Skip to main content
SpringerLink
Log in

Strong Authentication Scheme for Telecare Medicine Information Systems

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The telecare medicine information system enables or supports health-care delivery services. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. In this paper, we propose a generic construction of smart-card-based password authentication protocol and prove its security. The proposed framework is superior to previous schemes in three following aspects : (1) our scheme is a true two-factor authentication scheme. (2) our scheme can yield a forward secure two-factor authentication scheme with user anonymity when appropriately instantiated. (3) our scheme utilizes each user’s unique identity to accomplish the user authentication and does not need to store or verify others’s certificates. And yet, our scheme is still reasonably efficient and can yield such a concrete scheme that is even more efficient than previous schemes. Therefore the end result is more practical for the telecare medicine system.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee H.-C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2010. doi:10.1007/s10916-010-9614-9.

    Google Scholar 

  2. Hankerson, D., Menezes, A., Vanstone S. guide to elliptic curve cryptography. Springer-Verlag, New York, USA, 2004.

    Google Scholar 

  3. Koblitz, N., Elliptic curve cryptosystem. Mathematics of Computation, 48:203–209, 1987.

    Article  MathSciNet  MATH  Google Scholar 

  4. Juang, W.-S., Wu, J.-L., An efficient two-factor authenticated key exchange protocol based on elliptic curve cryptosystems. In Proc. of The 11th information management and implementation conference (IMI’05), pp. 299–306, 2005.

  5. Lee, N.-Y., Wu, C.-N., Wang, C.-C., Authenticated multiple key exchange protocols based on elliptic curves and bilinear pairings. Computers & Electrical Engineering, 34(1):12–20, 2008.

    Article  MATH  Google Scholar 

  6. Schroeppel, R., Orman, H., OMalley, S., Spatscheck, O., Fast key exchange with elliptic curve systems. In Proc. of Advances in Cryptology, CRYPTO’95, pp. 43–56, 1995.

  7. Yang, J.-H., Chang, C.-C., An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers and Security, 28:138–143, 2009.

    Article  Google Scholar 

  8. He, D., Chen, J., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2010. doi:10.1007/s10916-011-9658-5.

    Google Scholar 

  9. He, D., Chen, J., Hu, J., An ID-based client authentication with key agreement protocol for mobile clientCserver environment on ECC with provable security. Informat. Fusion, 2011. doi:10.1016/j.infus.2011.01.001.

    Google Scholar 

  10. Wang, R.-C., Juang, W.-S., Lei, C.-L., Provably secure and efficient identification and key agreement protocol with user anonymity. Journal of Computer and System Sciences, 2010. doi:10.1016/j.jcss.2010.07.004.

    Google Scholar 

  11. Lee, W.-B., Chang, C.-C., User identification and key distribution maintaining anonymity for distributed computer network. Comput. Syst. Sci. Engrg., 15 (4):113–116, 2000.

    MathSciNet  Google Scholar 

  12. Wu,T.-S., Hsu, C.-L., Efficient user identification protocol with key distribution preserving anonymity for distributed computer networks. Computers & Security, 23(2):120–125, 2004.

    Article  Google Scholar 

  13. Yang, Y., Wang, S., Bao, F., Wang, J., Deng, D.H., New efficient user identification and key distribution protocol providing enhanced security. Computers & Security, 23 (8):697–704, 2005.

    Article  Google Scholar 

  14. Mangipudi, K., Katti, R., A secure identification and key agreement protocol with user anonymity (SIKA). Computers & Security, 25(6):420–425, 2006.

    Article  Google Scholar 

  15. Yang, G., Wonga, D.S., Wang H., Deng X., Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74(7):1160–1172, 2008.

    Article  MathSciNet  MATH  Google Scholar 

  16. Kocher, P., Jaffe, J., Jun, B., Differential power analysis. In Proceedings of advances in cryptology (CRYPTO 1999), 388–397, 1999.

  17. Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart card security under the threat of power analysis attacks. IEEE Trans. on Computers, 51(5):541–552, 2002.

    Article  MathSciNet  Google Scholar 

  18. Quisquater, J.-J., Side channel attacks—State-of-the-art. Technical report. Available at: http://www.ipa.go.jp/security/enc/CRYPTREC/fy15/doc/1047_Side_Channel_report.pdf.

  19. Bresson, E., Chevassut, O., Pointcheval, D., Security proofs for an efficient password-based key exchange. In Proc. of ACM CCS’03, pp. 241–250, ACM Press, Oct. 2003.

  20. Bresson, E., Chevassut, O., Pointcheval, D., New security results on encrypted key exchange. In Proc. of PKC 2004, LNCS 2947, pp. 145–158, Springer-Verlag, Mar. 2004.

  21. Wu, S.H., Zhu, Y.F., Practical encrypted key agreement using passwords. Wuhun University Journal of Natural Sciences, 11(6):1625–1628, Nov. 2006

    Article  MathSciNet  MATH  Google Scholar 

  22. Abdalla, M., and Pointcheval, D., Simple Password-Based Encrypted Key Exchange Protocols. In Proc. of CT-RSA’2005, LNCS 3376, pp. 191–208, Springer-Verlag.

  23. Abdalla, M., Chevassut, O., and Pointcheval, D., One-time verifier-based encrypted key exchange. In Proc. of the 8th international workshop on theory and practice in public key (PKC ’05), LNCS 3386, pp. 47–64. Springer-Verlag, 2005.

  24. Advanced Encryption Standard, http://www.csrc.nist.gov/archieve/aes/.

  25. Wu, S.H., and Zhu, Y.F., Proof of Forward Security for Password-Based Authenticated Key Exchange. International Journal of Network Security, 7(3):335–341, Nov. 2008

    Google Scholar 

  26. Wong, D.S., Fuentes, H.H., Chan, A.H., The performance measurement of cryptographic primitives on palm devices. In Proc. of the 17th annual computer security applications conference (ACSAC 2001), pp. 92–101, 2001.

  27. Argyroudis, P.G., Verma, R.,Tewari, H., OMahony, D., Performance analysis of cryptographic protocols on handheld devices. In Proc. of the 3rd IEEE international symposium on network computing and applications (NCA 2004), pp. 169–174, 2004.

  28. Passing, M., Dressler, F., Experimental performance evaluation of cryptographic algorithms. In Proc. of the 3rd IEEE international conference on mobile adhoc and sensor systems (MASS), pp. 882–887, 2006.

  29. Passing, M., Dressler, F., Practical evaluation of the performance impact of security mechanisms in sensor networks. In Proc. of the 31st IEEE conference on local computer networks, pp. 623–629, 2006.

  30. Doomun, M.R., Soyjaudah, K.S.,Bundhoo, D., Energy consumption and computational analysis of Rijndael-AES. In Proc. of the third IEEE international conference in central asia on internet the next generation of mobile, wireless and optical communications Networks (ICI 2007), pp. 1–6, 2007.

  31. Potlapally, N.R., Ravi, S., Raghunathan, A., Jha, N.K., A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing, 5(2):128–143, 2006.

    Article  Google Scholar 

  32. Choo, K.-K. R., Boyd, C., and Hitchcock, Y., The importance of proofs of security for key establishment protocols: formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, & Yeh-Sun Protocols. Computer Communications, 29:2788–2797, 2006.

    Article  Google Scholar 

  33. Chung, H.-R., Ku. W.-C., Three weaknesses in a simple three-party key exchange protocol. Information Science, 178:220–229, 2008.

    Article  MathSciNet  MATH  Google Scholar 

  34. Guo, H., Li, Z., Mu, Y., Zhang, X., Cryptanalysis of simple three-party key exchange protocol. Computers and Security, 27:16–21, 2008.

    Article  Google Scholar 

  35. Phan, R. C. -W., Yau, W.-C.,Goi, B.-M., Cryptanalysis of simple three-party key exchange protocol (S-3PAKE). Information Science, 178: 2849–2856, 2008.

    Article  MathSciNet  MATH  Google Scholar 

  36. Kim, H.-S., Choi, J.-Y., Enhanced password-based simple three-party key exchange protocol. Computers and Electrical Engineering, 35:107–114, 2009.

    Article  MATH  Google Scholar 

  37. Nam, J., Infringing and improving password security of a three-party key exchange protocol. Available at http://eprint.iacr.org/2008/065/.

  38. Bellare, M., and Rogaway, P., Provably secure session key distribution — the three party case. In Proc. of 28th annual ACM symposium on theory of computing, pp. 57–66, ACM Press, 1996.

  39. Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P., Universally composable password-based key exchange. In Proc. of EUROCRYPT 2005, LNCS 3494, pp. 404–421. Available at http://eprint.iacr.org/2005/196.pdf.

Download references

Author information

Authors and Affiliations

  1. CIMS Research Center, Tongji University, Shanghai, 201804, China

    Qiong Pu, Jian Wang & Rongyong Zhao

  2. State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, China

    Qiong Pu

  3. Department of Electronics, Science Institute, Information Engineering University, Zhengzhou, China

    Qiong Pu

Authors
  1. Qiong Pu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rongyong Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qiong Pu.

Additional information

This work was supported in part by the National Natural Science Foundation of China (No. 91024131), Key Projects in Shanghai Science & Technology Pillar Program of energy saving and emission reducing (09DZ1203300), special fund of Informatization development program in Shanghai (2010-295), Key Basic Research Project of Shanghai Science and Technology Commission (10JC1415200), special fund of manufacturing information in Shanghai (10DZ1122402).

Rights and permissions

Reprints and permissions

About this article

Cite this article

Pu, Q., Wang, J. & Zhao, R. Strong Authentication Scheme for Telecare Medicine Information Systems. J Med Syst 36, 2609–2619 (2012). https://doi.org/10.1007/s10916-011-9735-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10916-011-9735-9

Keywords

Search

Navigation