An efficient and secure remote user mutual authentication scheme using smart cards for Telecare medical information systems

Abstract

Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks. Several smart card based password authentication schemes for Telecare Medical Information Systems (TMIS) have been proposed in the literature. Recently, Lee et al. proposed an authentication scheme for TMIS and then they claimed that their scheme is able to resist various attacks. However, in this paper we demonstrate that Lee et al. scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of Lee et al. scheme, we present a secure authentication scheme for TMIS. Moreover, the proposed scheme can also resist all known attacks. We prove the security of the proposed scheme with the help of widely-accepted random Oracle model. Finally, we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.