Abstract
The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients’ medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users’ overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users’ public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Chen, T. L., Chung, Y. F., and Lin, F. Y. S., A study on agent-based secure scheme for electronic medical record system. J. Med. Syst., 2012. doi:10.1007/s10916-010-9595-8.
Wu, Z., Chung, Y., Lai, F., and Chen, T., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.
Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.
Van Der Haak, M., Wolff, A. C., Brandner, R., Drings, P., Wannenmacher, M., and Wetter, T., Data security and protection in cross-institutional electronic patient records. Int. J. Med. Inform. 70(2–3):14, 2003.
Tsai, F. S., Security issues in e-healthcare. J. Med. Biol. Eng. 30(4):209–214, 2010.
He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2012. doi:10.1007/s10916-011-9658-5.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2010. doi:10.1007/s10916-010-9614-9.
Tzeng, W.-G., Tzeng, Z.-J., Round-efficient conference key agreement protocols with provable security. Proc. of Advances in Cryptology –ASIACRYPT 2000. LNCS 1976, 614–627, 2000.
Tzeng, W.-G., A secure fault-tolerant conference-key agreement protocol. IEEE Trans. Comput. 51(4):373–379, 2002.
Boyd, C., Nieto, J. M. G., Round-optimal contributory conference key agreement. Public Key Cryptography - PKC 2003. LNCS 2567, 161–174, 2003.
Lee, T.-F., Hwang, T., Improvement of the round-optimal conference key agreement protocol of Boyd and Nieto. 16th Information Security Conference. 98–102, 2006.
Lee, T.-F., Wen, H.-A., Hwang, T., A weil pairing-based round-efficient and fault-tolerant group key agreement protocol for sensor networks. IEEE Press - Sensor Network Operations. 571–579, 2006.
Jeong, I., and Lee, D., Key agreement for key hypergraph. Comput. Secur. 26:452–458, 2007.
Lee, T.-F., Wen, H.-A., Jin, Y.-C., Chen, C.-S., Password-based group key agreement with server’s public key for Hypergraphs. 2008 Symposium on Applications of Information, Management and Communication Technology, 2008.
Lee, S.M., Hwang, J.-Y., Lee, D.-H., Efficient password-based group key exchange. TrustBus 2004: Trust and Privacy in Digital Business, 1st International Conference. LNCS 3184, 191–199, 2004.
Abdalla, M., Bresson, E. l., Chevassut, O., Pointcheval, D., Password-based group key exchange in a constant number of rounds. Public Key Cryptography - PKC 2006. LNCS 3958, 427–442, 2006.
Dutta, R., and Barua, R., Password-based encrypted group key agreement. Int. J. Netw. Secur. 3(1):30–41, 2006.
Abdalla, M., Pointcheval, D., Simple password-based authenticated key protocols. Topics in Cryptology - CT-RSA 2005. LNCS 3376, 191–208, 2005.
Merkle, R. C., A fast software one-way hash function. J. Cryptol. 3(1):43–58, 1990.
Kim, H.-J., Lee, S.-M., Lee, D.-H., Constant-round authenticated group key exchange for dynamic groups. Advances in Cryptology – ASIACRYPT 2004. LNCS 3329, 245–259, 2004.
Bresson, E., Chevassut, O., Pointcheval, D., Provably authenticated group Diffie-Hellman key exchange – the dynamic case. Advances in Cryptology– ASIACRYPT 2001. LNCS 2248, 290–309, 2001.
Bresson, E., Chevassut, O., Pointcheval, D., Group Diffie-Hellman key exchange secure against dictionary attacks. Advances in Cryptology– ASIACRYPT 2002. LNCS 2501, 497–514, 2002.
Bresson, E., Chevassut, O., Pointcheval, D., Dynamic group Diffie-Hellman key exchange under standard assumptions. Advances in Cryptology – EUROCRYPT 2002. LNCS 2332, 321–336, 2002.
Acknowledgments
This effort was supported by National Science Council under the grants NSC100-2221-E-320-004.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lee, TF., Chang, IP. & Wang, CC. Simple Group Password-based Authenticated Key Agreements for the Integrated EPR Information System. J Med Syst 37, 9916 (2013). https://doi.org/10.1007/s10916-012-9916-1
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-012-9916-1