On the Security of A Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems

Lin, Han-Yu

doi:10.1007/s10916-013-9929-4

Cited by 40 publications

(37 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this study, we discuss the disadvantage of inefficient login and password change phases of some of the recently published schemes for TMIS [3,30,40,42]. We also demonstrate how inefficient password change phase leads to denial of service attack in [30,42] where an authorized user cannot login to the server using his valid smart card. Moreover, we point out how inefficient login phase can cause extra communication and computation overhead.…”

Section: Introductionmentioning

confidence: 94%

“…In 2013, Lin [30] proposed an improvement of Chen el al. 's dynamic ID-based authentication scheme for TMIS [4].…”

Section: Review Of Lin's Dynamic Id-based Authentication Scheme For Tmismentioning

confidence: 99%

“…Their scheme protects anonymity and it is efficient as it requires the computation of only hash functions. Recently, the articles [3,23,30,42] have demonstrated the weaknesses of Chen et al's scheme to achieve security goals. In this regard, Cao and Zhai [3] demonstrated that Chen et al's scheme is vulnerable to an off-line identity guessing attack and undetectable on-line password guessing attack using stolen smart card.…”

Section: Introductionmentioning

confidence: 99%

“…Their scheme also protects anonymity, but it requires computation of exponential operations. Lin [30] pointed out that user identity is compromised under the dictionary attack and password can be derived with the stolen smart card in Chen et al's scheme. He also proposed an improved scheme which efficiently resists dictionary attack and protects anonymity, but requites the computation of exponential operations.…”

Section: Introductionmentioning

confidence: 99%

“…Our contribution Many of the schemes [29,30,38,[42][43][44] fails to present efficient password change phase, which causes denial of service scenario in case of incorrect input in password change phase. A single mistake in password change phase does not allow a user to login to the server using the same smart card.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

On the Security Flaws in ID-based Password Authentication Schemes for Telecare Medical Information Systems

Mishra

2014

J Med Syst

View full text Add to dashboard Cite

Telecare medical information systems (TMIS) enable healthcare delivery services. However, access of these services via public channel raises security and privacy issues. In recent years, several smart card based authentication schemes have been introduced to ensure secure and authorized communication between remote entities over the public channel for the (TMIS). We analyze the security of some of the recently proposed authentication schemes of Lin, Xie et al., Cao and Zhai, and Wu and Xu's for TMIS. Unfortunately, we identify that these schemes failed to satisfy desirable security attributes. In this article we briefly discuss four dynamic ID-based authentication schemes and demonstrate their failure to satisfy desirable security attributes. The study is aimed to demonstrate how inefficient password change phase can lead to denial of server scenario for an authorized user, and how an inefficient login phase causes the communication and computational overhead and decrease the performance of the system. Moreover, we show the vulnerability of Cao and Zhai's scheme to known session specific temporary information attack, vulnerability of Wu and Xu's scheme to off-line password guessing attack, and vulnerability of Xie et al.'s scheme to untraceable on-line password guessing attack.

show abstract

Section: Introductionmentioning

confidence: 94%

“…In 2013, Lin [30] proposed an improvement of Chen el al. 's dynamic ID-based authentication scheme for TMIS [4].…”

Section: Review Of Lin's Dynamic Id-based Authentication Scheme For Tmismentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

On the Security Flaws in ID-based Password Authentication Schemes for Telecare Medical Information Systems

Mishra

2014

J Med Syst

View full text Add to dashboard Cite

show abstract

Efficient mobile dynamic ID authentication and key agreement scheme without trusted servers

Lin

2014

Int J Communication

Self Cite

View full text Add to dashboard Cite

Remote user authentication schemes allow an authorized user to access the resources of remote servers. A dynamic ID authentication scheme further provides the property of user anonymity, that is, information of user identification will not be compromised even if communicated messages are intercepted. When it comes to the mobile user authentication, the client-side processing capability is usually concerned the most. In this paper, the author proposes an efficient mobile dynamic ID authentication and key agreement scheme without trusted servers. For facilitating the application of mobile devices with limited processing capability, our scheme is optimized for the client-side computation. Moreover, compared with related works, the proposed scheme is also more secure.

show abstract

An authentication strategy based on spatiotemporal chaos for software copyright protection

Cao

Luo

et al. 2015

Security Comm Networks

View full text Add to dashboard Cite

An authentication strategy is proposed in this paper for embedded system software copyright protection. It employs a chaotic coupled map lattices (CML) system to generate the pseudo‐random numbers, which are used to construct message authentication codes (MAC) for embedded system authentication. The CML has multiple lattices where the adjacent lattices have coupled effect. When the system initial condition (e.g. lattice values and system parameters) has a marginal change, the output will have a significant change. Therefore, the proposed scheme is highly secure as the final MAC is almost impossible to be compromised. The experiment is conducted on the platform of field programmable gate array, and its corresponding results demonstrate that the proposed strategy achieved a good security performance, a high computing speed and a relatively low area overhead. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

On the Security of A Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems

Cited by 40 publications

References 21 publications

On the Security Flaws in ID-based Password Authentication Schemes for Telecare Medical Information Systems

On the Security Flaws in ID-based Password Authentication Schemes for Telecare Medical Information Systems

Efficient mobile dynamic ID authentication and key agreement scheme without trusted servers

An authentication strategy based on spatiotemporal chaos for software copyright protection

Contact Info

Product

Resources

About