Abstract
With the growing popularity of network technologies, cloud-based health care applications are becoming an essential part of telecare medical information systems have been widely studied in recent years. To protect patient privacy and restrict the access of precious services for legal privileged participants only, many secure medical data exchange protocols have been widely utilized for various service-oriented medical systems. In 2014, Chen et al. proposed a secure medical data exchange protocol based on cloud environments. They claimed that their protocol achieves better security as compared to those for other existing medical-oriented systems. However, in this paper, we found that Chen et al.’s data exchange protocol has two functional weaknesses such as (1) it fails to provide real-time monitoring service, (2) it has two design flaws in doctor treatment phase and is not easily reparable.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chen, C.L., Yang, T.T., Shih, T.F.: A secure medical data exchange protocol based on cloud environments. J. Med. Syst. 38, 112 (2014)
Chung, P.S., Liu, C.W., Hwang, M.S.: A study of attribute-based proxy re-encryption scheme in cloud environments. Int. J. Netw. Secur. 16(1), 1–13 (2014)
Hao, X., Wang, J., Yang, Q., Yan, X., Li, P.: A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2), 9919 (2013)
HAVO. http://www.hvc.com.tw/lang/HAVO-E/Home%20HAVO.html. Accessed 18 April 2015
He, D., Chen, J., Zhang, R.: A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3), 1989–1995 (2012)
Hsu, C., Zeng, B., Zhang, M.: A novel group key transfer for big data security. Appl. Math. Comput. 249(15), 436–443 (2014)
Jiang, Q., Ma, J., Ma, Z., Li, G.: A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37, 9897 (2013)
Jiang, Q., Ma, J., Lu, X., Tian, Y.: Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J. Med. Syst. 38(2), 12 (2014)
Kumari, S., Khan, M.K., Kumar, R.: Cryptanalysis and improvement of ’A privacy enhanced scheme for telecare medical information systems. J. Med. Syst. 37, 9952 (2013)
Lee, C.C., Chung, P.S., Hwang, M.S.: A survey on attribute-based encryption schemes of access control in cloud environments. Int. J. Netw. Secur. 15(4), 231–240 (2013)
Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1), 1–5 (2010)
Li, C.T., Lee, C.C., Weng, C.Y., Fan, C.I.: An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Trans. Internet Inf. Syst. 7(1), 119–131 (2013)
Li, C.T., Lee, C.C., Weng, C.Y.: An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dyn. 74(4), 1133–1143 (2013)
Li, C.T.: A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Inf. Secur. 7(1), 3–10 (2013)
Li, C.T., Lee, C.C., Weng, C.Y.: A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9), 1–11 (2014)
Li, C.T., Lee, C.W., Shen, J.J.: An extended chaotic maps based keyword search scheme over encrypted data resist outside and inside keyword guessing attacks in cloud storage services. Nonlinear Dyn. 80(3), 1601–1611 (2015)
Li, C.T., Weng, C.Y., Lee, C.C.: A secure RFID tag authentication protocol with privacy preserving in telecare medicine information systems. J. Med. Syst. 39(8), 1–8 (2015)
Li, C.T., Weng, C.Y., Lee, C.C., Wang, C.C.: Secure user authentication and user anonymity scheme based on quadratic residues for the integrated EPRIS. Procedia Comput. Sci. 52, 21–28 (2015)
Khanna, A., Misra, P.: The Internet of things for medical devices - prospects, challenges and the way forward. Tata Consultancy Services. http://www.tcs.com/SiteCollectionDocuments/White%20Papers/Internet-of-Things-Medical-Devices_0714-2.pdf. Accessed 18 April 2015
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)
Wang, J., Yu, X., Zhao, M.: Fault-tolerant verifiable keyword symmetric searchable encryption in hybrid cloud. Int. J. Netw. Secur. 17(4), 471–483 (2015)
Wei, J., Hu, X., Liu, W.: An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6), 3597–3604 (2012)
Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y.: A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3), 1529–1535 (2012)
Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)
Zhu, Z.: An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6), 3833–3838 (2012)
Acknowledgements
The authors would like to thank the anonymous reviewers for their valuable comments and suggestions. In addition, this research was partially supported by the Ministry of Science and Technology, Taiwan, R.O.C., under contract no.: MOST 104-2221-E-165-004 and MOST 104-3114-C-165-001-ES.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Li, CT., Lee, CC., Wang, CC., Yang, TH., Chen, SJ. (2015). Design Flaws in a Secure Medical Data Exchange Protocol Based on Cloud Environments. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9532. Springer, Cham. https://doi.org/10.1007/978-3-319-27161-3_39
Download citation
DOI: https://doi.org/10.1007/978-3-319-27161-3_39
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27160-6
Online ISBN: 978-3-319-27161-3
eBook Packages: Computer ScienceComputer Science (R0)