Skip to main content
SpringerLink
Log in

A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System

  • MOBILE SYSTEMS
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Secure and efficient user mutual authentication is an essential task for integrated electronic patient record (EPR) information system. Recently, several authentication schemes have been proposed to meet this requirement. In a recent paper, Lee et al. proposed an efficient and secure password-based authentication scheme used smart cards for the integrated EPR information system. This scheme is believed to have many abilities to resist a range of network attacks. Especially, they claimed that their scheme could resist lost smart card attack. However, we reanalyze the security of Lee et al.’s scheme, and show that it fails to protect off-line password guessing attack if the secret information stored in the smart card is compromised. This also renders that their scheme is insecure against user impersonation attacks. Then, we propose a new user authentication scheme for integrated EPR information systems based on the quadratic residues. The new scheme not only resists a range of network attacks but also provides user anonymity. We show that our proposed scheme can provide stronger security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Chang, Y.F., Lin, S.C., Chang, P.Y., A location-privacy-protected RFID authentication scheme. In: IEEE International Conference on Communications, pp. 1–4, 2011.

  2. Chen, H.M., Lo, J.W., Yeh, C.K., An efficient and secure dynamic ID-based authentication scheme for Telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  Google Scholar 

  3. Chen, Y., Chou, J., Sun, H., A novel mutual-authentication scheme based on quadratic residues for RFID systems. Comput. Netw. 52(12):2373–2380, 2008.

    Article  MATH  Google Scholar 

  4. Cheng, Z.Y., Liu, Y., Chang, C.C., Liu, C.X., A novel biometric-based remote user authentication scheme using quadratic residues. Int. J. Inf. Electron. Eng. 3(4):419–422, 2013.

    Google Scholar 

  5. He, D.B., Chen, J.H., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  6. Kumar, M., A new secure remote user authentication scheme with smart cards. Int. J. Netw. Secur. 11(2):88–93, 2010.

    Google Scholar 

  7. Kocher, P.C., Jaffe, J., Jun, B., Differential power analysis. In: Proceedings of 19th International Advances in Cryptology, pp. 388-397, Santa Barbara, 1999.

  8. Lee, N.Y., and Chiu, Y.C., Improved remote authentication scheme with smart card. Comput. Stand. Interfaces 27(2):177–180, 2005.

    Article  Google Scholar 

  9. Lee, S.W., Kim, H.S., Yoo, K.Y., Improvement of Chien et al.s remote user authentication scheme using smart cards. Comput. Stand. Interfaces 27(2):181–183, 2005.

    Article  Google Scholar 

  10. Lee, T.F., Chang, I.P., Lin, T.H., Wang, C.C., A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system. J. Med. Syst. 37(3):9941, 2013. doi:10.1007/s10916-013-9941-8.

    Article  Google Scholar 

  11. Lee, T.F., An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 37(6):9985, 2013. doi:10.1007/s10916-013-9985-9.

    Article  Google Scholar 

  12. Li, X., Qiu, W., Zheng, D., Chen, K., Li, J., Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 57(2):793–800, 2010.

    Article  Google Scholar 

  13. Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  MathSciNet  Google Scholar 

  14. Rosen, K., Elementary number theory and its applications. Reading.MA: Addison-Wesley, 1988.

    MATH  Google Scholar 

  15. Takeda, H., Matsumura, Y., Kuwata, S., Architecture for networked electronic patient record systems. Int. J. Med. Inform. 60(2):161–167, 2000.

    Article  Google Scholar 

  16. Wang, B., and Li, Z.Q., A forward-secure user authentication scheme with smart cards. Int. J. Netw. Secur. 3(2):116–119, 2006.

    Google Scholar 

  17. Wei, J., Hu, X., Liu, W.: An improved authentication scheme for telecare medicine information systems. In: Journal of Medical System, 36(6):3597–3604, 2012.

    Article  Google Scholar 

  18. Wen, F.T., Susilo, W., Yang, G.M., A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. In: Wireless personal communicationx, 73(3):993–1004, 2013.

    Article  Google Scholar 

  19. Wen, F.T., A robust uniqueness and anonymity preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(6):9980, 2013.

    Article  Google Scholar 

  20. Wen, F.T., Susilo, W., Yang, G.M., A robust smart card-based anonymous user authentication protocol for wireless communications. In: Security and Communication Networks, 2013. doi:10.1002/sec.816.

  21. Wu, Z.P., Chung, Y., Lai, F., Chen, T.S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.

    Article  Google Scholar 

  22. Wu, S., Zhu, Y., Pu, Q., Robust smart-cards-based user authentication scheme with user anonymity. Secur. Commun. Netw. 5(2):236–248, 2012.

    Article  Google Scholar 

  23. Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  Google Scholar 

  24. Xu, J., Zhu, W.T., Feng, D.G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.

    Article  Google Scholar 

  25. Yang, G., Wong, D., Wang, H., Deng, X., Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74(7):1160–172, 2008.

    Article  MATH  MathSciNet  Google Scholar 

  26. Yau, W.C., Raphael, C., Phan, W., Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(6):9993, 2013. doi:10.1007/s10916-013-9993-9.

    Article  Google Scholar 

  27. Yeh, T.C., Wu, C.H., Tseng, Y.M., Improvement of the RFID authentication scheme based on quadratic residues. Comput. Commun. 34:337–341, 2011.

    Article  Google Scholar 

  28. Youn, T., Park, Y., Lim, J., Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks. IEEE Commun. Lett. 13(7):471–473, 2009.

    Article  Google Scholar 

  29. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.

    Article  Google Scholar 

Download references

Acknowledgments

The author would like to thank the anonymous referees for their valuable comments and suggestions. This work is supported by Natural Science Foundation of Shandong Province(NO.ZR2013FM009).

Author information

Authors and Affiliations

  1. School of Mathematical Sciences, University of Jinan, Jinan, 250022, China

    Fengtong Wen

Authors
  1. Fengtong Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fengtong Wen.

Additional information

This article is part of the Topical Collection on Mobile Systems

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wen, F. A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System. J Med Syst 38, 42 (2014). https://doi.org/10.1007/s10916-014-0042-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0042-0

Keywords

Search

Navigation