal of Natural Sciences, 11(6):1625–1628, Nov. 2006MathSciNetMATHCrossRef

22.

Abdalla, M., and Pointcheval, D., Simple Password-Based Encrypted Key Exchange Protocols. In Proc. of CT-RSA’2005, LNCS 3376, pp. 191–208, Springer-Verlag.

23.

Abdalla, M., Chevassut, O., and Pointcheval, D., One-time verifier-based encrypted key exchange. In Proc. of the 8th international workshop on theory and practice in public key (PKC ’05), LNCS 3386, pp. 47–64. Springer-Verlag, 2005.

24.

Advanced Encryption Standard, http://www.csrc.nist.gov/archieve/aes/.

25.

Wu, S.H., and Zhu, Y.F., Proof of Forward Security for Password-Based Authenticated Key Exchange. International Journal of Network Security, 7(3):335–341, Nov. 2008

26.

Wong, D.S., Fuentes, H.H., Chan, A.H., The performance measurement of cryptographic primitives on palm devices. In Proc. of the 17th annual computer security applications conference (ACSAC 2001), pp. 92–101, 2001.

27.

Argyroudis, P.G., Verma, R.,Tewari, H., OMahony, D., Performance analysis of cryptographic protocols on handheld devices. In Proc. of the 3rd IEEE international symposium on network computing and applications (NCA 2004), pp. 169–174, 2004.

28.

Passing, M., Dressler, F., Experimental performance evaluation of cryptographic algorithms. In Proc. of the 3rd IEEE international conference on mobile adhoc and sensor systems (MASS), pp. 882–887, 2006.

29.

Passing, M., Dressler, F., Practical evaluation of the performance impact of security mechanisms in sensor networks. In Proc. of the 31st IEEE conference on local computer networks, pp. 623–629, 2006.

30.

Doomun, M.R., Soyjaudah, K.S.,Bundhoo, D., Energy consumption and computational analysis of Rijndael-AES. In Proc. of the third IEEE international conference in central asia on internet the next generation of mobile, wireless and optical communications Networks (ICI 2007), pp. 1–6, 2007.

31.

Potlapally, N.R., Ravi, S., Raghunathan, A., Jha, N.K., A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing, 5(2):128–143, 2006.CrossRef

32.

Choo, K.-K. R., Boyd, C., and Hitchcock, Y., The importance of proofs of security for key establishment protocols: formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, & Yeh-Sun Protocols. Computer Communications, 29:2788–2797, 2006.CrossRef

33.

Chung, H.-R., Ku. W.-C., Three weaknesses in a simple three-party key exchange protocol. Information Science, 178:220–229, 2008.MathSciNetMATHCrossRef

34.

Guo, H., Li, Z., Mu, Y., Zhang, X., Cryptanalysis of simple three-party key exchange protocol. Computers and Security, 27:16–21, 2008.CrossRef

35.

Phan, R. C. -W., Yau, W.-C.,Goi, B.-M., Cryptanalysis of simple three-party key exchange protocol (S-3PAKE). Information Science, 178: 2849–2856, 2008.MathSciNetMATHCrossRef

36.

Kim, H.-S., Choi, J.-Y., Enhanced password-based simple three-party key exchange protocol. Computers and Electrical Engineering, 35:107–114, 2009.MATHCrossRef

37.

Nam, J., Infringing and improving password security of a three-party key exchange protocol. Available at http://eprint.iacr.org/2008/065/.

38.

Bellare, M., and Rogaway, P., Provably secure session key distribution — the three party case. In Proc. of 28th annual ACM symposium on theory of computing, pp. 57–66, ACM Press, 1996.

39.

Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P., Universally composable password-based key exchange. In Proc. of EUROCRYPT 2005, LNCS 3494, pp. 404–421. Available at http://eprint.iacr.org/2005/196.pdf.

Title: Strong Authentication Scheme for Telecare Medicine Information Systems
Authors: Qiong Pu
Jian Wang
Rongyong Zhao
Publication date: 01-08-2012
Publisher: Springer US
Published in: Journal of Medical Systems / Issue 4/2012
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-011-9735-9

Keynote webinar | Spotlight on medication adherence

Springer Medicine

Strong Authentication Scheme for Telecare Medicine Information Systems

Abstract

Keynote webinar | Spotlight on medication adherence

Springer Medicine

Abstract

Please log in to get access to this content

Other articles of this Issue 4/2012

Ontology-Based Clinical Pathways with Semantic Rules

Mammographic Image Based Breast Tissue Classification with Kernel Self-optimized Fisher Discriminant for Breast Cancer Diagnosis

Evaluation of the Medical Records System in an Upcoming Teaching Hospital—A Project for Improvisation

Early Warning System for Financially Distressed Hospitals Via Data Mining Application

A Non-Repudiated and Traceable Authorization System Based on Electronic Health Insurance Cards

Intelligent Personal Health Record: Experience and Open Issues