Abstract
Secure and efficient user mutual authentication is an essential task for integrated electronic patient record (EPR) information system. Recently, several authentication schemes have been proposed to meet this requirement. In a recent paper, Lee et al. proposed an efficient and secure password-based authentication scheme used smart cards for the integrated EPR information system. This scheme is believed to have many abilities to resist a range of network attacks. Especially, they claimed that their scheme could resist lost smart card attack. However, we reanalyze the security of Lee et al.’s scheme, and show that it fails to protect off-line password guessing attack if the secret information stored in the smart card is compromised. This also renders that their scheme is insecure against user impersonation attacks. Then, we propose a new user authentication scheme for integrated EPR information systems based on the quadratic residues. The new scheme not only resists a range of network attacks but also provides user anonymity. We show that our proposed scheme can provide stronger security.
Similar content being viewed by others
References
Chang, Y.F., Lin, S.C., Chang, P.Y., A location-privacy-protected RFID authentication scheme. In: IEEE International Conference on Communications, pp. 1–4, 2011.
Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic ID-based authentication scheme for Telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.
Chen, Y., Chou, J., Sun, H., A novel mutual-authentication scheme based on quadratic residues for RFID systems. Comput. Netw. 52(12):2373–2380, 2008.
Cheng, Z.Y., Liu, Y., Chang, C.C., Liu, C.X., A novel biometric-based remote user authentication scheme using quadratic residues. Int. J. Inf. Electron. Eng. 3(4):419–422, 2013.
He, D.B., Chen, J.H., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.
Kumar, M., A new secure remote user authentication scheme with smart cards. Int. J. Netw. Secur. 11(2):88–93, 2010.
Kocher, P.C., Jaffe, J., Jun, B., Differential power analysis. In: Proceedings of 19th International Advances in Cryptology, pp. 388-397, Santa Barbara, 1999.
Lee, N.Y., and Chiu, Y.C., Improved remote authentication scheme with smart card. Comput. Stand. Interfaces 27(2):177–180, 2005.
Lee, S.W., Kim, H.S., Yoo, K.Y., Improvement of Chien et al.s remote user authentication scheme using smart cards. Comput. Stand. Interfaces 27(2):181–183, 2005.
Lee, T.F., Chang, I.P., Lin, T.H., Wang, C.C., A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system. J. Med. Syst. 37(3):9941, 2013. doi:10.1007/s10916-013-9941-8.
Lee, T.F., An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 37(6):9985, 2013. doi:10.1007/s10916-013-9985-9.
Li, X., Qiu, W., Zheng, D., Chen, K., Li, J., Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 57(2):793–800, 2010.
Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Rosen, K., Elementary number theory and its applications. Reading.MA: Addison-Wesley, 1988.
Takeda, H., Matsumura, Y., Kuwata, S., Architecture for networked electronic patient record systems. Int. J. Med. Inform. 60(2):161–167, 2000.
Wang, B., and Li, Z.Q., A forward-secure user authentication scheme with smart cards. Int. J. Netw. Secur. 3(2):116–119, 2006.
Wei, J., Hu, X., Liu, W.: An improved authentication scheme for telecare medicine information systems. In: Journal of Medical System, 36(6):3597–3604, 2012.
Wen, F.T., Susilo, W., Yang, G.M., A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. In: Wireless personal communicationx, 73(3):993–1004, 2013.
Wen, F.T., A robust uniqueness and anonymity preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(6):9980, 2013.
Wen, F.T., Susilo, W., Yang, G.M., A robust smart card-based anonymous user authentication protocol for wireless communications. In: Security and Communication Networks, 2013. doi:10.1002/sec.816.
Wu, Z.P., Chung, Y., Lai, F., Chen, T.S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.
Wu, S., Zhu, Y., Pu, Q., Robust smart-cards-based user authentication scheme with user anonymity. Secur. Commun. Netw. 5(2):236–248, 2012.
Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.
Xu, J., Zhu, W.T., Feng, D.G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.
Yang, G., Wong, D., Wang, H., Deng, X., Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74(7):1160–172, 2008.
Yau, W.C., Raphael, C., Phan, W., Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(6):9993, 2013. doi:10.1007/s10916-013-9993-9.
Yeh, T.C., Wu, C.H., Tseng, Y.M., Improvement of the RFID authentication scheme based on quadratic residues. Comput. Commun. 34:337–341, 2011.
Youn, T., Park, Y., Lim, J., Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks. IEEE Commun. Lett. 13(7):471–473, 2009.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.
Acknowledgments
The author would like to thank the anonymous referees for their valuable comments and suggestions. This work is supported by Natural Science Foundation of Shandong Province(NO.ZR2013FM009).
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Mobile Systems
Rights and permissions
About this article
Cite this article
Wen, F. A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System. J Med Syst 38, 42 (2014). https://doi.org/10.1007/s10916-014-0042-0
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-014-0042-0