Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress 2023 EHA Congress 2023 ASCO Annual Meeting
Clinical Collections
Advances in Alzheimer’s

At a glance: The ONWARDS insulin icodec trials

A round-up of the ONWARDS phase 3 clinical trials evaluating the novel weekly insulin icodec in people with diabetes.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 6/2015

01-06-2015 | Patient Facing Systems

Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems

Authors: Shehzad Ashraf Chaudhry, Husnain Naqvi, Taeshik Shon, Muhammad Sher, Mohammad Sabzinejad Farash

Published in: Journal of Medical Systems | Issue 6/2015

Login to get access

Abstract

Telecare medical information systems (TMIS) provides rapid and convenient health care services remotely. Efficient authentication is a prerequisite to guarantee the security and privacy of patients in TMIS. Authentication is used to verify the legality of the patients and TMIS server during remote access. Very recently Islam et al. (J. Med. Syst. 38(10):135, 2014) proposed a two factor authentication protocol for TMIS using elliptic curve cryptography (ECC) to improve Xu et al.’s (J. Med. Syst. 38(1):9994, 2014) protocol. They claimed their improved protocol to be efficient and provides all security requirements. However our analysis reveals that Islam et al.’s protocol suffers from user impersonation and server impersonation attacks. Furthermore we proposed an enhanced protocol. The proposed protocol while delivering all the virtues of Islam et al.’s protocol resists all known attacks.
Literature
1.
Ch, S.A., uddin, N., Sher, M., Ghani, A., Naqvi, H., Irshad, A., An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimed. Tools Appl.,1–13, 2014. doi:10.​1007/​s11042-014-2283-9.
2.
3.
4.
Debiao, H., Jianhua, C., Jin, H., An id-based client authentication with key agreement protocol for mobile client–server environment on ecc with provable security. Inf. Fusion 13(3):223–230, 2012.CrossRef
5.
6.
Diffie, W., and Hellman, M.E., New directions in cryptography. IEEE Trans. Inf. Theory 22(6):644–654, 1976.
7.
Farash, M.S., and Attari, M.A., Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC. ISC Int. J. Inf. Secur. 5(1):18–43, 2013.
8.
Farash, M.S., Attari, M.A., Atani, R.E., Jami, M., A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Comput. Electr. Eng. 39(2):530–541, 2013.CrossRef
9.
Farash, M.S., An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int. J. Commun. Syst. 2014. doi:10.​1002/​dac.​2879.
10.
Farash, M.S., Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw. Appl.,1–10, 2014. doi:10.​1007/​s12083-014-0315-x.
11.
Farash, M.S., and Attari, M.A., An efficient and provably secure three-party password-based authenticated key exchange protocol based on chebyshev chaotic maps. Nonlinear Dyn. 77(1–2):399–411, 2014.
12.
Farash, M.S., and Attari, M.A., An enhanced and secure threeparty password-based authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. Inf. Technol. Control 43(2):143–150, 2014.
13.
Farash, M.S., and Attari, M.A., A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J. Supercomputing, 1–17, 2014.
14.
15.
Giri, D., Maitra, T., Amin, R., Srivastava, P., An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1):145, 2014. doi:10.​1007/​s10916-014-0145-7.CrossRef
16.
He, D., An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings. Ad Hoc Netw. 10(6):1009–1016, 2012.CrossRef
17.
Irshad, A., Sher, M., Faisal, M.S., Ghani, A., Ul Hassan, M., Ch, S.A.: A secure authentication scheme for session initiation protocol by using ecc on the basis of the tang and liu scheme. Secur. Comm. Netw. (2013)
18.
Irshad, A., Sher, M., Rehman, E., Ch, S.A., Hassan, M.U., Ghani, A., A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl.,1–18, 2013.
19.
Islam, S., and Biswas, G., A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11):1892–1898, 2011.
20.
Islam, S., and Khan, M., Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10):135, 2014. doi:10.​1007/​s10916-014-0135-9
21.
22.
Khan, M.K., Kim, S.K., Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2011. doi:10.​1016/​j.​comcom.​2010.​02.​011. Special Issue of Computer Communications on Information and Future Communication Security.
23.
Khan, M.K., and Kumari, S., Cryptanalysis and improvement of an efficient and secure dynamic id-based authentication scheme for telecare medical information systems? Secur. Commun. Netw. 7(2):399–408, 2014. doi:10.​1002/​sec.​791
24.
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology CRYPTO 99, pp. 388–397. Springer (1999)
25.
26.
Lee, C.C., Chen, C.L., Wu, C.Y., Huang, S.Y., An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dyn. 69(1–2):79–87, 2012.CrossRefMATHMathSciNet
27.
Liao, Y.P., and Wang, S.S., A new secure password authenticated key agreement scheme for sip using self-certified public keys on elliptic curves. Comput. Commun. 33 (3): 372–380 , 2010.CrossRef
28.
Liu, J., Zhang, Z., Chen, X., Kwak, K.S., Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Trans. Parallel Distrib. Syst. 25 (2): 332–342 , 2014.CrossRef
29.
Mehmood, Z., uddin, N., Ch, S.A., Nasar, W., Ghani, A.: An efficient key agreement with rekeying for secured body sensor networks. In: 2012 Second International Conference on Digital Information Processing and Communications (ICDIPC), pp. 164–167. IEEE (2012)
30.
Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552, 2002.CrossRefMathSciNet
31.
Chaudhry, S.A., Comment on ‘Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications’. IET Communications, pp. 1. doi:10.​1049/​iet-com.​2014.​1082.
32.
Ul Amin, N., Asad, M., Din, N., Ch, S.A.: An authenticated key agreement with rekeying for secured body sensor networks based on hybrid cryptosystem. In: 2012 9th IEEE International Conference on Networking, Sensing and Control (ICNSC), pp. 118–121. IEEE (2012)
33.
34.
35.
Wu, S., and Chen, K., An efficient key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 36(4):2325–2337, 2012.
36.
37.
38.
Xu, L., and Wu, F., Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J. Med. Syst. 39(2):10, 2015. doi:10.​1007/​s10916-014-0179-x
39.
Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., He, L., A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(1):1–7, 2014.
40.
Yang, H., Kim, H., Mtonga, K., An efficient privacy-preserving authentication scheme with adaptive key evolution in remote health monitoring system. Peer-to-Peer Netw. Appl.,1–11, 2014. doi:10.​1007/​s12083-014-0299-6.
41.
Yoon, E.J., Ryu, E.K., Yoo, K.Y., Attacks and solutions of Yang et al.’s protected password changing scheme. Informatica 16(2):285–294, 2005.MATHMathSciNet
42.
Zhang, L., Tang, S., Cai, Z., Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications. IET Communications 8(1):83–91, 2014.CrossRef
43.
Zhao, Z., An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. J. Med. Syst. 38(2):1–7, 2014.CrossRefMATH
44.
Metadata
Title
Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems
Authors
Shehzad Ashraf Chaudhry
Husnain Naqvi
Taeshik Shon
Muhammad Sher
Mohammad Sabzinejad Farash
Publication date
01-06-2015
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 6/2015
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-015-0244-0

Other articles of this Issue 6/2015

Journal of Medical Systems 6/2015 Go to the issue

Systems-Level Quality Improvement

Real-Time Feedback for Improving Compliance to Hand Sanitization Among Healthcare Workers in an Open Layout ICU Using Radiofrequency Identification

Systems-Level Quality Improvement

A Hand Hygiene Compliance Check System: Brief Communication on a System to Improve Hand Hygiene Compliance in Hospitals and Reduce Infection

Mobile Systems

Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps

Systems-Level Quality Improvement

Optimization of Frequency Lowering Algorithms for Getting the Highest Speech Intelligibility Improvement by Hearing Loss Simulation

Systems-Level Quality Improvement

Use of Information Technology for Medication Management in Residential Care Facilities: Correlates of Facility Characteristics

Mobile Systems

Compliance of Blood Donation Apps with Mobile OS Usability Guidelines