Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems

被引:96
作者
Chaudhry, Shehzad Ashraf [1 ]
Naqvi, Husnain [1 ]
Shon, Taeshik [2 ]
Sher, Muhammad [1 ]
Farash, Mohammad Sabzinejad [3 ]
机构
[1] Int Islamic Univ Islamabad, Dept Comp Sci & Software Engn, Islamabad, Pakistan
[2] Ajou Univ, Coll Informat Technol, Div Informat & Comp Engn, Suwon 443749, South Korea
[3] Kharazmi Univ, Mohammad Sabzinejad Farash Dept Math & Comp Sci, Tehran, Iran
来源
JOURNAL OF MEDICAL SYSTEMS | 2015年 / 39卷 / 06期
关键词
Authentication; Authenticated key agreement; Elliptic curve cryptography; Impersonation attack; TMIS; Body area networks; REMOTE USER AUTHENTICATION; KEY AGREEMENT PROTOCOL; EXCHANGE PROTOCOL; EFFICIENT; SCHEME; SECURE; ANONYMITY; ROBUST;
D O I
10.1007/s10916-015-0244-0
中图分类号
R19 [保健组织与事业(卫生事业管理)];
学科分类号
摘要
Telecare medical information systems (TMIS) provides rapid and convenient health care services remotely. Efficient authentication is a prerequisite to guarantee the security and privacy of patients in TMIS. Authentication is used to verify the legality of the patients and TMIS server during remote access. Very recently Islam et al. (J. Med. Syst. 38(10): 135, 2014) proposed a two factor authentication protocol for TMIS using elliptic curve cryptography (ECC) to improve Xu et al.'s (J. Med. Syst. 38(1): 9994, 2014) protocol. They claimed their improved protocol to be efficient and provides all security requirements. However our analysis reveals that Islam et al.'s protocol suffers from user impersonation and server impersonation attacks. Furthermore we proposed an enhanced protocol. The proposed protocol while delivering all the virtues of Islam et al.'s protocol resists all known attacks.
引用
收藏
页数:11
相关论文
共 44 条
[1]  
[Anonymous], 2014, J ELECTR ENG-SLOVAK
[2]  
[Anonymous], ISC INT J INF SECUR
[3]  
[Anonymous], SECUR COMM NETW
[4]   An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography [J].
Ch, Shehzad Ashraf ;
Uddin, Nizam ;
Sher, Muhammad ;
Ghani, Anwar ;
Naqvi, Husnain ;
Irshad, Azeem .
MULTIMEDIA TOOLS AND APPLICATIONS, 2015, 74 (05) :1711-1723
[5]   Comment on 'Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications' [J].
Chaudhry, Shehzad Ashraf .
IET Communications, 2015, 9 (07) :1034-1034
[6]   An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems [J].
Chen, Hung-Ming ;
Lo, Jung-Wen ;
Yeh, Chang-Kuo .
JOURNAL OF MEDICAL SYSTEMS, 2012, 36 (06) :3907-3915
[7]   A Secure and Robust Password-Based Remote User Authentication Scheme Using Smart Cards for the Integrated EPR Information System [J].
Das, Ashok Kumar .
JOURNAL OF MEDICAL SYSTEMS, 2015, 39 (03)
[8]   NEW DIRECTIONS IN CRYPTOGRAPHY [J].
DIFFIE, W ;
HELLMAN, ME .
IEEE TRANSACTIONS ON INFORMATION THEORY, 1976, 22 (06) :644-654
[9]   An improved password-based authentication scheme for session initiation protocol using smart cards without verification table [J].
Farash, Mohammad Sabsinejad .
INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2017, 30 (01)
[10]   Security analysis and enhancements of an improved authentication for session initiation protocol with provable security [J].
Farash, Mohammad Sabzinejad .
PEER-TO-PEER NETWORKING AND APPLICATIONS, 2016, 9 (01) :82-91
12345