Abstract
The rapidly increased availability of always-on broadband telecommunication environments and lower-cost vital signs monitoring devices bring the advantages of telemedicine directly into the patient’s home. Hence, the control of access to remote medical servers’ resources has become a crucial challenge. A secure authentication scheme between the medical server and remote users is therefore needed to safeguard data integrity, confidentiality and to ensure availability. Recently, many authentication schemes that use low-cost mobile devices have been proposed to meet these requirements. In contrast to previous schemes, Khan et al. proposed a dynamic ID-based remote user authentication scheme that reduces computational complexity and includes features such as a provision for the revocation of lost or stolen smart cards and a time expiry check for the authentication process. However, Khan et al.’s scheme has some security drawbacks. To remedy theses, this study proposes an enhanced authentication scheme that overcomes the weaknesses inherent in Khan et al.’s scheme and demonstrated this scheme is more secure and robust for use in a telecare medical information system.
Similar content being viewed by others
References
Istepanian, R. S. H., Jovanov, E., and Zhang, Y. T., Guest editorial introduction to the special section on M-health: Beyond seamless mobility and global wireless health-care connectivity. IEEE Trans. Inf. Technol. Biomed. 8(4):405–414, 2004.
Latré, B., Braem, B., Moerman, I., Blondia, C., and Demeester, P., A survey on wireless body area networks. J. Wireless Netw. 17(1). January 2011.
Stachura, M., and Khasanshina, E., Telehomecare and remote monitoring: An outcomes overview. Adv. Med. Technol. Assoc., October 31, 2007, Available at: http://www.advamed.org/NR/rdonlyres/2250724C-5005-45CD-A3C9-0EC0CD3132A1/0/TelehomecarereportFNL103107.pdf (last access March 2012).
Otto, C., Milenkovic, A., Sanders, C., and Jovanov, E., System architecture of a wireless body area sensor network for ubiquitous health monitoring. J. Mobile Multimed. 1(4):307–326, 2006.
Mana, M., Feham, M., and Bensaber, B. A., Trust key management scheme for wireless body area networks. Int. J. Netw. Secur. 12(2):71–79, 2011.
Electronic health record Wiki Site. http://en.wikipedia.org/wiki/Electronic_health_record#cite_note-23, (last accessed March 2012).
Dunlop, L., Electronic health records: Interoperability challenges and patient’s right for privacy. Shidler J. Comput. Technol. 3:16, 2007.
Tim Wafa (J.D.)., How the lack of prescriptive technical granularity in HIPAA has compromised patient privacy. N. Illinois Univ. Law Rev., 30(3), Summer 2010.
Lamport, L., Password authentication with insecure communication. Commun. ACM 24(11):770–772, 1981.
Haller, N., The S/KEY one-time password system. Proceedings of the Internet Society Symposium on Network and Distributed Systems, pp. 151–157, 1994.
Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1):28–30, 2000.
Xu, J., Zhu, W. T., and Feng, D. G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfac. 31(4):723–728, 2009.
Lee, N. Y., and Chiu, Y. C., Improved remote authentication scheme with smart card. Comput. Stand. Interfac. 27(2):177–180, 2005.
Lee, S. W., Kim, H. S., and Yoo, K. Y., Improvement of Chien et al’.s remote user authentication scheme using smart cards. Comput. Stand. Interfac. 27(2):181–183, 2005.
Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y., A secure authentication scheme for Telecare medicine information systems. J. Med. Syst., 2010. doi:10.1007/s10916-010-9614-9.
Debiao, H., Jianhua, C., and Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2011. doi:10.1007/s10916-011-9658-5.
Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004. 508.
Awashti, A. K., Comment on ‘A dynamic ID-based remote user authentication scheme’. Trans. Cryptol. 1(2):15–16, 2004.
Chien, H. Y., and Chen, C. H., A remote authentication scheme preserving user anonymity. In: International conference on AINA’05, 2, 2005.
Ku, W. C., Chang, S. T., Impersonation attack on a dynamic ID-based remote user authentication sheme using smart cards. IEICE Transactions on Communication E88-B (5):2165–2167, 2005.
Liao, I., Lee, C. C., Hwang, M. S., Security enhancement for a dynamic ID-based remote user authentication scheme. Proceedings of the National Conference on Next Generation Web Services Practices, pp. 4, 22–26 Aug. 2005.
Wang, Y. Y., Kiu, J. Y., Xiao, F. X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32:583–585, 2009.
Khan, M. K., et al., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.
He, D., Chen, J., and Hu, J, Weaknesses of a dynamic ID-based remote user authentication scheme. IACR Eprint archive, 2010, Available at http://eprint.iacr.org/2010/240 (last accessed March 2012).
Conflict of interest
The authors declare that they have no conflict of interest.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chen, HM., Lo, JW. & Yeh, CK. An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems. J Med Syst 36, 3907–3915 (2012). https://doi.org/10.1007/s10916-012-9862-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-012-9862-y