Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems

Arshad, Hamed; Nikooghadam, Morteza

doi:10.1007/s10916-014-0136-8

Cited by 114 publications

(89 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The essence of the active tracking resistance of the proposed scheme is that each calculation of Auth = ( + TK 2 ) ⊕ ( 1 + TK 1 ) involves the confusion value ( 1 + TK 1 ), where the computation of TK 1 needs either tag's secret 2 or the server's private key ; therefore, International Journal of Distributed Sensor Networks 5 Arshad and Nikooghadam [12] Liao and Hsiao [9] He et al [13] Ours The server's computational cost Server Spoofing Attack Resistance. To impersonate the server, the adversary must be able to generate a valid message 3 = {Auth }, where 1 = 1 and Auth = ( +2TK 2 )⊕2 ( 1 + TK 1 ).…”

Section: Security Analysismentioning

confidence: 99%

An Elliptic Curve Cryptography-Based RFID Authentication Securing E-Health System

Lee

Chien

2015

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

Mobile healthcare (M-health) systems can monitor the patients' conditions remotely and provide the patients and doctors with access to electronic medical records, and Radio Frequency Identification (RFID) technology plays an important role in M-health services. It is important to securely access RFID data in M-health systems: here, authentication, privacy, anonymity, and tracking resistance are desirable security properties. In 2014, He et al. proposed an elliptic curve cryptography-(ECC-) based RFID authentication protocol which is quite attractive to M-health applications, owing to its claimed performance of security, scalability, and efficiency. Unfortunately, we find their scheme fails to achieve the privacy protection if an adversary launches active tracking attacks. In this paper, we demonstrate our active attack on He et al. 's scheme and propose a new scheme to improve the security. Performance evaluation shows the improved scheme could meet the challenges of M-health applications.

show abstract

Section: Security Analysismentioning

confidence: 99%

An Elliptic Curve Cryptography-Based RFID Authentication Securing E-Health System

Lee

Chien

2015

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

show abstract

“…By using TMISs, patients (especially in hard-to-reach places and rural areas) can stay at their home and obtain healthcare services at the right time and lower cost. Patients can send their body parameters which indicate their health condition to medical servers and receive a proper treatment from doctors [1,2]. These systems not only reduces patients expenses and problems, but also can save precious resources in hospitals, such as veteran doctors, beds, medical devices and so on.…”

Section: Introductionmentioning

confidence: 99%

On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems

et al. 2015

Self Cite

View full text Add to dashboard Cite

Telecare medicine information systems (TMISs) aim to deliver appropriate healthcare services in an efficient and secure manner to patients. A secure mechanism for authentication and key agreement is required to provide proper security in these systems. Recently, Bin Muhaya demonstrated some security weaknesses of Zhu's authentication and key agreement scheme and proposed a security enhanced authentication and key agreement scheme for TMISs. However, we show that Bin Muhaya's scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned weaknesses, we propose a new two-factor anonymous authentication and key agreement scheme using the elliptic curve cryptosystem. Security and performance analyses demonstrate that the proposed scheme not only overcomes the weaknesses of Bin Muhaya's scheme, but also is about 2.73 times faster than Bin Muhaya's scheme.

show abstract

“…Since the authentication mechanism can prevent the medical resources from being accessed by malicious attackers and the session key can encrypt the packets to ensure the confidentiality of medical data [3,4]. Hitherto, many authentication and key agreement schemes have been proposed to provide security in TMIS, which can be classified into ones [5][6][7][8][9][10][11][12] using symmetric key cryptography only and ones using public key cryptography [13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28].…”

Section: Introductionmentioning

confidence: 99%

“…But the time-consuming modular exponentiation operation involving these schemes is not suitable for the wireless medical devices with limited computational capability. To address the problem, several authentication schemes [26][27][28][29] based on the elliptic curve cryptography (ECC) were presented. Compared with RSA, ECC provides better performance since it achieves same security level with smaller key size.…”

Section: Introductionmentioning

confidence: 99%

Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems

Zhang

Zhu

2015

J Med Syst

View full text Add to dashboard Cite

To protect the transmission of the sensitive medical data, a secure and efficient authenticated key agreement scheme should be deployed when the healthcare delivery session is established via Telecare Medicine Information Systems (TMIS) over the unsecure public network. Recently, Islam and Khan proposed an authenticated key agreement scheme using elliptic curve cryptography for TMIS. They claimed that their proposed scheme is provably secure against various attacks in random oracle model and enjoys some good properties such as user anonymity. In this paper, however, we point out that any legal but malicious patient can reveal other user's identity. Consequently, their scheme suffers from server spoofing attack and off-line password guessing attack. Moreover, if the malicious patient performs the same time of the registration as other users, she can further launch the impersonation attack, man-in-the-middle attack, modification attack, replay attack, and strong replay attack successfully. To eliminate these weaknesses, we propose an improved ECC-based authenticated key agreement scheme. Security analysis demonstrates that the proposed scheme can resist various attacks and enables the patient to enjoy the remote healthcare services with privacy protection. Through the performance evaluation, we show that the proposed scheme achieves a desired balance between security and performance in comparisons with other related schemes.

show abstract

Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems

Cited by 114 publications

References 49 publications

An Elliptic Curve Cryptography-Based RFID Authentication Securing E-Health System

An Elliptic Curve Cryptography-Based RFID Authentication Securing E-Health System

On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems

Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems

Contact Info

Product

Resources

About