An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems
- 638 Downloads
The rapidly increased availability of always-on broadband telecommunication environments and lower-cost vital signs monitoring devices bring the advantages of telemedicine directly into the patient’s home. Hence, the control of access to remote medical servers’ resources has become a crucial challenge. A secure authentication scheme between the medical server and remote users is therefore needed to safeguard data integrity, confidentiality and to ensure availability. Recently, many authentication schemes that use low-cost mobile devices have been proposed to meet these requirements. In contrast to previous schemes, Khan et al. proposed a dynamic ID-based remote user authentication scheme that reduces computational complexity and includes features such as a provision for the revocation of lost or stolen smart cards and a time expiry check for the authentication process. However, Khan et al.’s scheme has some security drawbacks. To remedy theses, this study proposes an enhanced authentication scheme that overcomes the weaknesses inherent in Khan et al.’s scheme and demonstrated this scheme is more secure and robust for use in a telecare medical information system.
KeywordsTelecare medical information system Authentication scheme Smart card Password-based remote authentication
Conflict of interest
The authors declare that they have no conflict of interest.
- 2.Latré, B., Braem, B., Moerman, I., Blondia, C., and Demeester, P., A survey on wireless body area networks. J. Wireless Netw. 17(1). January 2011.Google Scholar
- 3.Stachura, M., and Khasanshina, E., Telehomecare and remote monitoring: An outcomes overview. Adv. Med. Technol. Assoc., October 31, 2007, Available at: http://www.advamed.org/NR/rdonlyres/2250724C-5005-45CD-A3C9-0EC0CD3132A1/0/TelehomecarereportFNL103107.pdf (last access March 2012).
- 4.Otto, C., Milenkovic, A., Sanders, C., and Jovanov, E., System architecture of a wireless body area sensor network for ubiquitous health monitoring. J. Mobile Multimed. 1(4):307–326, 2006.Google Scholar
- 5.Mana, M., Feham, M., and Bensaber, B. A., Trust key management scheme for wireless body area networks. Int. J. Netw. Secur. 12(2):71–79, 2011.Google Scholar
- 6.Electronic health record Wiki Site. http://en.wikipedia.org/wiki/Electronic_health_record#cite_note-23, (last accessed March 2012).
- 7.Dunlop, L., Electronic health records: Interoperability challenges and patient’s right for privacy. Shidler J. Comput. Technol. 3:16, 2007.Google Scholar
- 8.Tim Wafa (J.D.)., How the lack of prescriptive technical granularity in HIPAA has compromised patient privacy. N. Illinois Univ. Law Rev., 30(3), Summer 2010.Google Scholar
- 10.Haller, N., The S/KEY one-time password system. Proceedings of the Internet Society Symposium on Network and Distributed Systems, pp. 151–157, 1994.Google Scholar
- 15.Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y., A secure authentication scheme for Telecare medicine information systems. J. Med. Syst., 2010. doi: 10.1007/s10916-010-9614-9.
- 16.Debiao, H., Jianhua, C., and Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2011. doi: 10.1007/s10916-011-9658-5.
- 18.Awashti, A. K., Comment on ‘A dynamic ID-based remote user authentication scheme’. Trans. Cryptol. 1(2):15–16, 2004.Google Scholar
- 19.Chien, H. Y., and Chen, C. H., A remote authentication scheme preserving user anonymity. In: International conference on AINA’05, 2, 2005.Google Scholar
- 20.Ku, W. C., Chang, S. T., Impersonation attack on a dynamic ID-based remote user authentication sheme using smart cards. IEICE Transactions on Communication E88-B (5):2165–2167, 2005.Google Scholar
- 21.Liao, I., Lee, C. C., Hwang, M. S., Security enhancement for a dynamic ID-based remote user authentication scheme. Proceedings of the National Conference on Next Generation Web Services Practices, pp. 4, 22–26 Aug. 2005.Google Scholar
- 24.He, D., Chen, J., and Hu, J, Weaknesses of a dynamic ID-based remote user authentication scheme. IACR Eprint archive, 2010, Available at http://eprint.iacr.org/2010/240 (last accessed March 2012).