Journal of Medical Systems

, 37:9952 | Cite as

Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’

Original Paper


To ensure reliable telecare services some user authentication schemes for telecare medical information system (TMIS) have been presented in literature. These schemes are proposed with intent to regulate only authorized access to medical services so that medical information can be protected from misuse. Very recently Jiang et al. proposed a user authentication scheme for TMIS which they claimed to provide enhanced privacy. They made use of symmetric encryption/decryption with cipher block chaining mode (CBC) to achieve the claimed user privacy. Their scheme provides features like user anonymity and user un-traceability unlike its preceding schemes on which it is built. Unluckily, authors overlook some important aspects in designing their scheme due to which it falls short to resist user impersonation attack, guessing attacks and denial of service attack. Besides, its password change phase is not secure; air message confidentiality is at risk and also has some other drawbacks. Therefore, we propose an improved scheme free from problems observed in Jiang et al.’s scheme and more suitable for TMIS.


Telecare medical information system User authentication Temporary identity Medical services Impersonation attack Security 



We declare that there is no role or involvement of any sponsor in this study.

Conflict of interest statement

Authors have no conflict of interest.


  1. 1.
    Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., and Yen, D. C., Design and implementation of a telecare information platform. J. Med. Syst. 36(3):1629–1650, 2012. doi: 10.1007/s10916-010-9625-6.CrossRefGoogle Scholar
  2. 2.
    Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.CrossRefGoogle Scholar
  3. 3.
    Gritzalis, S., Lambrinoudakis, C., Lekkas, D., and Deftereos, S., Technical guidelines for enhancing privacy and data protection in modern electronic medical environments. IEEE Trans. Inf. Technol. Biomed. 9(3):413–423, 2005.CrossRefGoogle Scholar
  4. 4.
    Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.CrossRefGoogle Scholar
  5. 5.
    RSA Secure ID, “Secure identity.” [Online] Available:
  6. 6.
    Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.CrossRefGoogle Scholar
  7. 7.
    Khan, M. K., Kim, S. K., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic ID-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.CrossRefGoogle Scholar
  8. 8.
    Kumari, S., Gupta, M. K., and Kumar, M., Cryptanalysis and security enhancement of Chen et al’.s remote user authentication scheme using smart card. Cent. Eur. J. Comput. Sci. 2(1):60–75, 2012.CrossRefGoogle Scholar
  9. 9.
    Kumar, M., Gupta, M. K., and Kumari, S., An Improved efficient remote password authentication scheme with smart card over insecure networks. Int. J. Netw Secur. 13(3):167–177, 2011.Google Scholar
  10. 10.
    Khan, M. K., Kumari, S., and Gupta, M. K., More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing, 2013. doi: 10.1007/s00607-013-0308-2.Google Scholar
  11. 11.
    Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012. doi: 10.1007/s10916-010-9614-9.CrossRefGoogle Scholar
  12. 12.
    He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012. doi: 10.1007/s10916-011-9658-5.CrossRefGoogle Scholar
  13. 13.
    Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012. doi: 10.1007/s10916-012-9835-1.CrossRefGoogle Scholar
  14. 14.
    Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012. doi: 10.1007/s10916-012-9856-9.CrossRefGoogle Scholar
  15. 15.
    Pu, Q., Wang, J., and Zhao, R., Strong authentication scheme for telecare medicine information systems. J. Med. Syst. 36(4):2609–2619, 2012. doi: 10.1007/s10916-011-9735-9.CrossRefGoogle Scholar
  16. 16.
    Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012. doi: 10.1007/s10916-012-9862-y.CrossRefGoogle Scholar
  17. 17.
    Jiang, Q., Ma, J., Ma, Z., and Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37:9897, 2013. doi: 10.1007/s10916-012-9897-0.CrossRefGoogle Scholar
  18. 18.
    Wang, X. M., Zhang, W. F., Zhang, J. S., and Khan, M. K., Cryptanalysis and improvement on two efficient remote user authentication scheme using cards. Comput. Stand. Interfaces 29(5):507–512, 2007.CrossRefGoogle Scholar
  19. 19.
    Dworkin, M., Recommendation for Block Cipher Modes of Operation: Methods and Techniques. NIST Special Publication 800-38A, 2001.Google Scholar
  20. 20.
    Mao, W., Modern Cryptography: Theory and Practice. Prentice Hall Professional Technical Reference, 2003.Google Scholar
  21. 21.
    Kocher, P., Jaffe, J., Jun, B., Differential power analysis. Proceedings of Advances in Cryptology. Santa Barbara, CA, U.S.A., 388–397, 1999.Google Scholar
  22. 22.
    Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.MathSciNetCrossRefGoogle Scholar
  23. 23.
    Sood, S. K., Sarjee, A. K., Singh, K., An improvement of Liao et al.’s authentication scheme using smart card. IEEE 2nd International Advance Computing Conference (IACC2010), Patiala, India, pp. 240–245, 2010.Google Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Saru Kumari
    • 1
  • Muhammad Khurram Khan
    • 2
  • Rahul Kumar
    • 3
  1. 1.Department of MathematicsAgra CollegeAgraIndia
  2. 2.Center of Excellence in Information AssuranceKing Saud UniversityRiyadhKingdom of Saudi Arabia
  3. 3.Department of MathematicsD. B. S. CollegeKanpurIndia

Personalised recommendations