Abstract
The telecare medicine information system enables or supports health-care delivery services. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. In this paper, we propose a generic construction of smart-card-based password authentication protocol and prove its security. The proposed framework is superior to previous schemes in three following aspects : (1) our scheme is a true two-factor authentication scheme. (2) our scheme can yield a forward secure two-factor authentication scheme with user anonymity when appropriately instantiated. (3) our scheme utilizes each user’s unique identity to accomplish the user authentication and does not need to store or verify others’s certificates. And yet, our scheme is still reasonably efficient and can yield such a concrete scheme that is even more efficient than previous schemes. Therefore the end result is more practical for the telecare medicine system.
Similar content being viewed by others
References
Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee H.-C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2010. doi:10.1007/s10916-010-9614-9.
Hankerson, D., Menezes, A., Vanstone S. guide to elliptic curve cryptography. Springer-Verlag, New York, USA, 2004.
Koblitz, N., Elliptic curve cryptosystem. Mathematics of Computation, 48:203–209, 1987.
Juang, W.-S., Wu, J.-L., An efficient two-factor authenticated key exchange protocol based on elliptic curve cryptosystems. In Proc. of The 11th information management and implementation conference (IMI’05), pp. 299–306, 2005.
Lee, N.-Y., Wu, C.-N., Wang, C.-C., Authenticated multiple key exchange protocols based on elliptic curves and bilinear pairings. Computers & Electrical Engineering, 34(1):12–20, 2008.
Schroeppel, R., Orman, H., OMalley, S., Spatscheck, O., Fast key exchange with elliptic curve systems. In Proc. of Advances in Cryptology, CRYPTO’95, pp. 43–56, 1995.
Yang, J.-H., Chang, C.-C., An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers and Security, 28:138–143, 2009.
He, D., Chen, J., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2010. doi:10.1007/s10916-011-9658-5.
He, D., Chen, J., Hu, J., An ID-based client authentication with key agreement protocol for mobile clientCserver environment on ECC with provable security. Informat. Fusion, 2011. doi:10.1016/j.infus.2011.01.001.
Wang, R.-C., Juang, W.-S., Lei, C.-L., Provably secure and efficient identification and key agreement protocol with user anonymity. Journal of Computer and System Sciences, 2010. doi:10.1016/j.jcss.2010.07.004.
Lee, W.-B., Chang, C.-C., User identification and key distribution maintaining anonymity for distributed computer network. Comput. Syst. Sci. Engrg., 15 (4):113–116, 2000.
Wu,T.-S., Hsu, C.-L., Efficient user identification protocol with key distribution preserving anonymity for distributed computer networks. Computers & Security, 23(2):120–125, 2004.
Yang, Y., Wang, S., Bao, F., Wang, J., Deng, D.H., New efficient user identification and key distribution protocol providing enhanced security. Computers & Security, 23 (8):697–704, 2005.
Mangipudi, K., Katti, R., A secure identification and key agreement protocol with user anonymity (SIKA). Computers & Security, 25(6):420–425, 2006.
Yang, G., Wonga, D.S., Wang H., Deng X., Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74(7):1160–1172, 2008.
Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In Proceedings of advances in cryptology (CRYPTO 1999), 388–397, 1999.
Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart card security under the threat of power analysis attacks. IEEE Trans. on Computers, 51(5):541–552, 2002.
Quisquater, J.-J., Side channel attacks—State-of-the-art. Technical report. Available at: http://www.ipa.go.jp/security/enc/CRYPTREC/fy15/doc/1047_Side_Channel_report.pdf.
Bresson, E., Chevassut, O., Pointcheval, D., Security proofs for an efficient password-based key exchange. In Proc. of ACM CCS’03, pp. 241–250, ACM Press, Oct. 2003.
Bresson, E., Chevassut, O., Pointcheval, D., New security results on encrypted key exchange. In Proc. of PKC 2004, LNCS 2947, pp. 145–158, Springer-Verlag, Mar. 2004.
Wu, S.H., Zhu, Y.F., Practical encrypted key agreement using passwords. Wuhun University Journal of Natural Sciences, 11(6):1625–1628, Nov. 2006
Abdalla, M., and Pointcheval, D., Simple Password-Based Encrypted Key Exchange Protocols. In Proc. of CT-RSA’2005, LNCS 3376, pp. 191–208, Springer-Verlag.
Abdalla, M., Chevassut, O., and Pointcheval, D., One-time verifier-based encrypted key exchange. In Proc. of the 8th international workshop on theory and practice in public key (PKC ’05), LNCS 3386, pp. 47–64. Springer-Verlag, 2005.
Advanced Encryption Standard, http://www.csrc.nist.gov/archieve/aes/.
Wu, S.H., and Zhu, Y.F., Proof of Forward Security for Password-Based Authenticated Key Exchange. International Journal of Network Security, 7(3):335–341, Nov. 2008
Wong, D.S., Fuentes, H.H., Chan, A.H., The performance measurement of cryptographic primitives on palm devices. In Proc. of the 17th annual computer security applications conference (ACSAC 2001), pp. 92–101, 2001.
Argyroudis, P.G., Verma, R.,Tewari, H., OMahony, D., Performance analysis of cryptographic protocols on handheld devices. In Proc. of the 3rd IEEE international symposium on network computing and applications (NCA 2004), pp. 169–174, 2004.
Passing, M., Dressler, F., Experimental performance evaluation of cryptographic algorithms. In Proc. of the 3rd IEEE international conference on mobile adhoc and sensor systems (MASS), pp. 882–887, 2006.
Passing, M., Dressler, F., Practical evaluation of the performance impact of security mechanisms in sensor networks. In Proc. of the 31st IEEE conference on local computer networks, pp. 623–629, 2006.
Doomun, M.R., Soyjaudah, K.S.,Bundhoo, D., Energy consumption and computational analysis of Rijndael-AES. In Proc. of the third IEEE international conference in central asia on internet the next generation of mobile, wireless and optical communications Networks (ICI 2007), pp. 1–6, 2007.
Potlapally, N.R., Ravi, S., Raghunathan, A., Jha, N.K., A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing, 5(2):128–143, 2006.
Choo, K.-K. R., Boyd, C., and Hitchcock, Y., The importance of proofs of security for key establishment protocols: formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, & Yeh-Sun Protocols. Computer Communications, 29:2788–2797, 2006.
Chung, H.-R., Ku. W.-C., Three weaknesses in a simple three-party key exchange protocol. Information Science, 178:220–229, 2008.
Guo, H., Li, Z., Mu, Y., Zhang, X., Cryptanalysis of simple three-party key exchange protocol. Computers and Security, 27:16–21, 2008.
Phan, R. C. -W., Yau, W.-C.,Goi, B.-M., Cryptanalysis of simple three-party key exchange protocol (S-3PAKE). Information Science, 178: 2849–2856, 2008.
Kim, H.-S., Choi, J.-Y., Enhanced password-based simple three-party key exchange protocol. Computers and Electrical Engineering, 35:107–114, 2009.
Nam, J., Infringing and improving password security of a three-party key exchange protocol. Available at http://eprint.iacr.org/2008/065/.
Bellare, M., and Rogaway, P., Provably secure session key distribution — the three party case. In Proc. of 28th annual ACM symposium on theory of computing, pp. 57–66, ACM Press, 1996.
Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P., Universally composable password-based key exchange. In Proc. of EUROCRYPT 2005, LNCS 3494, pp. 404–421. Available at http://eprint.iacr.org/2005/196.pdf.
Author information
Authors and Affiliations
Corresponding author
Additional information
This work was supported in part by the National Natural Science Foundation of China (No. 91024131), Key Projects in Shanghai Science & Technology Pillar Program of energy saving and emission reducing (09DZ1203300), special fund of Informatization development program in Shanghai (2010-295), Key Basic Research Project of Shanghai Science and Technology Commission (10JC1415200), special fund of manufacturing information in Shanghai (10DZ1122402).
Rights and permissions
About this article
Cite this article
Pu, Q., Wang, J. & Zhao, R. Strong Authentication Scheme for Telecare Medicine Information Systems. J Med Syst 36, 2609–2619 (2012). https://doi.org/10.1007/s10916-011-9735-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-011-9735-9