SUMMARYRecently, Yoon et al. and Wang et al. independently proposed a dynamic ID authentication scheme and claimed that their schemes can withstand the risk of ID-theft, and several attacks. In this paper, we first demonstrate that both of the proposed schemes cannot achieve the security requirement for user anonymity and resist an impersonation attack yet. Then, we shall propose a new dynamic ID authentication scheme to overcome the above security weaknesses. We formally analyzed our proposed scheme with the BAN-logic and shown that it can withstand the several possible attacks.
Electronic healthcare (e-health) has gained more and more research attention in recent years, due to its flexibility and convenience. E-health is efficiently enabled by telecare medicine information system (TMIS). TMIS provides seamless transfer and timely sharing of medical information for specific healthcare services. Since communications in TMIS are carried out through unreliable channels, data security and user privacy concerns become prominent. With traditional single-server architecture, users must store massive credentials, which causes inefficient communication and significant overhead. Moreover, user credentials in previously proposed schemes are stored at server side, suffering potential risks. Our work proposes a three-factor user-controlled single sign-on (UCSSO) with fast authentication and privacy protection for TMIS. The contributions of this paper are as follows. Our work integrates three factors including password, smart card and biometrics in authentication procedure, for providing a high-security and privacy-preserved communication. We introduce single sign-on solution that allows users to log in to multiple servers using a single password. User-controlled mechanism is proposed to address insider attacks and the risk that registration center may be compromised. The proposed scheme is designed with fast authentication mechanism that helps to efficiently establishes new session key. Our work is proved secure using BAN logic, ROR model, and AVISPA toolset. The results of performance comparison show that our scheme provides more security properties and bears the least overhead, compared with competitive schemes.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.