Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress
Clinical Collections
Advances in Alzheimer’s

Keynote webinar | Spotlight on medication adherence

LIVE: Thursday 27th June 2024, 18:00-19:30 (CEST)
Join our expert panel to discover why you need to understand the drivers of non-adherence in your patients, and how you can optimize medication adherence in your clinics to drastically improve patient outcomes.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 4/2013

01-08-2013 | Original Paper

An Authentication Scheme for Secure Access to Healthcare Services

Authors: Muhammad Khurram Khan, Saru Kumari

Published in: Journal of Medical Systems | Issue 4/2013

Login to get access

Abstract

Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.’s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.’s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.’s scheme stick with Zhu’s scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user’s stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.’s scheme lacks forward secrecy and Zhu’s scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.’s scheme and Zhu’s scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS.
Literature
1.
Elberg, P. B., Electronic patient records and innovation in health care services. Int. J. Med. Inform. 64(2–3):201–205, 2001.CrossRef
2.
Leiner, F., Gaus, W., Haux, R., and Knaup-Gregori, P., Medical data management-a practical guide. Springer, New York, 2003.
3.
Lovis, C., Baud, R. H., and Scherrer, R. H., Internet integrated in the daily medical practice within an electronic patient record. Comput. Biol. Med. 28(5):567–579, 1998.CrossRef
4.
Van’t Riet, A., Berg, M., Hiddema, F., and Sol, K., Meeting patients’ needs with patient information systems: Potential benefits of qualitative research methods. Int. J. Med. Inform. 64(1):1–14, 2001.CrossRef
5.
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.CrossRef
6.
7.
Dunlop, L., Electronic health records: Interoperability challenges and patient’s right for privacy. Shidler J. Comput. Technol. 3:16, 2007.
8.
9.
10.
11.
Witteman, M., Advances in smart card security. Inf. Secur. Bull. 7:11–22, 2002.
12.
Kocher P, Jaffe J, Jun B. (1999) Differential power analysis. Proceedings of Advances in Cryptology, Santa Barbara, CA, U.S.A., 388–397, 1999.
13.
Messerges, T. S., Dabbish, E. A., and Sloan, E. A., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.MathSciNetCrossRef
14.
Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012. doi:10.​1007/​s10916-012-9862-y.CrossRef
15.
Khan, M. K., Kim, S. K., and Alghathbar, K., Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.CrossRef
16.
Kumari, S., Gupta, M. K., and Kumar, M., Cryptanalysis and security enhancement of Chen et al’.s remote user authentication scheme using smart card. Cent. Eur. J. Comput. Sci. 2(1):60–75, 2012.CrossRef
17.
18.
Xu, J., Zhu, W. T., and Feng, D. G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.CrossRef
Metadata
Title
An Authentication Scheme for Secure Access to Healthcare Services
Authors
Muhammad Khurram Khan
Saru Kumari
Publication date
01-08-2013
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 4/2013
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-013-9954-3

Other articles of this Issue 4/2013

Journal of Medical Systems 4/2013 Go to the issue

Original Paper

A Novel System Architecture for the National Integration of Electronic Health Records: A Semi-Centralized Approach

Original Paper

EHR Implementation in a New Clinic: A Case Study of Clinician Perceptions

Original Paper

Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’

Original Paper

An Approach to Medical Knowledge Sharing in a Hospital Information System Using MCLink

Original Paper

Security analysis and Improvement of a Privacy Authentication Scheme for Telecare Medical Information Systems

Original Paper

Synthetic Hardware Performance Analysis in Virtualized Cloud Environment for Healthcare Organization