Abstract
Nowadays, connected health care applications are used more and more in the world. Service through the applications can save the patients’ time and expense, such as telecare medical information system (TMIS) and integrated electronic patient record (EPR) information system. In the applications, preserving patients’ privacy, transmitting messages securely and keeping mutual authentication should all be paid attention. Many authentication schemes have been proposed to make a secure communicating environment. Recently Xie et al. showed that Wen’s scheme was insecure because it was under the off-line password guessing attack and without user anonymity and forward security. They gave a new three-factor authentication scheme and claimed that it was secure. However, we find that Xie et al’s scheme is vulnerable to the De-synchronization attack and the server has too much storage burden in the scheme. Then we present an improved scheme which overcomes the usual weaknesses and keeps ordinary security characters. Compared with recent schemes of the same kind, our scheme is secure and practical.
Similar content being viewed by others
References
Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):136, 2014.
Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9912, 2013. doi:10.1007/s10916-012-9912-5.
Chen, H. M., Lo, J. W., Yeh, C. K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J Med Syst 36(6):3907–3915, 2012.
Das, A. K., and Goswami, A., A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):9948 , 2013.
Fan, C. I., and Lin, Y. H., Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE Trans. Inf. Forensics Sec. 4(4):933–945, 2009.
Jiang, Q., Ma, J., Ma, Z., Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):9897, 2013. doi:10.1007/s10916-012-9897-0.
Jin, A. T. B., Ling, D. N. C., Goh, A., Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11):2245–2255, 2004.
Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):9954 , 2013a.
Khan, M. K., and Kumari, S., An improved biometrics-based remote user authentication scheme with user anonymity. BioMed. Res. Int. 2013(2013):491289, 2013. doi:10.1155/2013/491289.
Khan, M. K., and Kumari, S., Cryptanalysis and improvement of an efficient and secure dynamic id-based authentication scheme for telecare medical information systems. Secur. Commun. Netw. 7(2):399–408, 2014a.
Khan, M. K., and Kumari, S., An improved user authentication protocol for healthcare services via wireless medical sensor networks. Int. J. Distrib. Sens. Netw. 2014(2014):347169, 2014.
Khan, M. K., Kumari, S., Gupta, M. K., More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816, 2014.
Kim, K. W., and Lee, J. D., On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 38(5):17, 2014. doi:10.1007/s10916-014-0017-1.
Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In: Advances in Cryptology(CRYPTO99), pp. 388–397: Springer, 1999.
Kumari, S., and Khan, M. K., Cryptanalysis and improvement of ’a robust smart-card-based remote user password authentication scheme’. Int. J. Commun. Syst. 27(12):3939–3955, 2014. doi:10.1002/dac.2590.
Kumari, S., and Khan, M. K., More secure smart card-based remote user password authentication scheme with user anonymity. Secur. Commun. Netw. 7(11):2039–2053, 2014. doi:10.1002/sec.916.
Kumari, S., Gupta, M.K., Khan, M. K., Li, X., An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Secur. Commun. Netw. 7(11):1921–1932, 2014. doi:10.1002/sec.906.
Kumari, S., Khan, M. K., Kumar, R., Cryptanalysis and improvement of ’a privacy enhanced scheme for telecare medical information systems’. J. Med. Syst. 37(4):9952, 2013b. doi:10.1007/s10916-013-9952-5.
Kumari, S., Khan, M. K., Li, X., An improved remote user authentication scheme with key agreement. Comput. & Electr. Eng,. 40(6):1997–2012, 2014a.
Kumari, S., Khan, M. K., Li, X., Wu, F., Design of a user anonymous password authentication scheme without smart card. Int. J. Commun. Syst., 2014b. doi:10.1002/dac.2853.
Li, X., Wen, Q., Li, W., Zhang, H., Jin, Z., Secure privacy-preserving biometric authentication scheme for telecare medicine information systems. J. Med. Syst. 38(11):139, 2014.
Lin, H. Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9929, 2013. doi:10.1007/s10916-013-9929-4.
Messerges, T. S., Dabbish, E. A., Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Nanni, L., and Lumini, A., Random subspace for an improved biohashing for face authentication. Pattern Recogn. Lett. 29(3):295–300, 2008.
Tan, Z., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3):16, 2014. doi:10.1007/s10916-014-0016-2.
Wang, D., Wang, P., He, D., Anonymous two-factor authentication: Certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput, 2014. doi:10.1109/TDSC.2014.2355850.
Wen, F., A robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(6):9980, 2013. doi:10.1007/s10916-013-9980-1.
Wen, F., and Guo, D., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 38(5):26, 2014.
Wu, F., and Xu, L., An improved and provable self-certified digital signature scheme with message recovery. Int. J. Commun. Syst., 2013a. doi:10.1002/dac.2673.
Wu, F., and Xu, L., Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst. 37(4):9958, 2013b. doi:10.1007/s10916-013-9958-z.
Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):9911, 2013. doi:10.1007/s10916-012-9911-6.
Xie, Q., Liu, W., Wang, S., Han, L., Hu, B., Wu, T., Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care. J. Med. Syst. 38(9): 91, 2014. doi:10.1007/s10916-014-0091-4.
Xu, L., and Wu, F., An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity. Secur. Commun. Netw., 2014. doi:10.1002/sec.977.
Author information
Authors and Affiliations
Corresponding author
Additional information
Conflict of interests
The authors declare that they have no conflict of interest.
This article is part of the Topical Collection on Systems-Level Quality Improvement
Rights and permissions
About this article
Cite this article
Xu, L., Wu, F. Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care. J Med Syst 39, 10 (2015). https://doi.org/10.1007/s10916-014-0179-x
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-014-0179-x