Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress 2023 EHA Congress 2023 ASCO Annual Meeting
Clinical Collections
Advances in Alzheimer’s

At a glance: The ONWARDS insulin icodec trials

A round-up of the ONWARDS phase 3 clinical trials evaluating the novel weekly insulin icodec in people with diabetes.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 2/2013

01-04-2013 | Original Paper

Robust Anonymous Authentication Scheme for Telecare Medical Information Systems

Authors: Qi Xie, Jun Zhang, Na Dong

Published in: Journal of Medical Systems | Issue 2/2013

Login to get access

Abstract

Patient can obtain sorts of health-care delivery services via Telecare Medical Information Systems (TMIS). Authentication, security, patient’s privacy protection and data confidentiality are important for patient or doctor accessing to Electronic Medical Records (EMR). In 2012, Chen et al. showed that Khan et al.’s dynamic ID-based authentication scheme has some weaknesses and proposed an improved scheme, and they claimed that their scheme is more suitable for TMIS. However, we show that Chen et al.’s scheme also has some weaknesses. In particular, Chen et al.’s scheme does not provide user’s privacy protection and perfect forward secrecy, is vulnerable to off-line password guessing attack and impersonation attack once user’s smart card is compromised. Further, we propose a secure anonymity authentication scheme to overcome their weaknesses even an adversary can know all information stored in smart card.
Literature
1.
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.CrossRef
2.
Yang, C. M., Lin, H. C., Chang, P., and Jian, W. S., Taiwan’s perspective on electronic medical records’ security and privacy protection: Lessons learned from HIPAA. Comput. Meth. Prog. Biol. 82(3):277–282, 2006.CrossRef
3.
Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.CrossRef
4.
Witteman, M., Advances in smartcard security. Inf. Secur. Bull. 7(2002):11–22, 2002.
5.
Lee, N. Y., and Chen, J. C., Improvement of one-time password authentication scheme using smart card. IEICE Trans. Commun. E88-B(9):3765–3769, 2005.CrossRef
6.
Hölbl, M., Welzer, T., and Brumen, B., Attacks and improvement of an efficient remote mutual authentication and key agreement scheme. Cryptologia 34(1):52–59, 2009.CrossRef
7.
Yeh, K. H., Sub, C. H., Loa, N. W., Li, Y., and Hung, Y. X., Two robust remote user authentication protocols using smart cards. J. Syst. Softw. 83(12):2556–2565, 2010.CrossRef
8.
Wang, X. M., Zhang, W. F., Zhang, J. S., and Khan, M. K., Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Comput. Stand. Interfac. 29(5):507–512, 2007.CrossRef
9.
Chen, T. H., Hsiang, H. C., and Shih, W. K., Security enhancement on an improvement on two remote user authentication schemes using smart cards. Futur. Gener. Comput. Syst. 27(4):377–380, 2011.MATHCrossRef
10.
11.
Wu, Z. Y., Chung, Y., Lai, F., and Chen, T. S., Password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36:631–638, 2012.CrossRef
12.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for Telecare Medicine Information Systems. J. Med. Syst. 36:1529–1535, 2012.CrossRef
13.
He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for Telecare Medicine Information Systems. J. Med. Syst. 36:1989–1995, 2012.CrossRef
14.
15.
16.
Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004. 508.CrossRef
17.
18.
Wang, R. C., Juang, W. S., and Lei, C. L., Provably secure and efficient identification and key agreement protocol with user anonymity. J. Comput. Syst. Sci. 77(4):790–798, 2011.MathSciNetMATHCrossRef
19.
Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for Telecare Medical Information Systems. J. Med. Syst., 2012. doi:10.​1007/​s10916-012-9862-y.
20.
Khan, M. K., Kim, K. S., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.CrossRef
21.
Chen, H., Xiao, Y., Hong, X., Hu, F., and Xie, J., A survey of anonymity in wireless communication systems. Secur. Comm. Netw. 2:427–444, 2009.CrossRef
22.
Kocher, P., Jaffe, J., and Jun, J., Differential power analysis. Proceedings of Advances in Cryptology (CRYPTO 99). pp.388–397, 1999.
23.
Messerges, T., Dabbish, E., and Sloan, R., Examining smartcard security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.MathSciNetCrossRef
24.
Abadi, M., Blanchet, B., and Lundh, H. C., Models and proofs of protocol security: A progress report. 21st International Conference on Computer Aided Verification, Grenoble, France, pp. 35–49, 2009.
25.
Abadi, M., and Fournet, C., Mobile values, new names, and secure communication. Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM New York, pp. 104–115, 2001.
26.
Li, C. T., Hwang, M. S., and Chu, Y. P., A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Comput. Commun. 31:2803–2814, 2008.CrossRef
Metadata
Title
Robust Anonymous Authentication Scheme for Telecare Medical Information Systems
Authors
Qi Xie
Jun Zhang
Na Dong
Publication date
01-04-2013
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 2/2013
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-012-9911-6

Other articles of this Issue 2/2013

Journal of Medical Systems 2/2013 Go to the issue

Original Paper

Health Information Technology Adoption in U.S. Acute Care Hospitals

Original Paper

Closing the Feedback Loop: An Interactive Voice Response System to Provide Follow-up and Feedback in Primary Care Settings

Original Paper

Intelligent Medical Disease Diagnosis Using Improved Hybrid Genetic Algorithm - Multilayer Perceptron Network

Original Paper

Design and Application of an Information System for the Emergency Observation Room in a Chinese Hospital

Original Paper

Utilization of Electronic Medical Records to Build a Detection Model for Surveillance of Healthcare-Associated Urinary Tract Infections

Original Paper

Migration of Patients Between Five Urban Teaching Hospitals in Chicago