Advertisement

Journal of Medical Systems

, 39:10 | Cite as

Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care

  • Lili Xu
  • Fan Wu
Systems-Level Quality Improvement
Part of the following topical collections:
  1. Systems-Level Quality Improvement

Abstract

Nowadays, connected health care applications are used more and more in the world. Service through the applications can save the patients’ time and expense, such as telecare medical information system (TMIS) and integrated electronic patient record (EPR) information system. In the applications, preserving patients’ privacy, transmitting messages securely and keeping mutual authentication should all be paid attention. Many authentication schemes have been proposed to make a secure communicating environment. Recently Xie et al. showed that Wen’s scheme was insecure because it was under the off-line password guessing attack and without user anonymity and forward security. They gave a new three-factor authentication scheme and claimed that it was secure. However, we find that Xie et al’s scheme is vulnerable to the De-synchronization attack and the server has too much storage burden in the scheme. Then we present an improved scheme which overcomes the usual weaknesses and keeps ordinary security characters. Compared with recent schemes of the same kind, our scheme is secure and practical.

Keywords

Connected health care Authentication Anonymity Smart card 

Notes

References

  1. 1.
    Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):136, 2014.CrossRefGoogle Scholar
  2. 2.
    Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9912, 2013. doi: 10.1007/s10916-012-9912-5.CrossRefMathSciNetGoogle Scholar
  3. 3.
    Chen, H. M., Lo, J. W., Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J Med Syst 36(6):3907–3915, 2012.CrossRefGoogle Scholar
  4. 4.
    Das, A. K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):9948 , 2013.CrossRefGoogle Scholar
  5. 5.
    Fan, C. I., and Lin, Y. H., Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE Trans. Inf. Forensics Sec. 4(4):933–945, 2009.CrossRefGoogle Scholar
  6. 6.
    Jiang, Q., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):9897, 2013. doi: 10.1007/s10916-012-9897-0.CrossRefMathSciNetGoogle Scholar
  7. 7.
    Jin, A. T. B., Ling, D. N. C., Goh, A., Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.CrossRefGoogle Scholar
  8. 8.
    Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):9954 , 2013a.CrossRefGoogle Scholar
  9. 9.
    Khan, M. K., and Kumari, S., An improved biometrics-based remote user authentication scheme with user anonymity. BioMed. Res. Int. 2013(2013):491289, 2013. doi: 10.1155/2013/491289.Google Scholar
  10. 10.
    Khan, M. K., and Kumari, S., Cryptanalysis and improvement of an efficient and secure dynamic id-based authentication scheme for telecare medical information systems. Secur. Commun. Netw. 7(2):399–408, 2014a.CrossRefGoogle Scholar
  11. 11.
    Khan, M. K., and Kumari, S., An improved user authentication protocol for healthcare services via wireless medical sensor networks. Int. J. Distrib. Sens. Netw. 2014(2014):347169, 2014.Google Scholar
  12. 12.
    Khan, M. K., Kumari, S., Gupta, M. K., More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816, 2014.CrossRefMathSciNetGoogle Scholar
  13. 13.
    Kim, K. W., and Lee, J. D., On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 38(5):17, 2014. doi: 10.1007/s10916-014-0017-1.CrossRefGoogle Scholar
  14. 14.
    Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology(CRYPTO99), pp. 388–397: Springer, 1999.Google Scholar
  15. 15.
    Kumari, S., and Khan, M. K., Cryptanalysis and improvement of ’a robust smart-card-based remote user password authentication scheme’. Int. J. Commun. Syst. 27(12):3939–3955, 2014. doi: 10.1002/dac.2590.CrossRefGoogle Scholar
  16. 16.
    Kumari, S., and Khan, M. K., More secure smart card-based remote user password authentication scheme with user anonymity. Secur. Commun. Netw. 7(11):2039–2053, 2014. doi: 10.1002/sec.916.CrossRefGoogle Scholar
  17. 17.
    Kumari, S., Gupta, M.K., Khan, M. K., Li, X., An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Secur. Commun. Netw. 7(11):1921–1932, 2014. doi: 10.1002/sec.906.CrossRefGoogle Scholar
  18. 18.
    Kumari, S., Khan, M. K., Kumar, R., Cryptanalysis and improvement of ’a privacy enhanced scheme for telecare medical information systems’. J. Med. Syst. 37(4):9952, 2013b. doi: 10.1007/s10916-013-9952-5.CrossRefGoogle Scholar
  19. 19.
    Kumari, S., Khan, M. K., Li, X., An improved remote user authentication scheme with key agreement. Comput. & Electr. Eng,. 40(6):1997–2012, 2014a.CrossRefGoogle Scholar
  20. 20.
    Kumari, S., Khan, M. K., Li, X., Wu, F., Design of a user anonymous password authentication scheme without smart card. Int. J. Commun. Syst., 2014b. doi: 10.1002/dac.2853.Google Scholar
  21. 21.
    Li, X., Wen, Q., Li, W., Zhang, H., Jin, Z., Secure privacy-preserving biometric authentication scheme for telecare medicine information systems. J. Med. Syst. 38(11):139, 2014.CrossRefGoogle Scholar
  22. 22.
    Lin, H. Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9929, 2013. doi: 10.1007/s10916-013-9929-4.CrossRefGoogle Scholar
  23. 23.
    Messerges, T. S., Dabbish, E. A., Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.CrossRefMathSciNetGoogle Scholar
  24. 24.
    Nanni, L., and Lumini, A., Random subspace for an improved biohashing for face authentication. Pattern Recogn. Lett. 29(3):295–300, 2008.CrossRefGoogle Scholar
  25. 25.
    Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3):16, 2014. doi: 10.1007/s10916-014-0016-2.CrossRefGoogle Scholar
  26. 26.
    Wang, D., Wang, P., He, D., Anonymous two-factor authentication: Certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput, 2014. doi: 10.1109/TDSC.2014.2355850.Google Scholar
  27. 27.
    Wen, F., A robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(6):9980, 2013. doi: 10.1007/s10916-013-9980-1.CrossRefGoogle Scholar
  28. 28.
    Wen, F., and Guo, D., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(5):26, 2014.CrossRefGoogle Scholar
  29. 29.
    Wu, F., and Xu, L., An improved and provable self-certified digital signature scheme with message recovery. Int. J. Commun. Syst., 2013a. doi: 10.1002/dac.2673.Google Scholar
  30. 30.
    Wu, F., and Xu, L., Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst. 37(4):9958, 2013b. doi: 10.1007/s10916-013-9958-z.CrossRefGoogle Scholar
  31. 31.
    Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9911, 2013. doi: 10.1007/s10916-012-9911-6.CrossRefGoogle Scholar
  32. 32.
    Xie, Q., Liu, W., Wang, S., Han, L., Hu, B., Wu, T., Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care. J. Med. Syst. 38(9): 91, 2014. doi: 10.1007/s10916-014-0091-4.CrossRefGoogle Scholar
  33. 33.
    Xu, L., and Wu, F., An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity. Secur. Commun. Netw., 2014. doi: 10.1002/sec.977.

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.School of Information Science and TechnologyXiamen UniversityXiamenChina
  2. 2.Department of Computer Science and Engineering, Xiamen Institute of TechnologyHuaqiao UniversityXiamenChina

Personalised recommendations