Na Dong scite author profile

Telecare Medical Information Systems (TMIS) provide an effective way to enhance the medical process between doctors, nurses and patients. For enhancing the security and privacy of TMIS, it is important while challenging to enhance the TMIS so that a patient and a doctor can perform mutual authentication and session key establishment using a third-party medical server while the privacy of the patient can be ensured. In this paper, we propose an anonymous three-party password-authenticated key exchange (3PAKE) protocol for TMIS. The protocol is based on the efficient elliptic curve cryptosystem. For security, we apply the pi calculus based formal verification tool ProVerif to show that our 3PAKE protocol for TMIS can provide anonymity for patient and doctor while at the same time achieves mutual authentication and session key security. The proposed scheme is secure and efficient, and can be used in TMIS.

show abstract

Robust Anonymous Authentication Scheme for Telecare Medical Information Systems

Xie

Zhang²,

Dong

2013

J Med Syst

View full text Add to dashboard Cite

Patient can obtain sorts of health-care delivery services via Telecare Medical Information Systems (TMIS). Authentication, security, patient's privacy protection and data confidentiality are important for patient or doctor accessing to Electronic Medical Records (EMR). In 2012, Chen et al. showed that Khan et al.'s dynamic ID-based authentication scheme has some weaknesses and proposed an improved scheme, and they claimed that their scheme is more suitable for TMIS. However, we show that Chen et al.'s scheme also has some weaknesses. In particular, Chen et al.'s scheme does not provide user's privacy protection and perfect forward secrecy, is vulnerable to off-line password guessing attack and impersonation attack once user's smart card is compromised. Further, we propose a secure anonymity authentication scheme to overcome their weaknesses even an adversary can know all information stored in smart card.

show abstract

Cryptanalysis and security enhancement of a robust two‐factor authentication and key agreement protocol

Xie

Dong

Wong

et al. 2014

Int J Communication

View full text Add to dashboard Cite

Summary Two‐factor user authentication scheme allows a user to use a smart card and a password to achieve mutual authentication and establish a session key between a server and a user. In 2012, Chen et al. showed that the scheme of Sood et al. does not achieve mutual authentication and is vulnerable to off‐line password guessing and smart card stolen attacks. They also found that another scheme proposed by Song is vulnerable to similar off‐line password guessing and smart card stolen attacks. They further proposed an improved scheme. In this paper, we first show that the improved scheme of Chen et al. still suffers from off‐line password guessing and smart card stolen attacks, does not support perfect forward secrecy, and lacks the fairness of session key establishment. We then propose a new security‐enhanced scheme and show its security and authentication using the formal verification tool ProVerif, which is based on applied pi calculus. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Improvement of a Three-Party Password-Based Key Exchange Protocol with Formal Verification

Xie

Dong

Tan

et al. 2013

ITC

View full text Add to dashboard Cite

A Three-Party Password-based Authenticated Key Exchange (3PAKE) protocol allows two users to establish a secure session key over an insecure communication channel with the help of a third party, which is a trusted server. Recently, Lou and Huang proposed a 3PAKE which is efficient and suitable for running on resourceconstrained devices such as smart cards and mobile phones. In this paper, we show that their scheme is vulnerable to off-line password guessing attack and partition attack. We then propose an efficient method to fix these problems. Additionally, the mutual authentication and session key secrecy of the proposed protocol are verified using a formal verification tool.

show abstract

Secure Mobile User Authentication and Key Agreement Protocol with Privacy Protection in Global Mobility Networks

Xie

Bao

Dong

et al. 2013

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Na Dong

Anonymous Three-Party Password-Authenticated Key Exchange Scheme for Telecare Medical Information Systems

Robust Anonymous Authentication Scheme for Telecare Medical Information Systems

Cryptanalysis and security enhancement of a robust two‐factor authentication and key agreement protocol

Improvement of a Three-Party Password-Based Key Exchange Protocol with Formal Verification

Secure Mobile User Authentication and Key Agreement Protocol with Privacy Protection in Global Mobility Networks

Contact Info

Product

Resources

About