Skip to main content
SpringerLink
Log in

Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems

  • Patient Facing Systems
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

To protect the transmission of the sensitive medical data, a secure and efficient authenticated key agreement scheme should be deployed when the healthcare delivery session is established via Telecare Medicine Information Systems (TMIS) over the unsecure public network. Recently, Islam and Khan proposed an authenticated key agreement scheme using elliptic curve cryptography for TMIS. They claimed that their proposed scheme is provably secure against various attacks in random oracle model and enjoys some good properties such as user anonymity. In this paper, however, we point out that any legal but malicious patient can reveal other user’s identity. Consequently, their scheme suffers from server spoofing attack and off-line password guessing attack. Moreover, if the malicious patient performs the same time of the registration as other users, she can further launch the impersonation attack, man-in-the-middle attack, modification attack, replay attack, and strong replay attack successfully. To eliminate these weaknesses, we propose an improved ECC-based authenticated key agreement scheme. Security analysis demonstrates that the proposed scheme can resist various attacks and enables the patient to enjoy the remote healthcare services with privacy protection. Through the performance evaluation, we show that the proposed scheme achieves a desired balance between security and performance in comparisons with other related schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card based information system. J. Med. Syst. 24(4):213–234, 2000.

    Article  Google Scholar 

  2. Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., and Yen, D. C., Design and implementation of a telecare information platform. J. Med. Syst. 36(3):1629–1650, 2012.

    Article  Google Scholar 

  3. Perera, G., Holbrook, A., Thabane, L., Foster, G., and Willison, D., Views on health information sharing and privacy from primary care practices using electronic medical records. Int. J. Med. Inform. 80:94–101, 2011.

    Article  Google Scholar 

  4. Hur, J., and Kang, K., Dependable and secure computing in medical information systems. Comput. Commun. 36:20–28, 2012.

    Article  Google Scholar 

  5. Chen, H. M., Lo, J. W., and Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

    Article  Google Scholar 

  6. Jiang, Q., Ma, J., and Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-012-9897-0.

    Google Scholar 

  7. Wu, F., and Xu, L. L., Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-013-9958-z.

    Google Scholar 

  8. Kumari, S., Khan, M. K., and Kumar, R., Cryptanalysis and improvement of ‘a privacy enhanced scheme for telecare medical information systems’. J. Med. Syst. 2013. doi:10.1007/s10916-013-9952-5.

    Google Scholar 

  9. Das, A. K., and Goswami, A., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(3):1–16, 2013.

    Article  Google Scholar 

  10. Kim, K. W., and Lee, J. D., On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014-0017-1.

    Google Scholar 

  11. Srivastava, K., Awasthi, A. K., Kaul, S. D., and Mittal, R. C., A hash based mutual RFID tag authentication protocol in telecare medicine information system. J. Med. Syst. 2015. doi:10.1007/s10916-014-0153-7.

    Google Scholar 

  12. Xu, L. L., and Wu, F., Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J. Med. Syst. 2015. doi:10.1007/s10916-014-0179-x.

    Google Scholar 

  13. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  Google Scholar 

  14. He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  15. Wei, J. H., Hu, X. X., and Liu, W. F., An improved authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  Google Scholar 

  16. Zhu, Z. A., An efficient authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3833–3838, 2012.

    Article  Google Scholar 

  17. Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 2013. doi:10.1007/s10916-013-9954-3.

    Google Scholar 

  18. Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement for telecare medical information systems. J. Med. Syst. 2013. doi:10.1007/s10916-013-9933-8.

    Google Scholar 

  19. Muhaya, F. T. B., Cryptanalysis and security enhancement of Zhu’s authentication scheme for telecare medicine information system. Secur. Commun. Netw. 8(2):149–158, 2015.

    Article  Google Scholar 

  20. Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.

    Article  Google Scholar 

  21. Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 2013. doi:10.1007/s10916-013-9933-8.

    Google Scholar 

  22. Wen, F. T., and Guo, D. L., An improved anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014-0026-0.

    Google Scholar 

  23. Giri, D., Maitra, T., Amin, R., and Srivastava, P. D., An efficient and robust RSA-based remote user authentication for telecare medical information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014-0145-7.

    Google Scholar 

  24. Burrows, M., Abadi, M., and Needham, R., A logic of authentication. ACM Trans. Comput. Syst. 8(1):18–36, 1990.

    Article  Google Scholar 

  25. Ballare, M., and Rogaway, P., Entity authentication and key distribution. Proceedings on Advances in Cryptology (CRYPTO’93): Springer press, 22–26, 1993.

  26. Xu, X., Zhu, P., Wen, Q. Y., Jin, Z. P., Zhang, H., and He, L., A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information system. J. Med. Syst. 2014. doi:10.1007/s10916-013-9994-8.

    Google Scholar 

  27. Islam, S. H., and Khan, M. K., Cryptanalysis and improvement of authentication and key agreement protocols for telecare medical information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014- 0135-9.

    Google Scholar 

  28. Arshad, H., and Nikooghadam, M., Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014-0136-8.

    Google Scholar 

  29. Tan, Z. W., A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 2014. doi:10.1007/s10916-014-0016-2.

    Google Scholar 

  30. Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. Advance in cryptology. CRYPTO’99 1999; 1666: 788–797.

  31. Messages, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  MathSciNet  Google Scholar 

  32. Chang, Y. F., Yu, S. H., and Shiao, D. R., An uniqueness and anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 2013. doi:10.1007/s10916-012-9902-7.

    Google Scholar 

  33. He, D. B., An efficient remote user authentication and key agreement protocols for mobile client–server environment from pairings. Ad Hoc Netw. 10:1009–1016, 2012.

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by the National Natural Science Foundation of China [grant numbers 61303237, 61272469]; the Wuhan Scientific Research Program [grant number 2013010501010144]; China Postdoctoral Fund [grant number 2012194091]; and the Fundamental Research Funds for the Central Universities [Grant number 2013199037].

Author information

Authors and Affiliations

  1. Secure Communication Institute, China University of Geosciences, Wuhan, 430074, China

    Liping Zhang & Shaohui Zhu

Authors
  1. Liping Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shaohui Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shaohui Zhu.

Additional information

This article is part of the Topical Collection on Patient Facing Systems

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, L., Zhu, S. Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems. J Med Syst 39, 49 (2015). https://doi.org/10.1007/s10916-015-0233-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0233-3

Keywords

Search

Navigation