Abstract
In order to protect users’ identity privacy, Chen et al. proposed an efficient dynamic ID-based authentication scheme for telecare medical information systems. However, Chen et al.’s scheme has some weaknesses. In Chen et al.’s scheme, an attacker can track a user by a linkability attack or an off-line identity guessing attack. Chen et al.’s scheme is also vulnerable to an off-line password guessing attack and an undetectable on-line password guessing attack when user’s smart card is stolen. In server side, Chen et al.’s scheme needs large computational load to authentication a legal user or reject an illegal user. To remedy the weaknesses in Chen et al.’s scheme, we propose an improved smart card based password authentication scheme. Our analysis shows that the improved scheme can overcome the weaknesses in Chen et al.’s scheme.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Lamport, L., Password authentication with insecure communication. comm. ACM 24(11):770–772, 1981.
Hwang, M.S., and Li, L.H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 488 46(1):28–30, 2000.
Wu, Z.Y., Lee, Y.C., Lai, F., Lee H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2010. doi:10.1007/s10916-010-9614-9.
He, D.B., Chen, J.H., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2011. doi:10.1007/s10916-011-9658-5.
Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst., 2012. doi:10.1007/s10916-012-9835-1.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst., 2012. doi:10.1007/s10916-012-9856-9.
Das, M.L., Saxena, A., Gulati, V.P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron 50(2):629–631, 2004.
Li, C.-T., Secure smart card based password authentication scheme with user anonymity. Information Technology and Control 40(2):157–162, 2011.
Wang, R.C., Juang,W.S., Lei, C.L., Robust authentication and key agreement scheme preserving the privacy of secret key. Comput. Commun 34(3):274–280, 2011.
Chen, H.-M., Lo, J.-W., Yeh, C.-K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst., 2012. doi:10.1007/s10916-012-9862-y.
Khan, M.K., et al., Cryptanalysis and security enhancement of a more efficient and secure dynamic id-based remote user authentication scheme. Comput. Commun 34(3):305–309, 2010.
Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Proceedings of Advances in Cryptology 1999, pp. 388–397, 1999.
Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Author information
Authors and Affiliations
Corresponding author
Additional information
Conflict of interest
The authors declare that they have no conflict of interest.
Rights and permissions
About this article
Cite this article
Cao, T., Zhai, J. Improved Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems. J Med Syst 37, 9912 (2013). https://doi.org/10.1007/s10916-012-9912-5
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-012-9912-5