Abstract
Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.’s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.’s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.’s authentication protocol for TMIS but also provides better security with high system efficiency.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Azevedo, S.G., and Ferreira, J.J., Radio frequency identification: a case study of healthcare organisations. Int. J. Secur. Netw. 5(2/3):147–155, 2010.
Chang, Y.F., Yu, S.H., Shiao, D.R., A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.
Chen, Y.Y., Huang, D.C., Tsai, M.L., Jan, J.K., A design of tamper resistant prescription RFID access control system. J. Med. Syst. 36(5):2795–2801, 2012.
Chien, H.Y., Yang, C.C., Wu, T.C., Lee, C.F., Two RFID-based solutions to enhance inpatient medication safety. J. Med. Syst. 35(3):369–375, 2011.
Cho, J.S., Yeo, S.S., Kim, S.K., Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Comput. Commun. 34(3):391–397, 2011.
Dyreson, C.E., and Snodgrass, R.T., Timestamp semantics and representation. Inf. Syst. 18(3):143–166, 1993.
He, D., Chen, J., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.
He, D., Kumar, N., Chilamkurti, N., Lee, J.H., Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J. Med. Syst. 38:116, 2014.
He, D., and Zeadally, S., Authentication protocol for ambient assisted living system. IEEE Commun. Mag. 35(1):71–77, 2015.
He, D., Kumar, N., Chilamkurti, N., A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci., 2015. doi:10.1016/j.ins.2015.02.010..
He, D., Kumar, N., Chen, J., Robust anonymous authentication protocol for healthcare applications using wireless medical sensor networks. Multimedia Systems 21(1):49–60, 2015.
Huang, H.H., and Ku, C.Y., A RFID grouping proof protocol for medication safety of inpatient. J. Med. Syst. 33(6):467–474, 2009.
Kaul, S.D., and Awasthi, A.K., RFID authentication protocol to enhance patient medication safety. J. Med. Syst. 37(6):1–6, 2013.
Kim, H.S., Enhanced hash-based RFID mutual authentication protocol. Commun. Comput. Inform. Sci. 339:70–77, 2012.
Kim, H.S., RFID mutual authentication protocol based on synchronized secret. Int. J. Secur. Appl. 7(4):37–50, 2013.
Lee, C.C., Chen, C.T., Li, C.T., Wu, P.H., A practical RFID authentication mechanism for digital television. Telecommun. Syst. 57(3):239–246, 2014.
Lee, C.C., Chiu, S.T., Li, C.T., Improving security of a communication-efficient three-party password authenticated key exchange protocol. Int. J. Netw. Secur. 17(1):1–6, 2015.
Li, C.T., and Hwang, M.S., An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.
Li, C.T., and Lee, C.C., A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Math. Comput. Model. 55(1-2):35–44, 2012.
Li, C.T., Lee, C.C., Weng, C.Y., Fan, C.I., A RFID-based macro-payment scheme with security and authentication for retailing services. ICIC Express Letters 6(12):3163–3170, 2012.
Li, C.T., Lee, C.C., Weng, C.Y., An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dyn. 74(4): 1133–1143, 2013.
Li, C.T., Lee, C.C., Weng, C.Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. J. Med. Syst. 38(9):77, 2014.
Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38:120 , 2015.
Peris-Lopez, P., Orfila, A., Mitrokotsaand, A., van der Lubbe, J. C. A., A comprehensive RFID solution to enhance inpatient medication safety. Int. J. Med. Inform. 80(1):13–24, 2011.
Ramasamy, R., and Muniyandi, A.P., An efficient password authentication scheme for smart card. Int. J. Netw. Secur. 14(3):180–186, 2012.
National Institute of Standards and Technology: US department of commerce, secure hash standard, US Federal Information Processing Standard Publication (2002)
Sun, P.R., Wang, B.H., Wu, F., A new method to guard inpatient medication safety by the implementation of RFID. J. Med. Syst. 32(4):327–332, 2008.
Srivastava, K., Awasthi, A.K., Kaul, S.D., Mittal, R.C., A hash based mutual RFID tag authentication protocol in telecare medicine information system. J. Med. Syst. 39:153, 2015.
Wu, S., Chen, K., Zhu, Y., A secure lightweight RFID binding proof protocol for medication errors and patient safety. J. Med. Syst. 36(5):2743–2749, 2012.
Wyld, D., Preventing the worst case scenario: an analysis of RFID technology and infant protection in hospitals. The Internet Journal of Healthcare Administration 7(1), 2009.
Yang, L., Ma, J.F., Jiang, Q., Mutual authentication scheme with smart cards and password under trusted computing. Int. J. Netw. Secur. 14(3):156–163, 2012.
Yen, Y.C., Lo, N.W., Wu, T.C., Two RFID-based solutions for secure inpatient medication administration. J. Med. Syst. 36(5):2769–2778, 2012.
Yu, Y., Houand, T., Chiang, T., Low cost RFID real lightweight binding proof protocol for medication errors and patient safety. J. Med. Syst. 36(2):823–828, 2012.
Acknowledgments
The authors would like to thank the anonymous referee for their valuable discussions and comments. Moreover, this research was partially supported by the Ministry of Science and Technology, Taiwan, R.O.C., under contract no.: MOST 103-2221-E-165-003 and MOST 103-2221-E-030-016.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Systems-Level Quality Improvement
Rights and permissions
About this article
Cite this article
Li, CT., Weng, CY. & Lee, CC. A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System. J Med Syst 39, 77 (2015). https://doi.org/10.1007/s10916-015-0260-0
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-015-0260-0