Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress 2023 EHA Congress 2023 ASCO Annual Meeting
Clinical Collections
Advances in Alzheimer’s

At a glance: The ONWARDS insulin icodec trials

A round-up of the ONWARDS phase 3 clinical trials evaluating the novel weekly insulin icodec in people with diabetes.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 5/2014

01-05-2014 | MOBILE SYSTEMS

A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System

Author: Fengtong Wen

Published in: Journal of Medical Systems | Issue 5/2014

Login to get access

Abstract

Secure and efficient user mutual authentication is an essential task for integrated electronic patient record (EPR) information system. Recently, several authentication schemes have been proposed to meet this requirement. In a recent paper, Lee et al. proposed an efficient and secure password-based authentication scheme used smart cards for the integrated EPR information system. This scheme is believed to have many abilities to resist a range of network attacks. Especially, they claimed that their scheme could resist lost smart card attack. However, we reanalyze the security of Lee et al.’s scheme, and show that it fails to protect off-line password guessing attack if the secret information stored in the smart card is compromised. This also renders that their scheme is insecure against user impersonation attacks. Then, we propose a new user authentication scheme for integrated EPR information systems based on the quadratic residues. The new scheme not only resists a range of network attacks but also provides user anonymity. We show that our proposed scheme can provide stronger security.
Literature
1.
Chang, Y.F., Lin, S.C., Chang, P.Y., A location-privacy-protected RFID authentication scheme. In: IEEE International Conference on Communications, pp. 1–4, 2011.
2.
Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic ID-based authentication scheme for Telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.CrossRef
3.
Chen, Y., Chou, J., Sun, H., A novel mutual-authentication scheme based on quadratic residues for RFID systems. Comput. Netw. 52(12):2373–2380, 2008.CrossRefMATH
4.
Cheng, Z.Y., Liu, Y., Chang, C.C., Liu, C.X., A novel biometric-based remote user authentication scheme using quadratic residues. Int. J. Inf. Electron. Eng. 3(4):419–422, 2013.
5.
He, D.B., Chen, J.H., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef
6.
Kumar, M., A new secure remote user authentication scheme with smart cards. Int. J. Netw. Secur. 11(2):88–93, 2010.
7.
Kocher, P.C., Jaffe, J., Jun, B., Differential power analysis. In: Proceedings of 19th International Advances in Cryptology, pp. 388-397, Santa Barbara, 1999.
8.
Lee, N.Y., and Chiu, Y.C., Improved remote authentication scheme with smart card. Comput. Stand. Interfaces 27(2):177–180, 2005.CrossRef
9.
Lee, S.W., Kim, H.S., Yoo, K.Y., Improvement of Chien et al.s remote user authentication scheme using smart cards. Comput. Stand. Interfaces 27(2):181–183, 2005.CrossRef
10.
Lee, T.F., Chang, I.P., Lin, T.H., Wang, C.C., A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system. J. Med. Syst. 37(3):9941, 2013. doi:10.​1007/​s10916-013-9941-8.CrossRef
11.
12.
Li, X., Qiu, W., Zheng, D., Chen, K., Li, J., Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 57(2):793–800, 2010.CrossRef
13.
Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRefMathSciNet
14.
Rosen, K., Elementary number theory and its applications. Reading.MA: Addison-Wesley, 1988.MATH
15.
Takeda, H., Matsumura, Y., Kuwata, S., Architecture for networked electronic patient record systems. Int. J. Med. Inform. 60(2):161–167, 2000.CrossRef
16.
Wang, B., and Li, Z.Q., A forward-secure user authentication scheme with smart cards. Int. J. Netw. Secur. 3(2):116–119, 2006.
17.
Wei, J., Hu, X., Liu, W.: An improved authentication scheme for telecare medicine information systems. In: Journal of Medical System, 36(6):3597–3604, 2012.CrossRef
18.
Wen, F.T., Susilo, W., Yang, G.M., A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. In: Wireless personal communicationx, 73(3):993–1004, 2013.CrossRef
19.
Wen, F.T., A robust uniqueness and anonymity preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(6):9980, 2013.CrossRef
20.
Wen, F.T., Susilo, W., Yang, G.M., A robust smart card-based anonymous user authentication protocol for wireless communications. In: Security and Communication Networks, 2013. doi:10.​1002/​sec.​816.
21.
Wu, Z.P., Chung, Y., Lai, F., Chen, T.S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.CrossRef
22.
Wu, S., Zhu, Y., Pu, Q., Robust smart-cards-based user authentication scheme with user anonymity. Secur. Commun. Netw. 5(2):236–248, 2012.CrossRef
23.
Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRef
24.
Xu, J., Zhu, W.T., Feng, D.G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.CrossRef
25.
Yang, G., Wong, D., Wang, H., Deng, X., Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74(7):1160–172, 2008.CrossRefMATHMathSciNet
26.
27.
Yeh, T.C., Wu, C.H., Tseng, Y.M., Improvement of the RFID authentication scheme based on quadratic residues. Comput. Commun. 34:337–341, 2011.CrossRef
28.
Youn, T., Park, Y., Lim, J., Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks. IEEE Commun. Lett. 13(7):471–473, 2009.CrossRef
29.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.CrossRef
Metadata
Title
A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System
Author
Fengtong Wen
Publication date
01-05-2014
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 5/2014
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-014-0042-0

Other articles of this Issue 5/2014

Journal of Medical Systems 5/2014 Go to the issue

Transactional Processing Systems

Secure Verifier-Based Three-Party Authentication Schemes without Server Public Keys for Data Exchange in Telecare Medicine Information Systems

Systems-Level Quality Improvement

Effective Automated Prediction of Vertebral Column Pathologies Based on Logistic Model Tree with SMOTE Preprocessing

Systems-Level Quality Improvement

A Secure RFID Authentication Protocol for Healthcare Environments Using Elliptic Curve Cryptosystem

Patient Facing Systems

A Stationary Wavelet Transform Based Approach to Registration of Planning CT and Setup Cone beam-CT Images in Radiotherapy

Transactional Processing Systems

A New Data Preparation Method Based on Clustering Algorithms for Diagnosis Systems of Heart and Diabetes Diseases

Patient Facing Systems

An Efficient RFID Authentication Protocol to Enhance Patient Medication Safety Using Elliptic Curve Cryptography