Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress 2023 EHA Congress 2023 ASCO Annual Meeting
Clinical Collections
Advances in Alzheimer’s

At a glance: The ONWARDS insulin icodec trials

A round-up of the ONWARDS phase 3 clinical trials evaluating the novel weekly insulin icodec in people with diabetes.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 8/2015

01-08-2015 | Systems-Level Quality Improvement

On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems

Authors: Hamed Arshad, Vahid Teymoori, Morteza Nikooghadam, Hassan Abbassi

Published in: Journal of Medical Systems | Issue 8/2015

Login to get access

Abstract

Telecare medicine information systems (TMISs) aim to deliver appropriate healthcare services in an efficient and secure manner to patients. A secure mechanism for authentication and key agreement is required to provide proper security in these systems. Recently, Bin Muhaya demonstrated some security weaknesses of Zhu’s authentication and key agreement scheme and proposed a security enhanced authentication and key agreement scheme for TMISs. However, we show that Bin Muhaya’s scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned weaknesses, we propose a new two-factor anonymous authentication and key agreement scheme using the elliptic curve cryptosystem. Security and performance analyses demonstrate that the proposed scheme not only overcomes the weaknesses of Bin Muhaya’s scheme, but also is about 2.73 times faster than Bin Muhaya’s scheme.
Literature
1.
Lin, T. H., and Lee, T. F., Secure verifier-based three-party authentication schemes without server public keys for data exchange in telecare medicine information systems. J. Med. Syst. 38(5):1–9, 2014.
2.
Arshad, H., and Nikooghadam, M., Three-Factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):1–12, 2014.CrossRef
3.
Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–8, 2013.CrossRef
4.
Wu, F., and Xu, L., Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst. 37(4):1–9, 2013.CrossRef
5.
Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10):1–10, 2014.CrossRef
6.
Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5): 1–11, 2014.CrossRef
7.
Kim, K. W., and Lee, J. D, On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 38(5):1–11, 2014.CrossRef
8.
Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M. K., Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):1–12, 2014.CrossRef
9.
Mishra, D., Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems. J. Med. Syst. 39(3):1–8, 2015.CrossRef
10.
Mishra, D., On the security flaws in id-based password authentication schemes for telecare medical information systems. J. Med. Syst. 39(1):1–16, 2015.CrossRef
11.
Mishra, D., A study on ID?based authentication schemes for telecare medical information system, arXiv:1311.​0151, 2013.
12.
He, D., Kumar, N., Chilamkurti, N., Lee, J. H., Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J. Med. Syst. 38(10):1–6, 2014.CrossRef
13.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.PubMedCrossRef
14.
He, D., Chen, j., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef
15.
Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.PubMedCrossRef
16.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012.PubMedCrossRef
17.
Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):1–12, 2013.CrossRef
18.
Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst., 2013. doi:10.​1007/​s10916-013-9933-8.
19.
Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.CrossRef
20.
Bin Muhaya, F. T., Cryptanalysis and security enhancement of Zhu’s authentication scheme for telecare medicine information system. Security and Communication Networks 8:149–158, 2015. doi:10.​1002/​sec.​967.CrossRef
21.
Arshad, H., and Nikooghadam, M., An efficient and secure authentication and key agreement scheme for session protocol using ECC. Multimedia Tools and Applications, 2014. doi:10.​1007/​s11042-014-2282-x.
22.
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. Proceedings of Advances in Cryptology, Vol. 1666, pp. 788–797, Santa Barbara (1999)
23.
Messerges, T. S., Dabbish, E. A., Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRef
24.
Wang, D., and Wang, P., Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw. 20:1–15, 2014.CrossRef
25.
Ma, C.-G., Wang, D., Zhao, S.-D., Security flaws in two improved remote user authentication schemes using smart cards. Int. J. Commun. Syst. 27:2215–2227, 2014. doi:10.​1002/​dac.​2468.CrossRef
26.
Klein, D. V. Foiling the cracker: a survey of, and improvements to, password security. In: Proceedings of the 2nd USENIX Security Workshop. Anaheim (1990)
27.
Bonneau, J. The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In: 33th IEEE Symposium on Security and Privacy (S&P 2012), IEEE Computer Society, pp. 538–552. San Francisco (2012)
28.
Islam, S. H., Design and analysis of an improved smartcard-based remote user password authentication scheme. Int. J. Commun. Syst., 2014. doi:10.​1002/​dac.​2793.
29.
Hankerson, D., Menezes, A., Vanstone, S., Guide to elliptic curve cryptography. New York: Springer, 2004.
30.
Von Ahn, L., Blum, M., Langford, J., Telling humans and computers apart automatically. Commun. ACM 47(2):56–60, 2004.CrossRef
31.
Jiang, Q., Ma, J., Li, G., Yang, l., An Efficient Ticket Based Authentication Protocol with unlinkability for wireless access networks. Wirel. Pers. Commun. 77(2):1489–1506, 2014.CrossRef
32.
Hsieh, W.-B., and Leu, J.-S., Anonymous authentication protocol based on elliptic curve DiffieHellman for wireless access networks. Wirel. Commun. Mob. Comput. 14:995–1006, 2014. doi:10.​1002/​wcm.​2252.CrossRef
33.
Vanstone, S. A., Elliptic curve cryptosystem-the answer to strong, fast public-key cryptography for securing constrained environments. Inf. Secur. Tech. Rep. 12:78–87, 1997.CrossRef
34.
Stallings, W., Cryptography and Network Security: Principles and Practice. 4th edition. Upper Saddle River: Prentice Hall, 2005.
Metadata
Title
On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems
Authors
Hamed Arshad
Vahid Teymoori
Morteza Nikooghadam
Hassan Abbassi
Publication date
01-08-2015
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 8/2015
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-015-0259-6

Other articles of this Issue 8/2015

Journal of Medical Systems 8/2015 Go to the issue

Erratum

Erratum to: Determinants of RFID Adoption in Malaysia’s Healthcare Industry: Occupational Level as a Moderator

Systems-Level Quality Improvement

Extraction of 3D Femur Neck Trabecular Bone Architecture from Clinical CT Images in Osteoporotic Evaluation: a Novel Framework

Transactional Processing Systems

An Approach for Learning Expressive Ontologies in Medical Domain

Patient Facing Systems

Evaluation Study for an ISO 13606 Archetype Based Medical Data Visualization Method

Systems-Level Quality Improvement

Applying Task-Technology Fit Model to the Healthcare Sector: a Case Study of Hospitals’ Computed Tomography Patient-Referral Mechanism

Systems-Level Quality Improvement

A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System