Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress
Clinical Collections
Advances in Alzheimer’s

Keynote webinar | Spotlight on medication adherence

LIVE: Thursday 27th June 2024, 18:00-19:30 (CEST)
Join our expert panel to discover why you need to understand the drivers of non-adherence in your patients, and how you can optimize medication adherence in your clinics to drastically improve patient outcomes.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 6/2013

01-12-2013 | Original Paper

Security Analysis of a Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems

Authors: Wei-Chuen Yau, Raphael C.-W. Phan

Published in: Journal of Medical Systems | Issue 6/2013

Login to get access

Abstract

Many authentication schemes have been proposed for telecare medicine information systems (TMIS) to ensure the privacy, integrity, and availability of patient records. These schemes are crucial for TMIS systems because otherwise patients’ medical records become susceptible to tampering thus hampering diagnosis or private medical conditions of patients could be disclosed to parties who do not have a right to access such information. Very recently, Hao et al. proposed a chaotic map-based authentication scheme for telecare medicine information systems in a recent issue of Journal of Medical Systems. They claimed that the authentication scheme can withstand various attacks and it is secure to be used in TMIS. In this paper, we show that this authentication scheme is vulnerable to key-compromise impersonation attacks, off-line password guessing attacks upon compromising of a smart card, and parallel session attacks. We also exploit weaknesses in the password change phase of the scheme to mount a denial-of-service attack. Our results show that this scheme cannot be used to provide security in a telecare medicine information system.
Literature
1.
Bellare, M., Pointcheval, D., and Rogaway, P., Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (Ed.), EUROCRYPT, Lecture Notes in Computer Science, Vol. 1807, pp. 139–155. Springer, 2000.
2.
Bellare, M., and Rogaway, P., Entity authentication and key distribution. In: Stinson, D.R. (Ed.), CRYPTO, Lecture Notes in Computer Science. Vol. 773, pp. 232–249. Springer, 1993.
3.
Bellovin, S. M., and Merritt, M., Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proceedings of the IEEE Symposium on Research in Security and Privacy. pp. 72–84. Oakland, CA: IEEE Computer Society, 1992.
4.
Bergamo, P., D’Arco, P., De Santis, A., and Kocarev, L., Security of public-key cryptosystems based on Chebyshev polynomials. IEEE Trans. Circ. Syst I: Regular Pap. 52(7):1382–1393, 2005.CrossRef
5.
Blake-Wilson, S., and Menezes, A., Unknown key-share attacks on the station-to-station (STS) protocol. In: Public Key Cryptography, Lecture Notes in Computer Science. Vol. 1560, pp. 154–170. Berlin: Springer, 1999.
6.
Canetti, R., and Krawczyk, H., Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann B. (Ed.), EUROCRYPT, Lecture Notes in Computer Science. Vol. 2045, pp. 453–474. Springer, 2001.
7.
8.
Diffie, W., Oorschot, P. C., and Wiener, M. J., Authentication and authenticated key exchanges. Des. Codes Crypt. 2:107–125, 1992.CrossRef
9.
Dojen, R., Jurcut, A., Coffey, T., and Györödi, C.: On establishing and fixing a parallel session attack in a security protocol. In: Badica, C., Mangioni, G., Carchiolo, V., Burdescu, D. D. (Eds.), IDC, Studies in Computational Intelligence. Vol. 162, pp. 239–244. Springer, 2008.
10.
Günther, C.G., An identity-based key-exchange protocol, In: Quisquater, J. J., and Vandewalle, J. (Eds.), EUROCRYPT, Lecture Notes in Computer Science. Vol. 434, pp. 29–37. Berlin: Springer, 1990.
11.
Guo, C., and Chang, C. C., Chaotic maps-based password authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6):1433–1440, 2013.MathSciNetCrossRef
12.
Hao, X., Wang, J., Yang, Q., Yan, X., and Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):1–7, 2013.
13.
He, D., Chen, J., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef
14.
He, D., and Wu, S., Security flaws in a smart card based authentication scheme for multi-server environment. Wirel. Pers. Commun. 70(1):323–329, 2013.CrossRef
15.
Hsu, C. L., Security of Chien et al.’s remote user authentication scheme using smart cards. Comput. Stand. Interfaces 26(3):167–169, 2004.CrossRef
16.
Just, M., and Vaudenay, S., Authenticated multi-party key agreement. In: Kim, K., and Matsumoto, T. (Eds.), ASIACRYPT, Lecture Notes in Computer Science. Vol. 1163, pp. 36–49. Springer, 1996.
17.
Kaliski, B. S. Jr., An unknown key-share attack on the MQV key agreement protocol. ACM Trans. Inf. Syst. Secur 4(3):275–288, 2001.CrossRef
18.
Kocher, P. C., Jaffe, J., and Jun, B., Differential power analysis. In: Wiener, M. J. (Ed.) , CRYPTO, Lecture Notes in Computer Science, Vol. 1666, pp. 388–397. Springer, 1999.
19.
Krawczyk, H., HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (Ed.) ,CRYPTO, Lecture Notes in Computer Science, Vol. 3621, pp. 546–566. Springer, 2005.
20.
Lee, T.F., and Liu, C.M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3):1–8, 2013.
21.
Lu, R., and Cao, Z., Simple three-party key exchange protocol. Comput. Secur. 26(1):94–97, 2007.CrossRef
22.
Menezes, A., van Oorschot, P.C., and Vanstone, S.A., Handbook of Applied Cryptography. Boca Raton, Florida: CRC Press, 1996.CrossRef
23.
Messerges, T.S., Dabbish, E.A., and Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.MathSciNetCrossRef
24.
Nam, J., Kim, S., Park, S., and Won, D., Security analysis of a nonce-based user authentication scheme using smart cards. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E90-A(1):299–302, 2007.CrossRef
25.
Nam, J., Paik, J., Kang, H.K., Kim, U.M., and Won, D., An off-line dictionary attack on a simple three-party key exchange protocol. IEEE Commun. Lett. 13(3):205–207, 2009.CrossRef
26.
Phan, R.C.W., Yau, W.C., Goi, B.M., Cryptanalysis of simple three-party key exchange protocol (S-3PAKE). Inf. Sci. 178(13):2849–2856, 2008.MathSciNetCrossRefMATH
27.
Stern, J., Why provable security matters? In: Biham, E. (Ed.) , EUROCRYPT, Lecture Notes in Computer Science. Vol. 2656, pp. 449–461. Springer, 2003.
28.
29.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.CrossRef
30.
Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRef
31.
Xu, J., Zhu, W.T., and Feng, D.G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.CrossRef
32.
Yau, W.C., Phan, R.C.W., Goi, B.M., and Heng, S.H., Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS ’09. In: Lin, D., Tsudik, G., Wang, X. (Eds.) , CANS, Lecture Notes in Computer Science. Vol. 7092, pp. 172–184. Springer, 2011.
33.
Zhang, L., Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons Fractals 37(3):669–674, 2008.MathSciNetCrossRefMATH
34.
Zhu, Z., An effcient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.CrossRef
Metadata
Title
Security Analysis of a Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems
Authors
Wei-Chuen Yau
Raphael C.-W. Phan
Publication date
01-12-2013
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 6/2013
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-013-9993-9

Other articles of this Issue 6/2013

Journal of Medical Systems 6/2013 Go to the issue

Original Paper

RFID Authentication Protocol to Enhance Patient Medication Safety

Original Paper

Privacy Preserving Index for Encrypted Electronic Medical Records

Original Paper

An Efficient Chaotic Maps-Based Authentication and Key Agreement Scheme Using Smartcards for Telecare Medicine Information Systems

Original Paper

eHealth in Denmark: A Case Study

Original Paper

Understanding the Mediating Effects of Relationship Quality on Technology Acceptance: An Empirical Study of E-Appointment System

Original Paper

Challenges, Alternatives, and Paths to Sustainability for Health Information Exchange Efforts