Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’
- 507 Downloads
To ensure reliable telecare services some user authentication schemes for telecare medical information system (TMIS) have been presented in literature. These schemes are proposed with intent to regulate only authorized access to medical services so that medical information can be protected from misuse. Very recently Jiang et al. proposed a user authentication scheme for TMIS which they claimed to provide enhanced privacy. They made use of symmetric encryption/decryption with cipher block chaining mode (CBC) to achieve the claimed user privacy. Their scheme provides features like user anonymity and user un-traceability unlike its preceding schemes on which it is built. Unluckily, authors overlook some important aspects in designing their scheme due to which it falls short to resist user impersonation attack, guessing attacks and denial of service attack. Besides, its password change phase is not secure; air message confidentiality is at risk and also has some other drawbacks. Therefore, we propose an improved scheme free from problems observed in Jiang et al.’s scheme and more suitable for TMIS.
KeywordsTelecare medical information system User authentication Temporary identity Medical services Impersonation attack Security
We declare that there is no role or involvement of any sponsor in this study.
Conflict of interest statement
Authors have no conflict of interest.
- 5.RSA Secure ID, “Secure identity.” [Online] Available: http://www.rsa.com/node.aspx?id=1156.
- 9.Kumar, M., Gupta, M. K., and Kumari, S., An Improved efficient remote password authentication scheme with smart card over insecure networks. Int. J. Netw Secur. 13(3):167–177, 2011.Google Scholar
- 19.Dworkin, M., Recommendation for Block Cipher Modes of Operation: Methods and Techniques. NIST Special Publication 800-38A, 2001.Google Scholar
- 20.Mao, W., Modern Cryptography: Theory and Practice. Prentice Hall Professional Technical Reference, 2003.Google Scholar
- 21.Kocher, P., Jaffe, J., Jun, B., Differential power analysis. Proceedings of Advances in Cryptology. Santa Barbara, CA, U.S.A., 388–397, 1999.Google Scholar
- 23.Sood, S. K., Sarjee, A. K., Singh, K., An improvement of Liao et al.’s authentication scheme using smart card. IEEE 2nd International Advance Computing Conference (IACC2010), Patiala, India, pp. 240–245, 2010.Google Scholar