On the Security Flaws in ID-based Password Authentication Schemes for Telecare Medical Information Systems

Journal of Medical Systems

Volumn 39, Issue 1, 2015, Pages

  Mishra, Dheerendra ^a  

^a INDIAN INSTITUTE OF TECHNOLOGY   (India)

Author keywords

Password based authentication; Privacy; Security; Smart card; Telecare medical information system

Indexed keywords

ARTICLE; AUTHENTICATION; COMPUTER SECURITY; INFORMATION PROCESSING; MEDICAL INFORMATION SYSTEM; SMART CARD; ALGORITHM; CONFIDENTIALITY; DEVICES; HUMAN; PROCEDURES; RADIO FREQUENCY IDENTIFICATION DEVICE; TELEMEDICINE;

ALGORITHMS; COMPUTER SECURITY; CONFIDENTIALITY; HEALTH INFORMATION EXCHANGE; HUMANS; RADIO FREQUENCY IDENTIFICATION DEVICE; TELEMEDICINE;

EID: 84919913317     PISSN: 01485598     EISSN: 1573689X     Source Type: Journal    
DOI: 10.1007/s10916-014-0154-6     Document Type: Article

References (46)

1. Boyd, C., and Mathuria, A., Protocols for authentication and key establishment. Berlin Heidelberg: Springer, 2003.
2. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems-CHES 2004. LNCS, Vol. 3156, pp. 16–29. Springer 2004
3. Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–7, 2013.
4. Chen, H. M., Lo, J. W., Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.
5. Cheng, Z., Nistazakis, M., Comley, R., Vasiu, L.: On the indistinguishability-based security model of key agreement protocols-simple cases. IACR Cryptology ePrint Archive, https://eprint.iacr.org/2005/129.pdf (2005)
6. Das, A. K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.
7. Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.
8. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Advances in Cryptology–CRYPTO 2008, pp. 203–220. Springer (2008)
9. Hao, X., Wang, J., Yang, Q., Yan, X., Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):1–7, 2013.
10. He, D., Chen, J., Zhang, R., Weaknesses of a dynamic id-based remote user authentication scheme. Int. J. Electron. Secur. Digit. Forensic 3(4):355–362, 2010.
11. He, D., Kumar, N., Chilamkurti, N., Lee, J. H., Lightweight ECC Based RFID Authentication Integrated with an ID Verifier Transfer Protocol. J. Med. Syst. 38(10):1–6, 2014.
12. He, D., Chen, Y., Chen, J., Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn. 69(3):1149–1157, 2012.
13. He, D., Chen, J., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.
14. He, D., Kumar, N., Chen, J., Lee, C. C., Chilamkurti, N., Yeo, S. S.: Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems pp. 1–12 2013. doi:10.1007/s00530-013-0346-9.
15. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. Journal of medical systems 38(5):1–11, 2014.
16. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M. K., Cryptanalysis and improvement of yan et al.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):1–12, 2014.
17. Kim, K. W., and Lee, J. D., On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 38(5):1–11, 2014.
18. Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., He, L., A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(1):1–7, 2014.
19. Lin, T. H., and Lee, T. F., Secure verifier-based three-party authentication schemes without server public keys for data exchange in telecare medicine information systems. J. Med. Syst. 38(5):1–9, 2014.
20. He, D., and Wu, S., Security flaws in a smart card based authentication scheme for multi-server environment. Wirel. Pers. Commun. 70(1):323–329, 2013.
21. Mishra, D., Srinivas, J., Mukhopadhyay, S., A Secure and Efficient Chaotic Map-based Authenticated Key Agreement Scheme for Telecare Medicine Information Systems. J. Med. Syst. 38(10):1–10, 2014.
22. Islam, S. H., and Biswas, G., An improved id-based client authentication with key agreement scheme on ecc for mobile client-server environments. Theor. Appl. Inform. 24(4):293–312, 2012.
23. Jiang, Q., Ma, J., Lu, X., Tian, Y., Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J. Med. Syst. 38(2):1–8, 2014.
24. Jiang, Q., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):1–8, 2013.
25. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology-CRYPTO’99, pp. 388–397. Springer (1999)
26. Kukafka, R., Ancker, J.S., Chan, C., Chelico, J., Khan, S., Mortoti, S., Natarajan, K., Presley, K., Stephens, K., Redesigning electronic health record systems to support public health. J. Biomed. Inform. 40(4):398–409, 2007.
27. Kumari, S., Khan, M. K., Kumar, R., Cryptanalysis and improvement of a privacy enhanced scheme for telecare medical information systems. J. Med. Syst. 37(4):1–11, 2012.
28. Lee, T.F., An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 37(6):1–9, 2013.
29. Lee, T.F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for Telecare medicine Information Systems. J. Med. Syst. 37(3):1–8, 2013.
30. Lin, H.Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–5, 2013.
31. Lin, S.S., Hung, M.H., Tsai, C.L., Chou, L.P., Development of an ease-of-use remote healthcare system architecture using rfid and networking technologies. J. Med. Syst. 36(6):3605–3619, 2012.
32. Martin-Sanchez, F., Iakovidis, I., Nørager, S., Maojo, V., De Groen, P., Van der Lei, J., Jones, T., Abraham-Fuchs, K., Apweiler, R., Babic, A., et al., Synergy between medical informatics and bioinformatics: facilitating genomic medicine for future health care. J. Biomed. Inform. 37(1):30–42, 2004.
33. Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
34. Pizziferri, L., Kittler, A.F., Volk, L.A., Honour, M.M., Gupta, S., Wang, S., Wang, T., Lippincott, M., Li, Q., Bates, D.W., Primary care physician time utilization before and after implementation of an electronic health record: a time-motion study. J. Biomed. Inform. 38(3):176–188, 2005.
35. Potlapally, N.R., Ravi, S., Raghunathan, A., Jha, N.K., A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Trans. Mobile Comput. 5(2):128–143, 2006.
36. Pu, Q., Wang, J., Zhao, R., Strong authentication scheme for telecare medicine information systems. J. Med. Syst. 36(4):2609–2619, 2012.
37. Rivest, R. L., Shamir, A., Adleman, L., A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2):120–126, 1978.
38. Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.
39. Wong, D. S., Fuentes, H. H., Chan, A. H.: The performance measurement of cryptographic primitives on palm devices. In: Proceedings 17th Annual Computer Security Applications Conference (ACSAC 2001), pp. 92–101. IEEE (2001)
40. Wu, F., and Xu, L., Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst. 37(4):1–9, 2013. doi:10.1007/s10916-013-9958-z.
41. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.
42. Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–8, 2013.
43. Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., He, L., A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(1):1–7, 2014.
44. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012.
45. Mishra, D., A Study On ID-based Authentication Schemes for Telecare Medical Information System. arXiv preprint arXiv:1311.0151, 2013.
46. Mishra, D., and Mukhopadhyay, S.: Cryptanalysis of Wu and Xu’s authentication scheme for Telecare Medicine Information Systems. arXiv preprint arXiv:1309.5255 (2013)