Abstract.
Although a number of three-factor authentication schemes have been developed to ensure that sensitive medical information are only available to legal users in telecare medical information system, most of them are found to be flawed. Understanding security and privacy failures of authentication protocols is a prerequisite to both fixing existing protocols and designing future ones. In this paper, we analyze an enhanced three-factor authentication scheme of Lu et al., and reveal that it cannot achieve the claimed security and privacy goals. (1) It fails to provide anonymity and untraceability, and is susceptible to the following attacks targeting user privacy: identity revelation attack and tracking attack. (2) It is also susceptible to offline password guessing attack, user impersonation attack, and server impersonation attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., & Yen, D. C.: Design and Implementation of a Telecare Information Platform. J. Med. Syst. 36(3) (2012) 1629-1650
Li, H., Yang, Y., Luan, T., Liang, X., Zhou, L., Shen, X.: Enabling Fine-grained Multi-keyword Search Supporting Classified Sub-dictionaries over Encrypted Cloud Data. IEEE Transactions on Dependable and Secure Computing 13(3) (2016) 312-325
Jiang Q., Ma Z., Ma J., Li G.: Security Enhancement of a Robust User Authentication framework for Wireless Sensor Networks. China Communications 9(10) (2012) 103-111
Jiang Q., Ma J., Li G., Yang L.: Robust Two-factor Authentication and Key Agreement Preserving User Privacy. International Journal of Network Security 16(3)( 2014) 229-240
Jiang Q., Wei F., Fu S., Ma J., Li G., Alelaiwi A.: Robust Extended Chaotic Maps-based Three-factor Authentication Scheme Preserving Biometric Template Privacy. Nonlinear Dynamics 83(4) (2016) 2085-2101
Awasthi, A.K., Srivastava, K.: A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce. J. Med. Syst. 37(5) (2013) 1–4
Tan, Z.: A User Anonymity Preserving Three-factor Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 38(3) (2014) 1–9
Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M.K., Chaturvedi, A.: Security Enhancement of a Biometric based Authentication Scheme for Telecare Medicine Information Systems with Nonce. J. Med. Syst. 38(5): (2014) 1–11
Arshad, H., Nikooghadam, M.: Three-factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems. J. Med. Syst. 38(12) (2014) 1-12
Das, A.K.: A Secure User Anonymity-Preserving Three-Factor Remote User Authentication Scheme for the Telecare Medicine Information Systems. J. Med. Syst. 39(3) (2015) 1-20
Lu, Y., Li, L., Peng, H., Yang, Y.: An Enhanced Biometric-based Authentication Scheme for Telecare Medicine Information Systems Using Elliptic Curve Cryptosystem. J. Med. Syst. 39(3) (2015)
Wang D., He D., Wang P., Chu C.-H.: Anonymous Two-factor Authentication in Distributed Systems: Certain Goals are Beyond Attainment. IEEE Transactions on Dependable and Secure Computing 12(4) (2015)428-442.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Jiang, Q., Li, B., Ma, J. (2017). On the Security of Three-factor Authentication Scheme for Telecare Medical Information Systems. In: Barolli, L., Xhafa, F., Yim, K. (eds) Advances on Broad-Band Wireless Computing, Communication and Applications. BWCCA 2016. Lecture Notes on Data Engineering and Communications Technologies, vol 2. Springer, Cham. https://doi.org/10.1007/978-3-319-49106-6_89
Download citation
DOI: https://doi.org/10.1007/978-3-319-49106-6_89
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49105-9
Online ISBN: 978-3-319-49106-6
eBook Packages: EngineeringEngineering (R0)