Skip to main content

Advertisement

SpringerLink
Log in

Improvement of a Uniqueness-and-Anonymity-Preserving User Authentication Scheme for Connected Health Care

  • Mobile Systems
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Patient’s privacy-preserving, security and mutual authentication between patient and the medical server are the important mechanism in connected health care applications, such as telecare medical information systems and personally controlled health records systems. In 2013, Wen showed that Das et al.’s scheme is vulnerable to the replay attack, user impersonation attacks and off-line guessing attacks, and then proposed an improved scheme using biometrics, password and smart card to overcome these weaknesses. However, we show that Wen’s scheme is still vulnerable to off-line password guessing attacks, does not provide user’s anonymity and perfect forward secrecy. Further, we propose an improved scheme to fix these weaknesses, and use the applied pi calculus based formal verification tool ProVerif to prove the security and authentication.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.

    Article  Google Scholar 

  2. Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.

    Article  Google Scholar 

  3. Wu, Z. Y., Chung, Y., Lai, F., and Chen, T. S., Password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36:631–638, 2012.

    Article  Google Scholar 

  4. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36:1529–1535, 2012.

    Article  Google Scholar 

  5. He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36:1989–1995, 2012.

    Article  Google Scholar 

  6. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  Google Scholar 

  7. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.

    Article  Google Scholar 

  8. Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004. 508.

    Article  Google Scholar 

  9. Awashti, A. K., Comment on a dynamic ID-based remote user authentication scheme. Trans. Cryptol. 1:15–16, 2014.

    Google Scholar 

  10. Ku, W. C., and Chang, S. T., Impersonation attack on a dynamic ID-based remote user authentication scheme using smart cards. IEICE Trans. Commun. E88-B:2165–2167, 2005.

    Article  Google Scholar 

  11. Wang, Y. Y., Kiu, J. Y., Xiao, F. X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32:583–585, 2009.

    Article  Google Scholar 

  12. Khan, M. K., Kim, S. K., and Alghathbar, K., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.

    Article  Google Scholar 

  13. Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  Google Scholar 

  14. Xie, Q., Zhang, J., and Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–8, 2013.

    Article  Google Scholar 

  15. Wen, F., and Guo, D., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38:26, 2014.

    Article  Google Scholar 

  16. Wen, F., A more secure anonymous user authentication scheme for the integrated EPR information system. J. Med. Syst. 38:42, 2014.

    Article  Google Scholar 

  17. Awasthi, A. K., and Srivastava, K., A biometric authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 37(5):1–4, 2013.

    Article  Google Scholar 

  18. Awasthi, A. K., and Goswami, A., An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function. J. Med. Syst. 38:27, 2014.

    Article  Google Scholar 

  19. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., and Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38:41, 2014.

    Article  Google Scholar 

  20. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., and Khan, M. K., Cryptanalysis and improvement of Yan et al’.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38:24, 2014.

    Article  Google Scholar 

  21. Yan, X., Li, W., Li, P., Wang, J., Hao, X., and Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37:5, 2013.

    Article  MATH  Google Scholar 

  22. Chang, Y. F., Yu, S. H., and Shiao, D. R., An uniqueness-and anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.

    Article  Google Scholar 

  23. Das, A. K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9948, 2013.

    Article  Google Scholar 

  24. Kim, K., and Lee, J., On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 38:17, 2014.

    Article  Google Scholar 

  25. Wen, F., A robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9980, 2013.

    Article  Google Scholar 

  26. Tsai, J., Lo, N., and Wu, T., Novel anonymous authentication scheme using smart cards. IEEE Trans. Ind. Electron. 9(4):2004–2013, 2013.

    Article  Google Scholar 

  27. Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38:16, 2014.

    Article  Google Scholar 

  28. Abadi, M., Blanchet, B., and Lundh, H. C., Models and Proofs of Protocol Security: A Progress Report. 21st International Conference on Computer Aided Verification, Grenoble, France, pp. 35–49, 2009.

  29. Abadi, M., and Fournet, C., Mobile Values, New Names, and Secure Communication. Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM New York, pp. 104–115, 2001.

  30. Li, C. T., Hwang, M. S., and Chu, Y. P., A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Comput. Commun. 31:2803–2814, 2008.

    Article  Google Scholar 

  31. Li, W., Wen, Q., Su, Q., and Jin, Z., An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network. Comput. Commun. 35:188–195, 2012.

    Article  Google Scholar 

Download references

Acknowledgments

This research was supported by the Major State Basic Research Development (973) Program of China (No. 2013CB834205), the National Natural Science Foundation of China (No. 61070153, 61103209), and Natural Science Foundation of Zhejiang Province (No. LZ12F02005, LY12F02006).

Author information

Authors and Affiliations

  1. Hangzhou Key Laboratory of Cryptography and Network Security, Hangzhou Normal University, Hangzhou, 311121, China

    Qi Xie, Wenhao Liu, Shengbao Wang, Lidong Han & Bin Hu

  2. School of Computer Science, Hangzhou Dianzi University, Hangzhou, 310018, China

    Ting Wu

Authors
  1. Qi Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenhao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shengbao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lidong Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bin Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ting Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qi Xie.

Additional information

This article is part of the Topical Collection on Mobile Systems

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xie, Q., Liu, W., Wang, S. et al. Improvement of a Uniqueness-and-Anonymity-Preserving User Authentication Scheme for Connected Health Care. J Med Syst 38, 91 (2014). https://doi.org/10.1007/s10916-014-0091-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0091-4

Keywords

Search

Navigation