Skip to main content

Advertisement

SpringerLink
Log in

Understanding Security Failures of Two Authentication and Key Agreement Schemes for Telecare Medicine Information Systems

  • Patient Facing Systems
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Smart card based authentication and key agreement schemes for telecare medicine information systems (TMIS) enable doctors, nurses, patients and health visitors to use smart cards for secure login to medical information systems. In recent years, several authentication and key agreement schemes have been proposed to present secure and efficient solution for TMIS. Most of the existing authentication schemes for TMIS have either higher computation overhead or are vulnerable to attacks. To reduce the computational overhead and enhance the security, Lee recently proposed an authentication and key agreement scheme using chaotic maps for TMIS. Xu et al. also proposed a password based authentication and key agreement scheme for TMIS using elliptic curve cryptography. Both the schemes provide better efficiency from the conventional public key cryptography based schemes. These schemes are important as they present an efficient solution for TMIS. We analyze the security of both Lee’s scheme and Xu et al.’s schemes. Unfortunately, we identify that both the schemes are vulnerable to denial of service attack. To understand the security failures of these cryptographic schemes which are the key of patching existing schemes and designing future schemes, we demonstrate the security loopholes of Lee’s scheme and Xu et al.’s scheme in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Boyd, C., and Mathuria, A., Protocols for authentication and key establishment: Springer, 2003.

  2. Brier, E., Clavier, C., and Olivier, F., Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems-CHES 2004, pp. 16–29: Springer, 2004.

  3. Cao, T., and Zhai, J., Improved dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–7, 2013.

    Article  MathSciNet  Google Scholar 

  4. Chen, H.M., Lo, J.W., and Yeh, C.K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  Google Scholar 

  5. Debiao, H., Jianhua, C., and Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  6. He, D., Kumar, N., Chilamkurti, N., and Lee, J.H., Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J. Med. Syst. 38(10):1–6, 2014.

    Article  Google Scholar 

  7. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., and Shalmani, M.T.M., On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Advances in Cryptology–CRYPTO 2008, pp. 203–220: Springer, 2008.

  8. Guo, C., and Chang, C.C., Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6):1433–1440, 2013.

    Article  MATH  MathSciNet  Google Scholar 

  9. Mishra, D., Das, A.K., and Mukhopadhyay, S., A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Networking and Applications 1–22, 2014. doi:10.1007/s12083-014-0321-z.

  10. Hao, X., Wang, J., Yang, Q., Yan, X., and Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):1–7, 2013.

    Article  Google Scholar 

  11. He, D., Chen, Y., and Chen, J., Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn. 69(3):1149–1157, 2012.

    Article  MATH  Google Scholar 

  12. Jiang, Q., Ma, J., Lu, X., and Tian, Y., Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J. Med. Syst. 38(2):1–8, 2014.

    Article  Google Scholar 

  13. Jiang, Q., Ma, J., Ma, Z., and Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37(1):1–8, 2013.

    Article  Google Scholar 

  14. Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. In: Advances in Cryptology-CRYPTO’99, pp. 388–397: Springer, 1999.

  15. Mishra, D., and Mukhopadhyay, S., Cryptanalysis of pairing-free identity-based authenticated key agreement protocols. In: Information Systems Security, pp. 247–254: Springer, 2013.

  16. Lee, C.C., Chen, C.L., Wu, C.Y., and Huang, S.Y., An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dyn. 69(1-2):79–87, 2012.

    Article  MATH  Google Scholar 

  17. Lee, T.F., An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 37(6):1–9, 2013.

    Article  Google Scholar 

  18. Lee, T.F., Chang, I.P., Lin, T.H., and Wang, C.C., A secure and efficient password-based user authentication scheme using smart cards for the integrated epr information system. J. Med. Syst. 37(3):1–7, 2013.

    Google Scholar 

  19. Li, S.H., Wang, C.Y., Lu, W.H., Lin, Y.Y., and Yen, D.C., Design and implementation of a telecare information platform. J. Med. Syst. 36(3):1629–1650, 2012.

    Article  Google Scholar 

  20. Lin, H.Y., On the security of a dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–5, 2013.

    Article  Google Scholar 

  21. Messerges, T.S., Dabbish, E.A., and Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. Comput. IEEE Trans. 51(5):541–552, 2002.

    Article  Google Scholar 

  22. Mishra, D., Srinivas, J., and Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10):1–10, 2014.

    Article  Google Scholar 

  23. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M.K., and Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5):1–11, 2014.

    Article  Google Scholar 

  24. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., and Khan, M.K., Cryptanalysis and improvement of Yan et al.s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):1–12, 2014.

    Article  Google Scholar 

  25. Tan, Z., A chaotic maps-based authenticated key agreement protocol with strong anonymity. Nonlinear Dyn. 1–10, 2013.

  26. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  Google Scholar 

  27. Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  Google Scholar 

  28. Xie, Q., Zhang, J., and Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–8, 2013.

    Article  Google Scholar 

  29. Xu, J., Zhu, W.T., and Feng, D.G., An improved smart card based password authentication scheme with provable security. Comput. Stand. & Interfaces 31(4):723–728, 2009.

    Article  Google Scholar 

  30. Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., and He, L., A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J. Med. Syst. 38(1):1–7, 2014.

    Article  Google Scholar 

  31. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838 , 2012.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, Indian Institute of Technology, Kharagpur, India

    Dheerendra Mishra

Authors
  1. Dheerendra Mishra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dheerendra Mishra.

Additional information

This article is part of the Topical Collection on Patient Facing Systems

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mishra, D. Understanding Security Failures of Two Authentication and Key Agreement Schemes for Telecare Medicine Information Systems. J Med Syst 39, 19 (2015). https://doi.org/10.1007/s10916-015-0193-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0193-7

Keywords

Search

Navigation