Top

Published in:

01-05-2015 | Patient Facing Systems

Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems

Authors: Liping Zhang, Shaohui Zhu

Published in: Journal of Medical Systems | Issue 5/2015

Abstract

To protect the transmission of the sensitive medical data, a secure and efficient authenticated key agreement scheme should be deployed when the healthcare delivery session is established via Telecare Medicine Information Systems (TMIS) over the unsecure public network. Recently, Islam and Khan proposed an authenticated key agreement scheme using elliptic curve cryptography for TMIS. They claimed that their proposed scheme is provably secure against various attacks in random oracle model and enjoys some good properties such as user anonymity. In this paper, however, we point out that any legal but malicious patient can reveal other user’s identity. Consequently, their scheme suffers from server spoofing attack and off-line password guessing attack. Moreover, if the malicious patient performs the same time of the registration as other users, she can further launch the impersonation attack, man-in-the-middle attack, modification attack, replay attack, and strong replay attack successfully. To eliminate these weaknesses, we propose an improved ECC-based authenticated key agreement scheme. Security analysis demonstrates that the proposed scheme can resist various attacks and enables the patient to enjoy the remote healthcare services with privacy protection. Through the performance evaluation, we show that the proposed scheme achieves a desired balance between security and performance in comparisons with other related schemes.

Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card based information system. J. Med. Syst. 24(4):213–234, 2000.CrossRef

Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., and Yen, D. C., Design and implementation of a telecare information platform. J. Med. Syst. 36(3):1629–1650, 2012.CrossRef

Perera, G., Holbrook, A., Thabane, L., Foster, G., and Willison, D., Views on health information sharing and privacy from primary care practices using electronic medical records. Int. J. Med. Inform. 80:94–101, 2011.CrossRef

Hur, J., and Kang, K., Dependable and secure computing in medical information systems. Comput. Commun. 36:20–28, 2012.CrossRef

Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.CrossRef

Jiang, Q., Ma, J., and Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-012-9897-0.

Wu, F., and Xu, L. L., Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-013-9958-z.

Kumari, S., Khan, M. K., and Kumar, R., Cryptanalysis and improvement of ‘a privacy enhanced scheme for telecare medical information systems’. J. Med. Syst. 2013. doi:10.1007/s10916-013-9952-5.

Das, A. K., and Goswami, A., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(3):1–16, 2013.CrossRef

10.

Kim, K. W., and Lee, J. D., On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014-0017-1.

11.

Srivastava, K., Awasthi, A. K., Kaul, S. D., and Mittal, R. C., A hash based mutual RFID tag authentication protocol in telecare medicine information system. J. Med. Syst. 2015. doi:10.1007/s10916-014-0153-7.

12.

Xu, L. L., and Wu, F., Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J. Med. Syst. 2015. doi:10.1007/s10916-014-0179-x.

13.

Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRef

14.

He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef

15.

Wei, J. H., Hu, X. X., and Liu, W. F., An improved authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3597–3604, 2012.CrossRef

16.

Zhu, Z. A., An efficient authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3833–3838, 2012.CrossRef

17.

Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 2013. doi:10.1007/s10916-013-9954-3.

18.

Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-013-9933-8.

19.

Muhaya, F. T. B., Cryptanalysis and security enhancement of Zhu’s authentication scheme for telecare medicine information system. Secur. Commun. Netw. 8(2):149–158, 2015.CrossRef

20.

Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.CrossRef

21.

Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 2013. doi:10.1007/s10916-013-9933-8.

22.

Wen, F. T., and Guo, D. L., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014-0026-0.

23.

Giri, D., Maitra, T., Amin, R., and Srivastava, P. D., An efficient and robust RSA-based remote user authentication for telecare medical information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014-0145-7.

24.

Burrows, M., Abadi, M., and Needham, R., A logic of authentication. ACM Trans. Comput. Syst. 8(1):18–36, 1990.CrossRef

25.

Ballare, M., and Rogaway, P., Entity authentication and key distribution. Proceedings on Advances in Cryptology (CRYPTO’93): Springer press, 22–26, 1993.

26.

Xu, X., Zhu, P., Wen, Q. Y., Jin, Z. P., Zhang, H., and He, L., A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information system. J. Med. Syst. 2014. doi:10.1007/s10916-013-9994-8.

27.

Islam, S. H., and Khan, M. K., Cryptanalysis and improvement of authentication and key agreement protocols for telecare medical information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014- 0135-9.

28.

Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014-0136-8.

29.

Tan, Z. W., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014-0016-2.

30.

Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. Advance in cryptology. CRYPTO’99 1999; 1666: 788–797.

31.

Messages, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRefMathSciNet

32.

Chang, Y. F., Yu, S. H., and Shiao, D. R., An uniqueness and anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 2013. doi:10.1007/s10916-012-9902-7.

33.

He, D. B., An efficient remote user authentication and key agreement protocols for mobile client–server environment from pairings. Ad Hoc Netw. 10:1009–1016, 2012.CrossRef

Title: Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems
Authors: Liping Zhang
Shaohui Zhu
Publication date: 01-05-2015
Publisher: Springer US
Published in: Journal of Medical Systems / Issue 5/2015
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-015-0233-3

Keynote webinar | Spotlight on medication adherence

Springer Medicine

Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems

Abstract

Keynote webinar | Spotlight on medication adherence

Springer Medicine

Abstract

Please log in to get access to this content

Other articles of this Issue 5/2015

Classification of Hemodynamic Responses Associated With Force and Speed Imagery for a Brain-Computer Interface

Efficiency Analysis of Surgical Services by Combined Use of Data Envelopment Analysis and Gray Relational Analysis

An Adaptive Hidden Markov Model for Activity Recognition Based on a Wearable Multi-Sensor Device

Using a Hackathon for Interprofessional Health Education Opportunities

An Obstructive Sleep Apnea Detection Approach Using Kernel Density Classification Based on Single-Lead Electrocardiogram

Free Blood Donation Mobile Applications