Skip to main content

Advertisement

SpringerLink
Log in

Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Nowadays, connected health care applications are used more and more in the world. Service through the applications can save the patients’ time and expense, such as telecare medical information system (TMIS) and integrated electronic patient record (EPR) information system. In the applications, preserving patients’ privacy, transmitting messages securely and keeping mutual authentication should all be paid attention. Many authentication schemes have been proposed to make a secure communicating environment. Recently Xie et al. showed that Wen’s scheme was insecure because it was under the off-line password guessing attack and without user anonymity and forward security. They gave a new three-factor authentication scheme and claimed that it was secure. However, we find that Xie et al’s scheme is vulnerable to the De-synchronization attack and the server has too much storage burden in the scheme. Then we present an improved scheme which overcomes the usual weaknesses and keeps ordinary security characters. Compared with recent schemes of the same kind, our scheme is secure and practical.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):136, 2014.

    Article  Google Scholar 

  2. Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9912, 2013. doi:10.1007/s10916-012-9912-5.

    Article  MathSciNet  Google Scholar 

  3. Chen, H. M., Lo, J. W., Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J Med Syst 36(6):3907–3915, 2012.

    Article  Google Scholar 

  4. Das, A. K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):9948 , 2013.

    Article  Google Scholar 

  5. Fan, C. I., and Lin, Y. H., Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE Trans. Inf. Forensics Sec. 4(4):933–945, 2009.

    Article  Google Scholar 

  6. Jiang, Q., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):9897, 2013. doi:10.1007/s10916-012-9897-0.

    Article  MathSciNet  Google Scholar 

  7. Jin, A. T. B., Ling, D. N. C., Goh, A., Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.

    Article  Google Scholar 

  8. Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):9954 , 2013a.

    Article  Google Scholar 

  9. Khan, M. K., and Kumari, S., An improved biometrics-based remote user authentication scheme with user anonymity. BioMed. Res. Int. 2013(2013):491289, 2013. doi:10.1155/2013/491289.

    Google Scholar 

  10. Khan, M. K., and Kumari, S., Cryptanalysis and improvement of an efficient and secure dynamic id-based authentication scheme for telecare medical information systems. Secur. Commun. Netw. 7(2):399–408, 2014a.

    Article  Google Scholar 

  11. Khan, M. K., and Kumari, S., An improved user authentication protocol for healthcare services via wireless medical sensor networks. Int. J. Distrib. Sens. Netw. 2014(2014):347169, 2014.

    Google Scholar 

  12. Khan, M. K., Kumari, S., Gupta, M. K., More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816, 2014.

    Article  MathSciNet  Google Scholar 

  13. Kim, K. W., and Lee, J. D., On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 38(5):17, 2014. doi:10.1007/s10916-014-0017-1.

    Article  Google Scholar 

  14. Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology(CRYPTO99), pp. 388–397: Springer, 1999.

  15. Kumari, S., and Khan, M. K., Cryptanalysis and improvement of ’a robust smart-card-based remote user password authentication scheme’. Int. J. Commun. Syst. 27(12):3939–3955, 2014. doi:10.1002/dac.2590.

    Article  Google Scholar 

  16. Kumari, S., and Khan, M. K., More secure smart card-based remote user password authentication scheme with user anonymity. Secur. Commun. Netw. 7(11):2039–2053, 2014. doi:10.1002/sec.916.

    Article  Google Scholar 

  17. Kumari, S., Gupta, M.K., Khan, M. K., Li, X., An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Secur. Commun. Netw. 7(11):1921–1932, 2014. doi:10.1002/sec.906.

    Article  Google Scholar 

  18. Kumari, S., Khan, M. K., Kumar, R., Cryptanalysis and improvement of ’a privacy enhanced scheme for telecare medical information systems’. J. Med. Syst. 37(4):9952, 2013b. doi:10.1007/s10916-013-9952-5.

    Article  Google Scholar 

  19. Kumari, S., Khan, M. K., Li, X., An improved remote user authentication scheme with key agreement. Comput. & Electr. Eng,. 40(6):1997–2012, 2014a.

    Article  Google Scholar 

  20. Kumari, S., Khan, M. K., Li, X., Wu, F., Design of a user anonymous password authentication scheme without smart card. Int. J. Commun. Syst., 2014b. doi:10.1002/dac.2853.

    Google Scholar 

  21. Li, X., Wen, Q., Li, W., Zhang, H., Jin, Z., Secure privacy-preserving biometric authentication scheme for telecare medicine information systems. J. Med. Syst. 38(11):139, 2014.

    Article  Google Scholar 

  22. Lin, H. Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9929, 2013. doi:10.1007/s10916-013-9929-4.

    Article  Google Scholar 

  23. Messerges, T. S., Dabbish, E. A., Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  MathSciNet  Google Scholar 

  24. Nanni, L., and Lumini, A., Random subspace for an improved biohashing for face authentication. Pattern Recogn. Lett. 29(3):295–300, 2008.

    Article  Google Scholar 

  25. Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3):16, 2014. doi:10.1007/s10916-014-0016-2.

    Article  Google Scholar 

  26. Wang, D., Wang, P., He, D., Anonymous two-factor authentication: Certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput, 2014. doi:10.1109/TDSC.2014.2355850.

    Google Scholar 

  27. Wen, F., A robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(6):9980, 2013. doi:10.1007/s10916-013-9980-1.

    Article  Google Scholar 

  28. Wen, F., and Guo, D., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(5):26, 2014.

    Article  Google Scholar 

  29. Wu, F., and Xu, L., An improved and provable self-certified digital signature scheme with message recovery. Int. J. Commun. Syst., 2013a. doi:10.1002/dac.2673.

    Google Scholar 

  30. Wu, F., and Xu, L., Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst. 37(4):9958, 2013b. doi:10.1007/s10916-013-9958-z.

    Article  Google Scholar 

  31. Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9911, 2013. doi:10.1007/s10916-012-9911-6.

    Article  Google Scholar 

  32. Xie, Q., Liu, W., Wang, S., Han, L., Hu, B., Wu, T., Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care. J. Med. Syst. 38(9): 91, 2014. doi:10.1007/s10916-014-0091-4.

    Article  Google Scholar 

  33. Xu, L., and Wu, F., An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity. Secur. Commun. Netw., 2014. doi:10.1002/sec.977.

Download references

Author information

Authors and Affiliations

  1. School of Information Science and Technology, Xiamen University, Xiamen, 361005, China

    Lili Xu

  2. Department of Computer Science and Engineering, Xiamen Institute of Technology, Huaqiao University, Xiamen, 361021, China

    Fan Wu

Authors
  1. Lili Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fan Wu.

Additional information

Conflict of interests

The authors declare that they have no conflict of interest.

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xu, L., Wu, F. Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care. J Med Syst 39, 10 (2015). https://doi.org/10.1007/s10916-014-0179-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0179-x

Keywords

Search

Navigation